Merge pull request #136 from cmanon/feature/109-error-unauthorized

Feature/109 error unauthorized

readme.txt

@@ -4,7 +4,7 @@ Contributors: cmanon, jrfoell, lancewillett, dlintott, sebastianerb
 Tags: strava, activity, bicycle, cycling, biking, running, run, swimming, swim, paddle, kayak, gps, shortcode, widget, plugin, block, blocks
 Requires at least: 4.6
 Tested up to: 6.0
-Stable tag: 2.11.2
+Stable tag: 2.12.0
 Requires PHP: 5.3
 License: GPLv2 or later
 
@@ -134,13 +134,15 @@ On the WP-Strava settings page you cannot currently remove and add another athle
 
 == Changelog ==
 
-= 2.11.2 =
+= 2.12.0 =
 Update documentation around block embeds https://wordpress.org/support/topic/which-editor-to-use-2/
+Added debugging for API GET/POST to troubleshoot 401 errors https://wordpress.org/support/topic/wp-strava-error-401-unauthorized/
 
 
 = 2.11.1 =
 Add class selector to responsive tables https://wordpress.org/support/topic/shortcode-embed-responsive-table-styling-issues/
 
+
 = 2.11.0 =
 Add additional block transformations for "Activity" (from: Paragraph, Classic Shortcode; to: Paragraph)
 Add Mapbox Static Map support https://github.com/cmanon/wp-strava/issues/26

src/WPStrava.php

@@ -243,7 +243,7 @@ public function register_blocks() {
 		);
 
 		// automatically load dependencies and version
-		$asset_file = include WPSTRAVA_PLUGIN_DIR . 'build/index.asset.php';
+		$asset_file = require WPSTRAVA_PLUGIN_DIR . 'build/index.asset.php';
 
 		wp_register_script(
 			'wp-strava-block',

src/WPStrava/API.php

@@ -45,6 +45,21 @@ public function post( $uri, $data = null ) {
 
 		$response = wp_remote_post( $url . $uri, $args );
 
+		if ( WPSTRAVA_DEBUG ) {
+			// phpcs:disable WordPress.PHP.DevelopmentFunctions -- Debug output.
+			error_log(
+				print_r(
+					array(
+						'url'      => $url . $uri,
+						'args'     => $args,
+						'response' => $response,
+					),
+					true
+				)
+			);
+			// phpcs:enable
+		}
+
 		if ( is_wp_error( $response ) ) {
 			throw WPStrava_Exception::from_wp_error( $response );
 		}
@@ -136,6 +151,22 @@ private function remote_get( $uri, $args = null ) {
 		}
 
 		$response = wp_remote_get( $url, $get_args );
+
+		if ( WPSTRAVA_DEBUG ) {
+			// phpcs:disable WordPress.PHP.DevelopmentFunctions -- Debug output.
+			error_log(
+				print_r(
+					array(
+						'url'      => $url,
+						'args'     => $get_args,
+						'response' => $response,
+					),
+					true
+				)
+			);
+			// phpcs:enable
+		}
+
 		if ( is_wp_error( $response ) ) {
 			throw WPStrava_Exception::from_wp_error( $response );
 		}
@@ -146,11 +177,8 @@ private function remote_get( $uri, $args = null ) {
 			$auth  = WPStrava::get_instance()->auth;
 			if ( $auth instanceof WPStrava_AuthRefresh ) {
 				$auth->auth_refresh();
-				$access_token = $this->get_access_token();
-				if ( $access_token ) {
-					$get_args['headers']['Authorization'] = 'Bearer ' . $access_token;
-				}
-				return $this->remote_get( $uri, $get_args );
+				// Try again.
+				return $this->remote_get( $uri, $args );
 			}
 		}
 

src/WPStrava/Auth.php

@@ -47,7 +47,7 @@ public function maybe_oauth( $value ) {
 				'filter' => FILTER_SANITIZE_NUMBER_INT,
 				'flags'  => FILTER_REQUIRE_SCALAR,
 			),
-			'strava_client_secret' => FILTER_SANITIZE_STRING,
+			'strava_client_secret' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
 		);
 
 		$input = filter_input_array( INPUT_POST, $input_args );
@@ -57,7 +57,7 @@ public function maybe_oauth( $value ) {
 		}
 
 		// Redirect only if all the right options are in place.
-		if ( $settings->is_settings_updated( $value ) && $settings->is_option_page() ) {
+		if ( $settings->is_settings_updated( $value ) && $settings->is_options_page() ) {
 			// Only re-auth if client ID and secret were saved.
 			if ( ! empty( $input['strava_client_id'] ) && ! empty( $input['strava_client_secret'] ) ) {
 				wp_redirect( $this->get_authorize_url( $input['strava_client_id'] ) );
@@ -71,8 +71,8 @@ public function init() {
 		$settings = WPStrava::get_instance()->settings;
 
 		$input_args = array(
-			'settings-updated' => FILTER_SANITIZE_STRING,
-			'code'             => FILTER_SANITIZE_STRING,
+			'settings-updated' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
+			'code'             => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
 		);
 
