chore: fix merge conflicts

Automattic · May 15, 2024 · 0457e12 · 0457e12
2 parents bfbe554 + 1bce4f8
commit 0457e12
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 19 deletions.
diff --git a/assets/reader-activation/auth.js b/assets/reader-activation/auth.js
@@ -631,14 +631,12 @@ window.newspackRAS.push( function ( readerActivation ) {
 						} else if ( authWindow ) {
 							authWindow.location = data;
 							const interval = setInterval( () => {
-								if ( authWindow.closed ) {
-									if ( ! googleOAuthSuccess ) {
-										if ( googleLoginForm?.endLoginFlow ) {
-											googleLoginForm.endLoginFlow();
-										}
+								if ( ! googleOAuthSuccess ) {
+									if ( googleLoginForm?.endLoginFlow ) {
+										googleLoginForm.endLoginFlow( newspack_reader_auth_labels.login_canceled, 401 );
 									}
-									clearInterval( interval );
 								}
+								clearInterval( interval );
 							}, 500 );
 						} else if ( googleLoginForm?.endLoginFlow ) {
 							googleLoginForm.endLoginFlow( newspack_reader_auth_labels.blocked_popup );

diff --git a/includes/oauth/class-google-login.php b/includes/oauth/class-google-login.php
@@ -145,10 +145,12 @@ public static function oauth_callback() {
 		Logger::log( 'Got user email from Google: ' . $user_email );
 
 		// Associate the email address with the a unique ID for later retrieval.
-		$set_transient_result = OAuth_Transients::set( OAuth::get_unique_id(), 'email', $user_email );
+		$uid = OAuth::get_unique_id();
+		$set_transient_result = OAuth_Transients::set( $uid, 'email', $user_email );
 		// If transient setting failed, the email address will not be available for the registration endpoint.
 		if ( $set_transient_result === false ) {
-			self::handle_error( __( 'Failed setting transient.', 'newspack-plugin' ) );
+			/* translators: %s is a unique user id */
+			self::handle_error( sprintf( __( 'Failed setting email transient for id: %s', 'newspack-plugin' ), $uid ) );
 			\wp_die( \esc_html__( 'Authentication failed.', 'newspack-plugin' ) );
 		}
 
@@ -169,7 +171,23 @@ public static function oauth_callback() {
 	 * @param string $message The message to log.
 	 */
 	private static function handle_error( $message ) {
-		Logger::error( $message );
+		// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___SERVER__HTTP_USER_AGENT__
+		Logger::error(
+			sprintf(
+				// Translators: %1$s is the error message, %2$s is the user agent.
+				__( '%1$s | Details: %2$s', 'newspack-plugin' ),
+				$message,
+				\wp_json_encode(
+					[
+						'user_agent'   => isset( $_SERVER['HTTP_USER_AGENT'] ) ? sanitize_text_field( $_SERVER['HTTP_USER_AGENT'] ) : 'N/A',
+						'referrer'     => isset( $_SERVER['HTTP_REFERER'] ) ? esc_url( $_SERVER['HTTP_REFERER'] ) : 'N/A',
+						'request_time' => isset( $_SERVER['REQUEST_TIME'] ) ? gmdate( 'Y-m-d\TH:i:s', intval( $_SERVER['REQUEST_TIME'] ) ) : 'N/A',
+					],
+					JSON_PRETTY_PRINT
+				)
+			)
+		);
+		// phpcs:enable
 		do_action( 'newspack_google_login_error', new WP_Error( 'newspack_google_login', $message ) );
 	}
 

diff --git a/includes/oauth/class-google-oauth.php b/includes/oauth/class-google-oauth.php
@@ -322,6 +322,7 @@ public static function get_google_auth_saved_data() {
 	 *
 	 * @param array $access_token Authentication token.
 	 * @param array $required_scopes Required scopes.
+	 * @return string|WP_Error User's email address or error.
 	 */
 	public static function validate_token_and_get_email_address( $access_token, $required_scopes ) {
 		// Validate access token.
@@ -348,16 +349,17 @@ public static function validate_token_and_get_email_address( $access_token, $req
 				return new \WP_Error( 'newspack_google_oauth', __( 'Newspack can’t access all necessary data because you haven’t granted all permissions requested during setup. Please reconnect your Google account.', 'newspack' ) );
 			}
 
-			$user_info_response = wp_safe_remote_get(
-				add_query_arg(
-					'access_token',
-					$access_token,
-					'https://www.googleapis.com/oauth2/v2/userinfo'
-				)
-			);
-			if ( 200 === wp_remote_retrieve_response_code( $user_info_response ) ) {
-				$user_info = json_decode( $user_info_response['body'] );
-				return $user_info->email;
+			// The /tokeninfo response will contain the email address, as long as the email scope is present in the request.
+			// We always request the email scope. Otherwise, the https://www.googleapis.com/oauth2/v2/userinfo endpoint can be used
+			// to retrieve the user email.
+			if ( isset( $token_info->email ) ) {
+				return $token_info->email;
+			} else {
+				Logger::error( 'User email missing in the response.' );
+				return new \WP_Error(
+					'newspack_google_oauth',
+					__( 'User email missing in the response.', 'newspack' )
+				);
 			}
 		} else {
 			Logger::error( 'Failed retrieving user info – invalid credentials.' );

diff --git a/includes/reader-activation/class-reader-activation.php b/includes/reader-activation/class-reader-activation.php
@@ -158,6 +158,7 @@ public static function enqueue_scripts() {
 				'invalid_email'    => __( 'Please enter a valid email address.', 'newspack-plugin' ),
 				'invalid_password' => __( 'Please enter a password.', 'newspack-plugin' ),
 				'blocked_popup'    => __( 'The popup has been blocked. Allow popups for the site and try again.', 'newspack-plugin' ),
+				'login_canceled'   => __( 'Login canceled.', 'newspack-plugin' ),
 			]
 		);
 		\wp_script_add_data( self::AUTH_SCRIPT_HANDLE, 'async', true );