feat: add simple checkout form template with auto-generated credentials

[superdav42]

Summary

• Adds a new simple checkout form preset — a single-step form where the customer only needs to enter their email address. Username, password, site title, and site URL are all auto-generated server-side.
• Adds auto_generate_password toggle to the Password signup field, with wp_generate_password() generation and relaxed validation when enabled.
• Fixes client-side JS validation to strip password rules when the form uses auto-generated passwords.

Changes

inc/checkout/signup-fields/class-signup-field-password.php

• New auto_generate_password default (off, fully backwards-compatible)
• Toggle in get_fields() with v-show guards hiding the strength meter and confirm field when auto-generate is on
• to_fields_array() short-circuits to a single hidden field (auto_generate_password=1) when enabled — no visible password input rendered

inc/checkout/class-checkout.php

• Customer creation: resolves password via wp_generate_password(16) when auto_generate_password is in the session/request
• validation_rules(): password, password_conf, and valid_password rules are cleared when auto_generate_password is set
• New form_has_auto_generate_password() helper: inspects the form's field config at render time
• get_js_validation_rules(): calls the helper and strips the three password-related rule entries before serialising to JS (prevents client-side validator blocking submission on a field that is never shown)

inc/models/class-checkout-form.php

• validation_rules(): adds simple to the in: enum
• use_template(): adds elseif ('simple' === $template) branch
• save(): adds simple to $step_types so the template is applied on save
• New private get_simple_template(): single step — products (pre-selected), email (visible), username (auto from email), password (auto-generated), site_title (auto from username), site_url (auto from site_title), template_selection (hidden when pre-selected via URL), order_summary, payment, billing_address, submit

inc/apis/schemas/checkout-form-create.php + checkout-form-update.php

• Adds simple to the template field enum

Testing

Tested end-to-end against the local wp-env environment:

Test	Result
Form created with use_template('simple')	✅
Field structure correct (email visible, all others hidden/auto)	✅
Password field emits hidden flag, not password input	✅
Server-side validation skips password rules when auto-generating	✅
JS validation rules strip password fields at render time	✅
HTTP checkout with email only → {"success":true}	✅
Customer created with username derived from email	✅
Membership created, status=active	✅
signup_form recorded on customer	✅

Usage

$form = wu_create_checkout_form(['name' => 'Quick Signup', 'slug' => 'quick']);
$form->use_template('simple');
$form->save();

Or via REST API / WP-CLI with "template": "simple".

Summary by CodeRabbit

• New Features
  • Added "simple" as a new checkout form template option, providing an additional layout choice alongside existing templates.
  • Introduced auto-password generation feature for checkout forms; when enabled, password input fields are hidden and secure passwords are automatically generated.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR introduces a new "simple" checkout template mode and auto-generate password functionality. Schema definitions accept the new template value. A simple template builder creates pre-configured checkout forms with optional auto-generated passwords. The password field component adds auto_generate_password toggle that conditionally hides password inputs. Checkout class logic determines passwords via auto-generation when enabled and removes associated server/client validation constraints.

Changes

Cohort / File(s)	Summary
Schema Definitions inc/apis/schemas/checkout-form-create.php, inc/apis/schemas/checkout-form-update.php	Added 'simple' to template field enum, expanding allowed values from three to four options with updated descriptions.
Password Field Component inc/checkout/signup-fields/class-signup-field-password.php	Added auto_generate_password toggle configuration option. When enabled, field renders only a hidden input instead of visible password fields. Conditional visibility applied to existing strength meter and confirmation field toggles.
Core Checkout Logic inc/checkout/class-checkout.php	Added form_has_auto_generate_password() detector method. Modified maybe_create_customer() to generate strong passwords via wp_generate_password() when auto-generation enabled. Updated get_js_validation_rules() and validation_rules() to remove password-related constraints when auto-generation active.
Form Template Implementation inc/models/class-checkout-form.php	Expanded template validation to accept 'simple' value. Added get_simple_template() builder creating single-step form with pre-selected products, auto-generating password/username fields, and hidden template selection. Updated use_template() and save() to handle new template mode.

Sequence Diagram

sequenceDiagram
    actor Admin
    participant CheckoutForm
    participant PasswordField
    participant CheckoutClass
    participant Customer

    Admin->>CheckoutForm: Select 'simple' template
    activate CheckoutForm
    CheckoutForm->>CheckoutForm: use_template('simple')
    CheckoutForm->>CheckoutForm: get_simple_template()
    CheckoutForm->>PasswordField: Configure with auto_generate_password=true
    deactivate CheckoutForm
    
    Customer->>PasswordField: Submit checkout form
    activate PasswordField
    PasswordField->>PasswordField: to_fields_array() returns hidden input only
    deactivate PasswordField
    
    PasswordField->>CheckoutClass: Form submission received
    activate CheckoutClass
    CheckoutClass->>CheckoutClass: form_has_auto_generate_password() checks field config
    CheckoutClass->>CheckoutClass: maybe_create_customer() with auto-generated password
    CheckoutClass->>CheckoutClass: Validation rules bypass password constraints
    deactivate CheckoutClass
    
    CheckoutClass->>Customer: Create account with auto-generated password

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: add simple checkout form template with auto-generated credentials #737: Main PR implementing the same "simple" checkout template and auto_generate_password feature, modifying identical schema enums, checkout class password logic, and form template methods.
• GH#738: fix: simple checkout form follow-up fixes #739: Directly related PR modifying the same checkout flow with "simple" template schema additions and auto_generate_password password validation handling in the checkout class.

Poem

🐰 A simple template hops into view,
With passwords that generate brand new!
No typing required, the form knows what's best,
Auto-generated magic puts fields to the test! ✨🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a new 'simple' checkout form template with auto-generated credentials, which aligns with all the primary modifications across the codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/simple-checkout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[superdav42]

Closing — this PR has merge conflicts with the base branch. The linked issue (if any) remains open for a worker to re-attempt with a fresh branch.

Closed by deterministic merge pass (pulse-wrapper.sh).