[API Pull] Auth Flow

js/src/components/enable-new-product-sync-button.js

@@ -3,6 +3,7 @@
  */
 import { __ } from '@wordpress/i18n';
 import { addQueryArgs } from '@wordpress/url';
+import { useState } from '@wordpress/element';
 
 /**
  * Internal dependencies
@@ -21,16 +22,19 @@ import useDispatchCoreNotices from '.~/hooks/useDispatchCoreNotices';
  */
 const EnableNewProductSyncButton = ( params ) => {
 	const { createNotice } = useDispatchCoreNotices();
-
+	const [ loading, setLoading ] = useState( false );
 	const nextPageName = glaData.mcSetupComplete ? 'settings' : 'setup-mc';
 	const query = { next_page_name: nextPageName };
 	const path = addQueryArgs( `${ API_NAMESPACE }/rest-api/authorize`, query );
 	const [ fetchRestAPIAuthorize ] = useApiFetchCallback( { path } );
 	const handleEnableClick = async () => {
 		try {
+			setLoading( true );
 			const d = await fetchRestAPIAuthorize();
+			setLoading( false );
 			window.location.href = d.auth_url;
 		} catch ( error ) {
+			setLoading( false );
 			createNotice(
 				'error',
 				__(
@@ -42,7 +46,12 @@ const EnableNewProductSyncButton = ( params ) => {
 	};
 
 	return (
-		<AppButton isSecondary onClick={ handleEnableClick } { ...params } />
+		<AppButton
+			isSecondary
+			loading={ loading }
+			onClick={ handleEnableClick }
+			{ ...params }
+		/>
 	);
 };
 

js/src/components/enable-new-product-sync-notice.js

@@ -35,7 +35,7 @@ const EnableNewProductSyncNotice = () => {
 		<Notice status="info" isDismissible={ false }>
 			{ createInterpolateElement(
 				__(
-					'Enable new product sync. <enableButton>Enable</enableButton>',
+					'<p>We will soon transition to a new and improved method for synchronizing product data with Google.</p><enableButton>Get early access</enableButton>',
 					'google-listings-and-ads'
 				),
 				{
@@ -45,6 +45,7 @@ const EnableNewProductSyncNotice = () => {
 							eventProps={ { context: 'banner' } }
 						/>
 					),
+					p: <p />,
 				}
 			) }
 		</Notice>

js/src/components/google-mc-account-card/connected-google-mc-account-card.js

@@ -226,7 +226,7 @@ const ConnectedGoogleMCAccountCard = ( {
 								'Disable product data fetch',
 								'google-listings-and-ads'
 							) }
-							eventName="gla_mc_account_disconnect_wpcom_rest_api"
+							eventName="gla_disable_product_sync_click"
 							onClick={ openDisableDataFetchModal }
 						/>
 					) }

src/API/Google/Middleware.php

@@ -14,7 +14,9 @@
 use Automattic\WooCommerce\GoogleListingsAndAds\Utility\DateTimeUtility;
 use Automattic\WooCommerce\GoogleListingsAndAds\Value\TosAccepted;
 use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\GuzzleHttp\Client;
+use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Psr\Container\ContainerExceptionInterface;
 use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Psr\Container\ContainerInterface;
+use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Psr\Container\NotFoundExceptionInterface;
 use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Psr\Http\Client\ClientExceptionInterface;
 use DateTime;
 use Exception;
@@ -482,6 +484,19 @@ protected function get_manager_url( string $name = '' ): string {
 		return $name ? trailingslashit( $url ) . $name : $url;
 	}
 
+	/**
+	 * Get the Google Shopping Data Integration auth endpoint URL
+	 *
+	 * @return string
+	 */
+	public function get_sdi_auth_endpoint(): string {
+		return $this->container->get( 'connect_server_root' )
+				. 'google/google-sdi/v1/credentials/partners/WOO_COMMERCE/merchants/'
+				. $this->strip_url_protocol( $this->get_site_url() )
+				. '/oauth/redirect:generate'
+				. '?merchant_id=' . $this->options->get_merchant_id();
+	}
+
 	/**
 	 * Generate a descriptive name for a new account.
 	 * Use site name if available.
@@ -552,4 +567,45 @@ public function is_subaccount(): bool {
 		// since transients don't support booleans, we save them as 0/1 and do the conversion here
 		return boolval( $is_subaccount );
 	}
+
+	/**
+	 * Performs a request to Google Shopping Data Integration (SDI) to get required information in order to form an auth URL.
+	 *
+	 * @return array An array with the JSON response from the WCS server.
+	 * @throws NotFoundExceptionInterface  When the container was not found.
+	 * @throws ContainerExceptionInterface When an error happens while retrieving the container.
+	 * @throws Exception When the response status is not successful.
+	 * @see google-sdi in google/services inside WCS
+	 */
+	public function get_sdi_auth_params() {
+		try {
+			/** @var Client $client */
+			$client   = $this->container->get( Client::class );
+			$result   = $client->get( $this->get_sdi_auth_endpoint() );
+			$response = json_decode( $result->getBody()->getContents(), true );
+
+			if ( 200 !== $result->getStatusCode() ) {
+				do_action(
+					'woocommerce_gla_partner_app_auth_failure',
+					[
+						'error'    => 'response',
+						'response' => $response,
+					]
+				);
+				do_action( 'woocommerce_gla_guzzle_invalid_response', $response, __METHOD__ );
+				$error = $response['message'] ?? __( 'Invalid response authenticating partner app.', 'google-listings-and-ads' );
+				throw new Exception( $error, $result->getStatusCode() );
+			}
+
+			return $response;
+
+		} catch ( ClientExceptionInterface $e ) {
+			do_action( 'woocommerce_gla_guzzle_client_exception', $e, __METHOD__ );
+
+			throw new Exception(
+				$this->client_exception_message( $e, __( 'Error authenticating Google Partner APP.', 'google-listings-and-ads' ) ),
+				$e->getCode()
+			);
+		}
+	}
 }

