refactor(checkout): replace captcha-specific JS with generic hooks

[superdav42]

Summary

Replaces the captcha-specific inline-login code in checkout.js with generic wp.hooks extension points. Any addon — not just the captcha addon — can now participate in the inline-login lifecycle.

Supersedes #901. That PR tried to scope captcha token selectors to the prompt container; this one removes captcha knowledge from checkout.js entirely.

Why

checkout.js should not know about g-recaptcha-response, h-captcha-response, cap-token, or a window.wuCaptchaResetInlineLogin global. Those are concerns of the captcha addon. Hardcoding them in core means:

• Every new captcha provider needs a core change
• The selectors leak across form contexts (the original bug wip: scope inline login captcha token selectors to prompt container a… #901 was patching)
• Other addons (e.g. email validation, honeypots, SSO) have no way to plug in

New hooks

Fired via wp.hooks (the existing pattern used elsewhere in checkout.js):

Hook	Type	Fires	Signature
wu_inline_login_data	filter	before the AJAX request	(data, fieldType) => data
wu_inline_login_success	action	on successful login	(results, fieldType)
wu_inline_login_error	action	on failed login	(error, fieldType)
wu_inline_login_prompt_ready	action	once the prompt handlers are attached	(fieldType, container)

Together with the already-existing server-side hooks — wu_inline_login_prompt_before_submit (for injecting markup) and wu_before_inline_login (for server-side validation) — addons now have a complete lifecycle to plug into.

Companion PR

The captcha addon's rewrite to use these hooks lives at Ultimate-Multisite/ultimate-multisite-captcha (replacement for the reverted PR #17 in that repo).

Test plan

• Load a checkout form with the captcha addon enabled; confirm the captcha renders inside the inline-login prompt when it becomes visible
• Attempt an inline login with an invalid password; confirm the captcha resets and error message shows
• Attempt an inline login with a valid password; confirm the captcha token is accepted and the page reloads
• Load a checkout form with the captcha addon disabled; confirm the inline-login flow works with no captcha (no JS errors)
• Load the final checkout step with captcha enabled; confirm the checkout-level captcha is unaffected (no token leaks between forms)

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@superdav42 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 43 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 16 minutes and 43 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b96b50e-fdde-4e94-a107-d9f1f0d34ad8

📥 Commits

Reviewing files that changed from the base of the PR and between 25414b6 and e727519.

⛔ Files ignored due to path filters (1)

• assets/js/checkout.min.js is excluded by !**/*.min.js

📒 Files selected for processing (1)

• assets/js/checkout.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/inline-login-hooks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

[github-actions]

Performance Test Results

Performance test results for de05d65 are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run	DB Queries	Memory	Before Template	Template	WP Total	LCP	TTFB	LCP - TTFB
0	41	37.78 MB	841.50 ms (-28.50 ms / -3% )	147.50 ms (-13.00 ms / -9% )	1015.00 ms (-59.50 ms / -6% )	2036.00 ms	1940.55 ms	92.85 ms (+4.90 ms / +5% )
1	56	49.03 MB	974.00 ms	149.50 ms	1121.50 ms	2120.00 ms	2036.85 ms	83.70 ms