Use remote-site-status to check the WPCOM Auth status #2547
Conversation
github-actions
bot
added
the
changelog: tweak
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #2547 +/- ##
===========================================
- Coverage 65.0% 65.0% -0.0%
- Complexity 4585 4602 +17
===========================================
Files 475 475
Lines 17898 17932 +34
===========================================
+ Hits 11640 11660 +20
- Misses 6258 6272 +14
Flags with carried forward coverage won't be shown. Click here to find out more.
|
| if ( is_wp_error( $integration_remote_request_response ) ) { | ||
| $this->delete_wpcom_api_status_transient(); | ||
| return false; | ||
| } |
There was a problem hiding this comment.
If the token isn't healthy or if the user disconnect Jetpack, does that mean we'll still make a request every time , even though we know the token isn't valid? Shouldn't we store that status in the transient as well?
I also noticed that the SyncerHooks class is registered every time the plugin is initialized, which means we could end up calling this endpoint repeatedly without end.
google-listings-and-ads/src/Settings/SyncerHooks.php
Lines 82 to 85 in e8e51f3
There was a problem hiding this comment.
Thanks for the changes, but I still see this issue. If the response is wp_error, we will keep querying the endpoint. Wouldn't it be better to update the transient with the status error instead?
| @@ -5,6 +5,8 @@ | |||
|
|
|||
| use Automattic\WooCommerce\Admin\RemoteInboxNotifications\TransformerService; | |||
| use Automattic\WooCommerce\GoogleListingsAndAds\API\WP\NotificationsService; | |||
| use Automattic\WooCommerce\GoogleListingsAndAds\API\WP\OAuthService; | |||
|
|
||
| $status = json_decode( wp_remote_retrieve_body( $integration_remote_request_response ), true ) ?? []; | ||
|
|
||
| if ( isset( $status['error'] ) ) { |
There was a problem hiding this comment.
The response from the remote status endpoints returns errors instead of error, should it be error?
|
Thanks for your useful review @jorgemd24 I addressed your comments so now I believe this is ready for a new round |
| @@ -227,6 +229,11 @@ public function get_connected_status(): array { | |||
| $id = $this->options->get_merchant_id(); | |||
| $wpcom_rest_api_status = $this->options->get( OptionsInterface::WPCOM_REST_API_STATUS ); | |||
|
|
|||
| // If token is revoked outside the extension. Set the status as error to force the merchant to grant access again. | |||
| if ( $wpcom_rest_api_status === 'approved' && ! $this->is_wpcom_api_status_healthy() ) { | |||
There was a problem hiding this comment.
What do you think if we update the WPCOM_REST_API_STATUS accordingly? Or Maybe is better just to delete the option so then the user can start the onboarding again.
| if ( is_wp_error( $integration_remote_request_response ) ) { | ||
| $this->delete_wpcom_api_status_transient(); | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Thanks for the changes, but I still see this issue. If the response is wp_error, we will keep querying the endpoint. Wouldn't it be better to update the transient with the status error instead?
|
Hi @jorgemd24 for the review. I updated again the code with your suggestions:
Can we do a new round of review? Thanks |
There was a problem hiding this comment.
Thanks for the adjustments, @puntope! One last thing: if the token isn't valid, shouldn't we reset the gla_wpcom_rest_api_status option? Currently, if I disconnect the GFW app, it doesn't send the notification, but the status still shows as "approved."
Hi @jorgemd24 Thanks for the review. Can you elaborate the steps for this use case? As far as I understand, When the token is invalid we set the transient and option as "error". (See |
There was a problem hiding this comment.
Hi @jorgemd24 Thanks for the review. Can you elaborate the steps for this use case? As far as I understand, When the token is invalid we set the transient and option as "error". (See AccountService::get_connected_status and AccuntService::is_wpcom_api_status_healthy)
Thanks for the clarification! I think this happened because I had the transient set to healthy. Then, I disconnected the Google App and refreshed the settings page, but since the transient was still set to "healthy" it appeared as if it was approved. But now I realize this was just a coincidence when I was doing the review and that the issue is temporary. So, I think we can move forward with this PR!
Changes proposed in this Pull Request:
Context: p1724064639654099/1722414955.111429-slack-C02BB3F30TG
When authorizing Google to fetch data from the Shop as well as generating a token we set an option
gla_wpcom_rest_api_statusasapproved. If the token is revoked outside the extension, the option will still beapprovedand the notifications will be sent.This PR handles that and checks the status of the token using the WPCOM REST API.
Screenshots:
Detailed test instructions:
gla_wpcom_rest_api_statusasapprovedto simulate a granted access that has no token.Additional details:
ℹ️ I was thinking about removing
gla_wpcom_rest_api_statusand only relying on the transient + WPCOM REST API. status endpoint for considering the WPCOM API as ready. I would appreciate thoughts on this.Changelog entry