search

woocommerce / pinterest-for-woocommerce

A native Pinterest integration for WooCommerce. Development is managed by Ventures.
https://woocommerce.com/products/pinterest-for-woocommerce/
GNU General Public License v3.0
22 stars 9 forks source link

Token invalid reset procedure. #1007

Closed message-dimke closed 3 months ago

message-dimke commented 5 months ago

Changes proposed in this Pull Request:

Closes #993

Listen to API 401/403 responses, which may happen during user interaction with a plugin or when Pinterest for WooCommerce Action Scheduler tasks run.

In the case of the 401/403 response code, disconnect the user, reset the connection workflow (display landing page), stop feed generation and feed registration Action Scheduled actions, and show a notice about an action required.

Moving all found occurrences of the Base::make_request() direct calls under APIV5 class.

Screenshots:

Pinterest_‹_WordPress_Pinterest_—_WooCommerce WooCommerce_status_‹_WordPress_Pinterest_—_WordPress

Detailed test instructions:

Action Scheduler 401 test.

  1. Connect to Pinterest.
  2. Go to https://github.com/woocommerce/pinterest-for-woocommerce/blob/bfe58e500b8738392d1adff4ddcada7bc6030af5/src/API/Base.php#L268
  3. Change it (add some characters after Bearer, e.g. 
            $request['headers']['Authorization'] = 'Bearer ***' . static::get_token()['access_token'];
  4. Go to WooCommerce - Status - Pending (actions).
  5. Force run pinterest-for-woocommerce-handle-feed-registration action.
  6. Observe a Notice.
  7. Check that Pending section does not have pinterest-for-woocommerce-handle-feed-registration and pinterest-for-woocommerce-start-feed-generation actions scheduled.
  8. Go to Marketing - Pinterest and observe the Landing page instead of the Connection page.
  9. Observe the Notice above the Landing page.

User interaction test.

NOTE: Since the Pinterest for WooCommerce plugin has a React frontend application that calls corresponding REST APIs, the UX may seem a bit odd. 401 errors will occur on REST API calls, and we can not perform proper redirects without modifications to the plugin's communication layer. The page reload is required to observe the 401 handling results. We may adjust the frontend application soon after.

  1. Connect to Pinterest.
  2. Go to https://github.com/woocommerce/pinterest-for-woocommerce/blob/bfe58e500b8738392d1adff4ddcada7bc6030af5/src/API/Base.php#L268
  3. Change it (add some characters after Bearer, e.g. 
            $request['headers']['Authorization'] = 'Bearer ***' . static::get_token()['access_token'];
  4. Go to Marketing - Pinterest.
  5. Refresh the page and see the Landing page with the Notice above it.

P.S. 403 error test by changing the scope is impossible since we do not send the scope to Pinterest, which is encoded into the access token. Fake access tokens will always cause 401.

Changelog entry

Add - 401/403 Pinterest API error handling.

joelclimbsthings commented 4 months ago

Does this still need a review @message-dimke ?

message-dimke commented 4 months ago

Yes, @joelclimbsthings , it does!

joelclimbsthings commented 4 months ago

Great @message-dimke , just going through the testing steps. I don't see any action called pinterest-for-woocommerce-handle-feed-registration--only these:

image

That said, I do see the notice as pictured 👍🏻 . Is there a reason I wouldn't be able to find that action?

message-dimke commented 4 months ago

Hey, @joelclimbsthings !

Most Pinterest actions make sense only when the user is connected. If you see the banner, it means your token is wrong. I auto-disconnect you from Pinterest so you would not send any requests to its API with invalid tokens.

Also, those two actions you see are no longer visible in version 1.4.1. The branch add/token-invalid-reconnect-procedure was made before that release. This is why you still see some Pinterest daily and hourly heartbeats even if disconnected. After this branch is merged you will not see daily and hourly actions.