Some users with active accounts are reporting an expired account notification when viewing the embedded locations on their website.
Reproduction
- Login as SA on staging
- Switch to user: alice_at_pt*
- Generate Embed and place it on a test domain (not *storelocatorplus.com)
Notes
Generate embed works for these users on both production and staging servers.
Embedding the code on our QC site also works.
Embedding on localhost or a non-storelocatorplus.com domain does NOT work.
On a storelocatorplus.com domain DOES work even if not on the same server (host).
Alice_au UID: 416
The MySLP front end uses a REST endpoint to load options from the SLP server.
Part of that request includes the MySLP API key.
\MySLP_REST_API::check_activation() uses this key to fetch a user record via a meta_key+meta_value match.
The match was found, returning a user but the subsequent call to test account_status === ‘active’ failed.
This was because the \MySLP_User setters and getters do not yet have a fully initialized user object, especially coming from a REST API call. This check_activation() looks like the first user authentication that is set.
The revised code in MySLP Dashboard 2502.24.01 patch shown below manually loads in the MySLP_User class with the WP_User object in wp_user, the UID in ID, and then fetches the user meta and pushed it into the MySLP_User->user_meta property.
$user = get_users( array(
'meta_key' => 'api-key',
'meta_value' => $API_key,
) );
if ( ! empty( $user ) && ! is_wp_error( $user ) ) {
$user = ( is_array( $user ) ) ? array_shift( $user ) : $user;
//check account_status
global $myslp;
$myslp->User->__set( 'ID', $user->ID );
$myslp->User->__set( 'wp_user', $user );
$myslp->User->__set( 'user_meta', get_user_meta( $user->ID ) );
// error_log( 'SLP_REST_API::check_activation myslp User: ' . print_r( $myslp->User, true ) );
if ( 'active' !== $myslp->User->account_status ) {