[API Pull] Auth Flow

[puntope]

Changes proposed in this Pull Request:

• Auth flow for granting access to WPCOM after enabling the product sync feature
• Tweak the banner
• Revoke access when disabling the feature

Detailed test instructions:

1. Go to Settings and verify you see "We will soon transition to a new and improved method for synchronizing product data with Google -- Get early access" banner
2. Click on Get early access (see the button loading)
3. You will be redirected to auth flow
4. Complete the auth flow
5. You will be redirected back to the store
6. You see "Google has been granted access to fetch your product data." in green on the Google MC card
7. Click on "Disable product data fetch"
8. Auth is disabled and you see the banner again

Additional details:

• Deeper unit Tests coming on further PRs
• Consistency and more tracking events coming in further PRs
• Notice that the errors are still not handled from Google. You can see that for example removing the nonce param in get_data_from_google function

[jorgemd24]

Thanks @puntope for working on this. I tested it along with https://github.com/Automattic/woocommerce-connect-server/pull/2485 , and it worked well except that after authorizing the WPCOM App, it seems Google is redirecting to the wrong URL.

However, the OAuth flow was successful, as I could see the GLA App connected to my site. I then went to the settings to disconnect the API pull, and it successfully revoked the token.

I left some minor comments about the code too.

[jorgemd24]

Shouldn't we check if the HTTP status code is >= 200? For example, if there are no tokens, the server will respond with status 500 - Internal Server Error. - {"code":"wpcom_partner_token_not_associated","message":"No token found associated with the client ID and user.","data":null}

[puntope]

Fixed here. Thx ece73b1

[jorgemd24]

Unused dependency

[puntope]

Fixed here thx. 436881c

[ianlin]

after authorizing the WPCOM App, it seems Google is redirecting to the wrong URL.

Had a look at it and I found they tried to redirect us to this URL:

https://shoppingdataintegration.googleapis.com/v1/credentials/partners/WooCommerce/https%3A%2F%2Ftest-site.example.com%2Fwp-admin%2Fadmin.php%3Fpage%3Dwc-admin%26path%3D%2Fgoogle%2Fsettings%3Fnonce=XXXXX&google_wpcom_app_status=approved

We should ask them to remove https://shoppingdataintegration.googleapis.com/v1/credentials/partners/WooCommerce/ so they could redirect to the correct URL.

However I also noticed there were something wrong in the merchant site's URL:

The URL decoded version of the merchant site's URL is:

https://test-site.example.com/wp-admin/admin.php?page=wc-admin&path=/google/settings?nonce=XXXXX&google_wpcom_app_status=approved

where it added a question mark ? before nonce parameter which it would cause the page not found. We should also ask them the replace that ? with & so it would return to the merchant site correctly.

[puntope]

Thanks, @ianlin and @jorgemd24 for your suggestions and investigation. They fixed the error from Google and now seems to work. Also, I addressed the review comments. Can you test again?

[jorgemd24]

@puntope, I tested it, and it is now redirecting me back to my site. Is there anything else we need to wait for, or can I proceed with the review? Also, I noticed some PHPCS errors.

[puntope]

@puntope, I tested it, and it is now redirecting me back to my site. Is there anything else we need to wait for, or can I proceed with the review? Also, I noticed some PHPCS errors.

We need to wait for a fix from google. I will ping you

[codecov]

Codecov Report

Attention: Patch coverage is 64.70588% with 18 lines in your changes missing coverage. Please review.

Project coverage is 64.3%. Comparing base (aec6d57) to head (e42f728).
Report is 481 commits behind head on feature/google-api-project.

