Fix Stripe Connect button to save settings before OAuth redirect

[superdav42]

Summary

• The "Connect with Stripe" button was an <a> link that navigated directly to the OAuth init URL without saving settings first
• When a user enabled Stripe and toggled sandbox mode for the first time, the unsaved settings meant the OAuth flow used the wrong Stripe environment (live instead of test, or vice versa)
• Changed the connect button to a <button type="submit"> that submits the settings form, saving all settings before redirecting to the OAuth init URL
• Added a wu_settings_save_redirect filter in the settings save handler so gateways can intercept the redirect after save

Test plan

• Enable Stripe gateway for the first time, toggle sandbox mode ON, click "Connect with Stripe" — verify settings are saved and OAuth starts in test mode
• With sandbox mode already saved OFF, click "Connect with Stripe" — verify OAuth starts in live mode
• Normal settings save (without clicking Connect) still redirects to the settings page with ?updated=1

🤖 Generated with Claude Code

Summary by CodeRabbit

• Improvements
  • Enhanced Stripe account connection workflow to save configuration settings before initiating OAuth authorization, ensuring a more reliable and secure integration setup experience.

[coderabbitai]

📝 Walkthrough

Walkthrough

The settings save flow now supports redirect overrides via a new wu_settings_save_redirect filter hook. The Stripe gateway registers on this hook to redirect users to Stripe OAuth when the connect button is clicked, replacing direct link navigation with form-submission-first behavior.

Changes

Cohort / File(s)	Summary
Settings Save Redirect Hook inc/admin-pages/class-settings-admin-page.php	Introduces wu_settings_save_redirect filter hook to allow components to override the redirect URL after settings are saved, enabling custom redirect flows.
Stripe OAuth Integration inc/gateways/class-stripe-gateway.php	Implements maybe_redirect_to_stripe_oauth() method that hooks into the settings redirect filter. Replaces direct OAuth link with a form submit button (wu_connect_stripe) to ensure settings are persisted before OAuth redirect.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Settings Admin
    participant Stripe Gateway
    participant Stripe OAuth
    
    User->>Settings Admin: Submit form with Stripe connect button
    Settings Admin->>Settings Admin: Save settings to database
    Settings Admin->>Stripe Gateway: Apply wu_settings_save_redirect filter
    Stripe Gateway->>Stripe Gateway: Check if wu_connect_stripe in submission
    alt Connect button was clicked
        Stripe Gateway->>Stripe OAuth: Return OAuth init URL
        Stripe Gateway-->>Settings Admin: OAuth URL
    else Connect button not clicked
        Stripe Gateway-->>Settings Admin: Original redirect URL
    end
    Settings Admin->>User: Safe redirect to resulting URL

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A filter hook hops into the fray,
Settings redirect finds a new way,
Stripe OAuth joins the dance so fine,
Form submissions and hooks align,
Connect buttons whisper what's to be—
Redirects flow wild and free! 🌟

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: the Stripe Connect button now saves settings before redirecting to OAuth.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/stripe-connect-save-settings-first

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

inc/gateways/class-stripe-gateway.php (1)

83-90: Consider using $saved_data instead of reading $_POST directly.

The $saved_data parameter is unused (also flagged by PHPMD). You could check for wu_connect_stripe in $saved_data instead of $_POST, but since wu_connect_stripe is not a registered settings field, it won't appear in $saved_data (which is filtered to allowed fields only in default_handler).

Given this, you have two practical options: (1) add wu_connect_stripe to the allowed/filtered POST data passed through the filter, or (2) keep reading $_POST but suppress the PHPMD warning with an annotation on the unused param. The current approach works correctly, but the unused parameter is a minor smell.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password