src/API/Site/Controllers/RestAPI/AuthController.php

@@ -117,7 +117,8 @@
 	protected function delete_authorize_callback(): callable {
 		return function ( Request $request ) {
 			try {
-				$this->account_service->reset_wpcom_api_authorization();
+				$this->account_service->reset_wpcom_api_authorization_data();
+				$this->oauth_service->revoke_wpcom_api_auth();
 				return $this->prepare_item_for_response( [], $request );
 			} catch ( Exception $e ) {
 				return $this->response_from_exception( $e );

src/API/WP/OAuthService.php

@@ -3,11 +3,17 @@
 
 namespace Automattic\WooCommerce\GoogleListingsAndAds\API\WP;
 
+use Automattic\Jetpack\Connection\Client;
+use Automattic\WooCommerce\GoogleListingsAndAds\API\Google\Middleware;
 use Automattic\WooCommerce\GoogleListingsAndAds\HelperTraits\Utilities as UtilitiesTrait;
 use Automattic\WooCommerce\GoogleListingsAndAds\Infrastructure\Service;
+use Automattic\WooCommerce\GoogleListingsAndAds\Internal\ContainerAwareTrait;
+use Automattic\WooCommerce\GoogleListingsAndAds\Internal\Interfaces\ContainerAwareInterface;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\OptionsAwareInterface;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\OptionsAwareTrait;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\OptionsInterface;
+use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Google\Exception;
+use Automattic\WooCommerce\GoogleListingsAndAds\Vendor\Psr\Container\ContainerExceptionInterface;
 use Jetpack_Options;
 
 defined( 'ABSPATH' ) || exit;
@@ -19,12 +25,14 @@
  * @since x.x.x
  * @package Automattic\WooCommerce\GoogleListingsAndAds\API\WP
  */
-class OAuthService implements Service, OptionsAwareInterface {
+class OAuthService implements Service, OptionsAwareInterface, ContainerAwareInterface {
 
 	use OptionsAwareTrait;
 	use UtilitiesTrait;
+	use ContainerAwareTrait;
 
-	public const AUTH_URL      = 'https://public-api.wordpress.com/oauth2/authorize';
+	public const WPCOM_API_URL = 'https://public-api.wordpress.com';
+	public const AUTH_URL      = '/oauth2/authorize';
 	public const RESPONSE_TYPE = 'code';
 	public const SCOPE         = 'wc-partner-access';
 
@@ -66,6 +74,7 @@
 	 * @param string $path A URL parameter for the path within GL&A page, which will be added in the merchant redirect URL.
 	 *
 	 * @return string Auth URL.
+	 * @throws ContainerExceptionInterface When get_data_from_google throws an exception.
 	 */
 	public function get_auth_url( string $path ): string {
 		$google_data = $this->get_data_from_google();
@@ -91,31 +100,73 @@
 					'scope'         => self::SCOPE,
 					'state'         => $state,
 				],
-				self::AUTH_URL
+				$this->get_wpcom_api_url( self::AUTH_URL )
 			)
 		);
 