Additional details and impacted files

@@                      Coverage Diff                       @@
##             feature/google-api-project   #2424     +/-   ##
==============================================================
+ Coverage                          64.2%   64.3%   +0.1%     
- Complexity                         4484    4549     +65     
==============================================================
  Files                               471     794    +323     
  Lines                             18862   22795   +3933     
  Branches                              0    1219   +1219     
==============================================================
+ Hits                              12117   14665   +2548     
- Misses                             6745    7963   +1218     
- Partials                              0     167    +167     

Flag	Coverage Δ
js-unit-tests	63.5% <ø> (?)
php-unit-tests	64.6% <64.7%> (+0.3%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
src/API/Google/Middleware.php	95.0% <100.0%> (+8.2%)	⬆️
src/MerchantCenter/AccountService.php	98.3% <100.0%> (+2.1%)	⬆️
...rc/API/Site/Controllers/RestAPI/AuthController.php	92.4% <0.0%> (-1.0%)	⬇️
src/API/WP/OAuthService.php	66.7% <33.3%> (-14.0%)	⬇️

... and 512 files with indirect coverage changes

[puntope]

@jorgemd24 @ianlin This seems to be ready for another look. Google deployed their last changes

[jorgemd24]

Thanks @puntope for working on this. I tested the happy path and everything works well. However, if the response from WCS is anything other than 200, I get redirected to wp-admin/undefined.

[jorgemd24]

The Exception expects the second parameter to be an int, but wp_error accepts the code as either a string or int so if wp_error had set the code as a string it will throw a fatal.

[puntope]

Tweaked here. I will return just 400

e42f728

[jorgemd24]

get_sdi_auth_params can return an exception.

[puntope]

tweaked here

e42f728

[jorgemd24]

I simulated a response other than 200, but I don't see any error and I get redirected to: /wp-admin/undefined

[puntope]

Hi @jorgemd24 How did you simulate the bad response?

When I do so I cannot reproduce the error you mentioned.

Screen.Recording.2024-06-26.at.14.01.27.mov

I did the simulation doing:

$result = new Response(400 );
$response = [];

[jorgemd24]

Ah sorry! I realized that my simulation was not correct, because I changed this line from if ( 200 !== $result->getStatusCode() ) { to if ( 200 === $result->getStatusCode() ) { but then the Exception was thrown as 200 and that's why I was getting that result.

[jorgemd24]

Also, what do you think about setting the default value of this filter to true? Or do we want the merchant to enable this manually?

google-listings-and-ads/src/API/WP/NotificationsService.php

Line 176 in ec1e862

return apply_filters( 'woocommerce_gla_notifications_enabled', false );

[jorgemd24]

One more thought: how will Google return any errors through the OAuth flow, and how are we going to handle them?

[puntope]

Or do we want the merchant to enable this manually?

If nothing has changed for now I think the first version requires setting the filter. But not sure if that changed after dark launch discussion

[puntope]

One more thought: how will Google return any errors through the OAuth flow, and how are we going to handle them?

The discussion between @ianlin and Google was that they would return google_wpcom_app_status=error. Can you confirm @ianlin ?

[puntope]

Thanks @jorgemd24. Can you take another look ?

[jorgemd24]

Thanks for the adjustments, LGTM 👍

If nothing has changed for now I think the first version requires setting the filter. But not sure if that changed after dark launch discussion

Okay I will ask them, for me it looks a bit redundant.

The discussion between @ianlin and Google was that they would return google_wpcom_app_status=error. Can you confirm @ianlin ?

If so, I can work on a PR to display those errors to the user.

[puntope]

Thanks for the adjustments, LGTM 👍

If nothing has changed for now I think the first version requires setting the filter. But not sure if that changed after dark launch discussion

Okay I will ask them, for me it looks a bit redundant.

Sounds good. @jorgemd24 Go ahead and we can remove if so.

The discussion between @ianlin and Google was that they would return google_wpcom_app_status=error. Can you confirm @ianlin ?

If so, I can work on a PR to display those errors to the user.

@jorgemd24 We do display a notice on the card banner and allow granting again. Is this what you mean?

p.s You can also check the tracking topic if you are looking for issues.

[ianlin]

One more thought: how will Google return any errors through the OAuth flow, and how are we going to handle them?

The discussion between @ianlin and Google was that they would return google_wpcom_app_status=error. Can you confirm @ianlin ?

@puntope @jorgemd24 Yeah correct, they will just set the query param to google_wpcom_app_status=error without what error it is.