search

PurpleTurtleCreative / completionist

Asana integration plugin for WordPress.
https://purpleturtlecreative.com/completionist/
GNU General Public License v3.0
1 stars 0 forks source link

Asana PAT getting deleted due to sanitization, despite successfully authenticating requests #122

Closed MichelleBlanchette closed 1 year ago

MichelleBlanchette commented 1 year ago

I think the sanitization stuff should really be loosened up, or it should be corrected.

On Completionist local staging, I was successfully authenticating frontend requests to view projects and attachments. However, once I log into wp-admin, I get the following errors:

[23-Mar-2023 03:07:05 UTC] ALERT: Sanitization occurred. Saved meta is corrupt for: _ptc_asana_pat
[23-Mar-2023 03:07:05 UTC] Error 0: Failed to run create_task Automation Action 8. Asana authorization failed. Please provide a new personal access token in Completionist's settings.
[23-Mar-2023 03:07:05 UTC] ALERT: Sanitization occurred. Saved meta is corrupt for: _ptc_asana_pat
[23-Mar-2023 03:07:05 UTC] Error 0: Failed to run create_task Automation Action 11. Asana authorization failed. Please provide a new personal access token in Completionist's settings.
[23-Mar-2023 03:07:08 UTC] Successfully ran action for Completionist Automation hook name: custom_action__wp_login

Also, the dashboard widget successfully contains task data. I honestly don't know how that's even possible..?

MichelleBlanchette commented 1 year ago

Ugh... Something is weird with the data. See this:

[23-Mar-2023 03:20:58 UTC] Retrieved saved meta for key (_ptc_asana_pat) where retrieved value (1/866566539988991:e021d16c8af5ada60081cb2c00f302eb) matches sanitized value (1/866566539988991:e021d16c8af5ada60081cb2c00f302eb).
[23-Mar-2023 03:21:00 UTC] Retrieved saved meta for key (_ptc_asana_pat) where retrieved value (1/866566539988991:e021d16c8af5ada60081cb2c00f302eb) matches sanitized value (1/866566539988991:e021d16c8af5ada60081cb2c00f302eb).
[23-Mar-2023 03:21:00 UTC] ALERT: Sanitization occurred. Saved meta is corrupt for key (_ptc_asana_pat) where retrieved value (??(?i????K*b??` ??k?̍?Z?) does not match sanitized value (ibk).

Also, the Asana PAT wasn't actually deleted and isn't being deleted like I was expecting. Maybe I was just confused or this is context-specific. To that point, I'm going to review some stacktraces now...

MichelleBlanchette commented 1 year ago

Okay, so the sallymae test user actually DID have a corrupted _ptc_asana_pat. I have no idea how that happened, so I'm kinda shook. However, I'm pleasantly surprised that these alerts are actually correct. HA!

So basically, whenever Asana_Interface::get_connected_workspace_users() was called, Sally's corrupted PAT was noticed. It wasn't deleted because it wasn't actually used for authentication.

Now that I've signed in as Sally, her PAT was used for authentication and failed. Thus, it was deleted and I saved a different PAT for her and all is well. Kinda wiggy! Must be something with this Docker environment..?