 		return $auth_url;
 	}
 
 	/**
-	 * Calls an API by Google to get required information in order to form an auth URL.
+	 * Get a WPCOM REST API URl concatenating the endpoint with the API Domain
 	 *
-	 * TODO: Call an actual API by Google.
-	 * We'd probably need use WCS to communicate with the new API.
+	 * @param string $endpoint The endpoint to get the URL for
+	 *
+	 * @return string The WPCOM endpoint with the domain.
+	 */
+	protected function get_wpcom_api_url( string $endpoint ): string {
+		return self::WPCOM_API_URL . $endpoint;
+	}
+
+	/**
+	 * Calls an API by Google via WCS to get required information in order to form an auth URL.
 	 *
 	 * @return array{client_id: string, redirect_uri: string, nonce: string} An associative array contains required information that is retrived from Google.
 	 * client_id:    Google's WPCOM app client ID, will be used to form the authorization URL.
 	 * redirect_uri: A Google's URL that will be redirected to when the merchant approve the app access. Note that it needs to be matched with the Google WPCOM app client settings.
 	 * nonce:        A string returned by Google that we will put it in the auth URL and the redirect_uri. Google will use it to verify the call.
+	 * @throws ContainerExceptionInterface When get_sdi_auth_params throws an exception.
 	 */
 	protected function get_data_from_google(): array {
-		$nonce = 'nonce-123';
+		/** @var Middleware $middleware */
+		$middleware = $this->container->get( Middleware::class );
+		$response   = $middleware->get_sdi_auth_params();
+		$nonce      = $response['nonce'];
 		$this->options->update( OptionsInterface::GOOGLE_WPCOM_AUTH_NONCE, $nonce );
 		return [
-			'client_id'    => '91299',
-			'redirect_uri' => 'https://woo.com',
+			'client_id'    => $response['clientId'],
+			'redirect_uri' => $response['redirectUri'],
 			'nonce'        => $nonce,
 		];
 	}
+
+	/**
+	 * Perform a remote request for revoking OAuth access for the current user.
+	 *
+	 * @return string The body of the response
+	 * @throws Exception If the remote request fails.
+	 */
+	public function revoke_wpcom_api_auth(): string {
+		$args = [
+			'method'  => 'DELETE',
+			'timeout' => 30,
+			'url'     => $this->get_wpcom_api_url( '/wpcom/v2/sites/' . Jetpack_Options::get_option( 'id' ) . '/wc/partners/google/revoke-token' ),
+			'user_id' => get_current_user_id(),
+		];
+
+		$request = Client::remote_request( $args );
+
+		if ( is_wp_error( $request ) ) {
+			throw new Exception( $request->get_error_message(), 400 );
+		} else {
+			$body   = wp_remote_retrieve_body( $request );
+			$status = wp_remote_retrieve_response_code( $request );
+			if ( 200 !== wp_remote_retrieve_response_code( $request ) ) {
+				$data = json_decode( $body, true );
+				throw new Exception( $data['message'] ?? 'Error revoking access to WPCOM.', $status );
+			}
+
+			return $body;
+		}
+	}
 }

src/MerchantCenter/AccountService.php

@@ -15,7 +15,6 @@
 use Automattic\WooCommerce\GoogleListingsAndAds\Exception\ExceptionWithResponseData;
 use Automattic\WooCommerce\GoogleListingsAndAds\Infrastructure\Service;
 use Automattic\WooCommerce\GoogleListingsAndAds\Jobs\CleanupSyncedProducts;
-use Automattic\WooCommerce\GoogleListingsAndAds\MerchantCenter\MerchantCenterService;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\AdsAccountState;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\MerchantAccountState;
 use Automattic\WooCommerce\GoogleListingsAndAds\Options\OptionsAwareInterface;
@@ -536,7 +535,7 @@ private function prepare_exception( string $message, array $data = [], int $code
 	 *
 	 * @return bool
 	 */
-	public function reset_wpcom_api_authorization(): bool {
+	public function reset_wpcom_api_authorization_data(): bool {
 		$this->delete_wpcom_api_auth_nonce();
 		return $this->options->delete( OptionsInterface::WPCOM_REST_API_STATUS );
 	}

tests/Unit/API/Google/MiddlewareTest.php

@@ -388,4 +388,41 @@ public function test_mark_tos_accepted_account_reconnect_exception() {
 		$this->assertFalse( $tos->accepted() );
 		$this->assertEquals( 'Please reconnect your Jetpack account.', $tos->message() );
 	}
+
+	public function test_get_sdi_auth_endpoint() {
+		$this->assertEquals(
+			$this->middleware->get_sdi_auth_endpoint(),
+			'https://connect-server.test/google/google-sdi/v1/credentials/partners/WOO_COMMERCE/merchants/example.org/oauth/redirect:generate?merchant_id=0'
+		);
+	}
+
+	public function test_get_sdi_auth_params() {
+		$expected_response = [
+			'clientId'    => self::TEST_MERCHANT_ID,
+			'redirectUri' => 'https://example.com',
+			'nonce'       => '123',
+		];
+
+		$this->generate_request_mock( $expected_response );
+		$this->assertEquals( $this->middleware->get_sdi_auth_params(), $expected_response );
+	}
+
+	public function test_get_sdi_auth_params_no_success() {
+		$this->generate_request_mock( [], 'get', 400 );
+		$this->expectException( Exception::class );
+		$this->expectExceptionCode( 400 );
+		$this->expectExceptionMessage( 'Invalid response authenticating partner app.' );
+		$this->middleware->get_sdi_auth_params();
+		$this->assertEquals( 1, did_action( 'woocommerce_gla_partner_app_auth_failure' ) );
+		$this->assertEquals( 1, did_action( 'woocommerce_gla_guzzle_invalid_response' ) );
+	}
+
+	public function test_get_sdi_auth_params_exception() {
+		$this->generate_request_mock_exception( 'Some exception.' );
+		$this->expectException( Exception::class );
+		$this->expectExceptionCode( 400 );
+		$this->expectExceptionMessage( 'Error authenticating Google Partner APP.' );
+		$this->middleware->get_sdi_auth_params();
+		$this->assertEquals( 1, did_action( 'woocommerce_gla_guzzle_client_exception' ) );
+	}
 }