pinterest-for-woocommerce icon indicating copy to clipboard operation
pinterest-for-woocommerce copied to clipboard

Published 20 hours ago verified publisher icon woocommerce

Token invalid reset procedure.

Open message-dimke opened this issue 10 months ago • 0 comments

Changes proposed in this Pull Request:

Closes #993

Listen to API 401/403 responses, which may happen during user interaction with a plugin or when Pinterest for WooCommerce Action Scheduler tasks run.

In the case of the 401/403 response code, disconnect the user, reset the connection workflow (display landing page), stop feed generation and feed registration Action Scheduled actions, and show a notice about an action required.

Moving all found occurrences of the Base::make_request() direct calls under APIV5 class.

Screenshots:

Pinterest_‹_WordPress_Pinterest_—_WooCommerce WooCommerce_status_‹_WordPress_Pinterest_—_WordPress

Detailed test instructions:

Action Scheduler 401 test.

  1. Connect to Pinterest.
  2. Go to https://github.com/woocommerce/pinterest-for-woocommerce/blob/bfe58e500b8738392d1adff4ddcada7bc6030af5/src/API/Base.php#L268
  3. Change it (add some characters after Bearer, e.g.
            $request['headers']['Authorization'] = 'Bearer ***' . static::get_token()['access_token'];
  1. Go to WooCommerce - Status - Pending (actions).
  2. Force run pinterest-for-woocommerce-handle-feed-registration action.
  3. Observe a Notice.
  4. Check that Pending section does not have pinterest-for-woocommerce-handle-feed-registration and pinterest-for-woocommerce-start-feed-generation actions scheduled.
  5. Go to Marketing - Pinterest and observe the Landing page instead of the Connection page.
  6. Observe the Notice above the Landing page.

User interaction test.

NOTE: Since the Pinterest for WooCommerce plugin has a React frontend application that calls corresponding REST APIs, the UX may seem a bit odd. 401 errors will occur on REST API calls, and we can not perform proper redirects without modifications to the plugin's communication layer. The page reload is required to observe the 401 handling results. We may adjust the frontend application soon after.

  1. Connect to Pinterest.
  2. Go to https://github.com/woocommerce/pinterest-for-woocommerce/blob/bfe58e500b8738392d1adff4ddcada7bc6030af5/src/API/Base.php#L268
  3. Change it (add some characters after Bearer, e.g.
            $request['headers']['Authorization'] = 'Bearer ***' . static::get_token()['access_token'];
  1. Go to Marketing - Pinterest.
  2. Refresh the page and see the Landing page with the Notice above it.

P.S. 403 error test by changing the scope is impossible since we do not send the scope to Pinterest, which is encoded into the access token. Fake access tokens will always cause 401.

Changelog entry

Add - 401/403 Pinterest API error handling.

message-dimke avatar Apr 18 '24 14:04 message-dimke