Enhance param validation on refreshToken #28
Conversation
| $data[ $key ] = is_array($value) ? EED_SquareOnsiteOAuth::cleanDataArray($value) : $value; | ||
| $data[ $key ] = in_array($key, $sensitive_data) ? '***' : $value; |
There was a problem hiding this comment.
this second line is overwriting the previous one and therefore negating what it has done
what about something like:
| $data[ $key ] = is_array($value) ? EED_SquareOnsiteOAuth::cleanDataArray($value) : $value; | |
| $data[ $key ] = in_array($key, $sensitive_data) ? '***' : $value; | |
| $value = is_array($value) ? EED_SquareOnsiteOAuth::cleanDataArray($value) : $value; | |
| $data[ $key ] = in_array($key, $sensitive_data) ? '***' : $value; |
|
Hey Nazar, can we start on testing with this pull request? |
|
Yes Lorenzo, please do. Although don't think you can reproduce without messing up the code on purpose. |
|
Testing sites with Event Espresso 4.10.26.p and the 27/param-validation branch.
I connected both through live mode. I set a Slack reminder to check back on Wednesday afternoon. |
|
I checked both sites here (#28 (comment)) and Square is still activated. I'm not exactly sure when the refreshtoken runs on either site so I'll check in the morning again. That way, I'm certain it has run since two days will have passed. |
|
There should be a log |
|
Hey Nazar, thanks for the tip. I see a couple of entries on the first site from today and both are for domain status verified. The second site doesn't have anything for today. |
|
Hey Nazar, I rechecked both sites again today. Both are still connected to Square and there isn't any fatal errors. I checked the payment logs about the entry that should be made and I don't see any mentioning a refresh. On this site (https://enzo12staging.wpengine.com), there are entries for today and yesterday. They all show this with the verified:
The other site doesn't have any entries for this month. Only some from end of January. (I think it may be because its an internal site and doesn't get traffic to trigger the cron.) Do we have enough info to move forward with merging this in? |
|
I checked these sites again:
Both showed this:
I have been testing Square on MakeEventsNotWar so I'm not sure if that caused a problem since I'm using the same account. |
|
Lorenzo Hi, You need to check the logs. Or please give me access to those sites. |
|
Hi Nazar, I invited you to the sites below through your email ([email protected]):
Let me know if you need anything else to look at the payment logs: |
|
Well, the logs show that most are "This request could not be authorized." But no info on Why... I do suspect the usage of the same account as the cause. Otherwise I don't know why those are authorized. |
|
Hi Nazar, I'm using the same Square account for testing on ES staging. I think that may have caused the not authorized. Can we merge this in and bring it over to ES staging so I can test there? |
|
On the other hand I don't see any logs about it even trying to refresh the token. And this could be because I see that on February 4 (4th) day there's already the "unauthorized" error while trying to do a health check. The token for sure didn't expire by then. So this brings me back to suspecting account usage. |
|
/rebase |
…ram validation on refreshToken (#28) * enhance param validation on refreshToken * update the data cleaner * remove debug code * reuse the value"
Resolves #27
Problem this Pull Request solves
There was a fatal if the
refreshTokenaction had missing parameters from an APIrefreshresponse. Work here prevents that from happening.How has this been tested
Checking the logs. Refresh occurs every 2 days.