Merge pull request #819 from google/fix/818-refresh-errors

Properly handle refresh token response errors

Author: felixarntz

includes/Core/Authentication/Authentication.php

@@ -465,6 +465,9 @@ private function refresh_auth_token_on_login() {
 		// If 'invalid_grant' error, disconnect the account.
 		if ( 'invalid_grant' === $this->user_options->get( Clients\OAuth_Client::OPTION_ERROR_CODE ) ) {
 			$this->disconnect();
+
+			// We need to re-set this error so that it is displayed to the user.
+			$this->user_options->set( Clients\OAuth_Client::OPTION_ERROR_CODE, 'invalid_grant' );
 		}
 	}
 

includes/Core/Authentication/Clients/OAuth_Client.php

@@ -246,7 +246,11 @@ public function refresh_token() {
 			$this->user_options->set( self::OPTION_PROXY_ACCESS_CODE, $e->getAccessCode() );
 			return;
 		} catch ( \Exception $e ) {
-			$this->user_options->set( self::OPTION_ERROR_CODE, 'invalid_grant' );
+			$error_code = 'invalid_grant';
+			if ( $this->using_proxy() ) { // Only the Google_Proxy_Client exposes the real error response.
+				$error_code = $e->getMessage();
+			}
+			$this->user_options->set( self::OPTION_ERROR_CODE, $error_code );
 			return;
 		}
 

tests/phpunit/includes/FakeHttpClient.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * Fake HTTP Client
+ *
+ * @package   Google\Site_Kit\Tests
+ * @copyright 2019 Google LLC
+ * @license   https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
+ * @link      https://sitekit.withgoogle.com
+ */
+
+namespace Google\Site_Kit\Tests;
+
+use Google\Site_Kit_Dependencies\GuzzleHttp\Client;
+use Google\Site_Kit_Dependencies\GuzzleHttp\Message\RequestInterface;
+use Google\Site_Kit_Dependencies\GuzzleHttp\Message\Response;
+
+/**
+ * Class FakeHttpClient
+ */
+class FakeHttpClient extends Client {
+	/**
+	 * Handler function for overriding requests.
+	 *
+	 * @var callable
+	 */
+	protected $request_handler;
+
+	/**
+	 * Sets the handler for all requests.
+	 *
+	 * @param callable $handler
+	 */
+	public function set_request_handler( callable $handler ) {
+		$this->request_handler = $handler;
+	}
+
+	/**
+	 * @param RequestInterface $request
+	 *
+	 * @return \Google\Site_Kit_Dependencies\GuzzleHttp\Message\ResponseInterface
+	 */
+	public function send( RequestInterface $request ) {
+		if ( $this->request_handler ) {
+			return call_user_func( $this->request_handler, $request );
+		}
+
+		return new Response( 200 );
+	}
+}

tests/phpunit/integration/Core/Authentication/Clients/OAuth_ClientTest.php

@@ -13,6 +13,7 @@
 use Google\Site_Kit\Context;
 use Google\Site_Kit\Core\Authentication\Clients\OAuth_Client;
 use Google\Site_Kit\Tests\Exception\RedirectException;
+use Google\Site_Kit\Tests\FakeHttpClient;
 use Google\Site_Kit\Tests\TestCase;
 
 /**
@@ -30,6 +31,7 @@ public function test_get_client() {
 	}
 
 	public function test_refresh_token() {
+		$this->fake_authentication();
 		$user_id = $this->factory()->user->create();
 		wp_set_current_user( $user_id );
 		$client = new OAuth_Client( new Context( GOOGLESITEKIT_PLUGIN_MAIN_FILE ) );
@@ -49,7 +51,7 @@ public function test_refresh_token() {
 		// Google client must be initialized first
 		$this->assertEquals( 'refresh_token_not_exist', get_user_option( OAuth_Client::OPTION_ERROR_CODE, $user_id ) );
 
-		$client->get_client();
+		$client->get_client()->setHttpClient( new FakeHttpClient() );
 		$client->refresh_token();
 
 		// At this point an error is triggered internally due to undefined indexes on $authentication_token