 		$input = filter_input_array( INPUT_GET, $input_args );

src/WPStrava/Settings.php

@@ -12,7 +12,7 @@ class WPStrava_Settings {
 
 	private $ids            = array();
 	private $page_name      = 'wp-strava-options';
-	private $option_page    = 'wp-strava-settings-group';
+	private $option_group   = 'wp-strava-settings-group';
 	private $adding_athlete = true;
 
 	/**
@@ -58,21 +58,21 @@ public function register_strava_settings() {
 
 		$ids = $this->get_ids();
 		if ( $this->ids_empty( $ids ) ) {
-			register_setting( $this->option_page, 'strava_client_id', array( $this, 'sanitize_client_id' ) );
-			register_setting( $this->option_page, 'strava_client_secret', array( $this, 'sanitize_client_secret' ) );
-			register_setting( $this->option_page, 'strava_nickname', array( $this, 'sanitize_nickname' ) );
+			register_setting( $this->option_group, 'strava_client_id', array( $this, 'sanitize_client_id' ) );
+			register_setting( $this->option_group, 'strava_client_secret', array( $this, 'sanitize_client_secret' ) );
+			register_setting( $this->option_group, 'strava_nickname', array( $this, 'sanitize_nickname' ) );
 
 			add_settings_field( 'strava_client_id', __( 'Strava Client ID', 'wp-strava' ), array( $this, 'print_client_input' ), 'wp-strava', 'strava_api' );
 			add_settings_field( 'strava_client_secret', __( 'Strava Client Secret', 'wp-strava' ), array( $this, 'print_secret_input' ), 'wp-strava', 'strava_api' );
 			add_settings_field( 'strava_nickname', __( 'Strava Nickname', 'wp-strava' ), array( $this, 'print_nickname_input' ), 'wp-strava', 'strava_api' );
 		} else {
-			register_setting( $this->option_page, 'strava_id', array( $this, 'sanitize_id' ) );
+			register_setting( $this->option_group, 'strava_id', array( $this, 'sanitize_id' ) );
 			add_settings_field( 'strava_id', __( 'Saved ID', 'wp-strava' ), array( $this, 'print_id_input' ), 'wp-strava', 'strava_api' );
 
 			// Add additional fields
-			register_setting( $this->option_page, 'strava_client_id', array( $this, 'sanitize_client_id' ) );
-			register_setting( $this->option_page, 'strava_client_secret', array( $this, 'sanitize_client_secret' ) );
-			register_setting( $this->option_page, 'strava_nickname', array( $this, 'sanitize_nickname' ) );
+			register_setting( $this->option_group, 'strava_client_id', array( $this, 'sanitize_client_id' ) );
+			register_setting( $this->option_group, 'strava_client_secret', array( $this, 'sanitize_client_secret' ) );
+			register_setting( $this->option_group, 'strava_nickname', array( $this, 'sanitize_nickname' ) );
 
 			add_settings_field( 'strava_client_id', __( 'Additional Athlete Client ID', 'wp-strava' ), array( $this, 'print_client_input' ), 'wp-strava', 'strava_api' );
 			add_settings_field( 'strava_client_secret', __( 'Additional Athlete Client Secret', 'wp-strava' ), array( $this, 'print_secret_input' ), 'wp-strava', 'strava_api' );
@@ -82,38 +82,43 @@ public function register_strava_settings() {
 		// Google Maps API.
 		add_settings_section( 'strava_maps', __( 'Maps', 'wp-strava' ), null, 'wp-strava' );
 
-		register_setting( $this->option_page, 'strava_map_type', array( $this, 'sanitize_map_type' ) );
+		register_setting( $this->option_group, 'strava_map_type', array( $this, 'sanitize_map_type' ) );
 		add_settings_field( 'strava_map_type', __( 'Map Type', 'wp-strava' ), array( $this, 'print_map_type_input' ), 'wp-strava', 'strava_maps' );
 
-		register_setting( $this->option_page, 'strava_gmaps_key', array( $this, 'sanitize_gmaps_key' ) );
+		register_setting( $this->option_group, 'strava_gmaps_key', array( $this, 'sanitize_gmaps_key' ) );
 		add_settings_field( 'strava_gmaps_key', __( 'Google Static Maps API Key', 'wp-strava' ), array( $this, 'print_gmaps_key_input' ), 'wp-strava', 'strava_maps' );
 
-		register_setting( $this->option_page, 'strava_mapbox_token', array( $this, 'sanitize_mapbox_token' ) );
+		register_setting( $this->option_group, 'strava_mapbox_token', array( $this, 'sanitize_mapbox_token' ) );
 		add_settings_field( 'strava_mapbox_token', __( 'Mapbox Public Token', 'wp-strava' ), array( $this, 'print_mapbox_token_input' ), 'wp-strava', 'strava_maps' );
 
 		// System of Measurement.
-		register_setting( $this->option_page, 'strava_som', array( $this, 'sanitize_som' ) );
+		register_setting( $this->option_group, 'strava_som', array( $this, 'sanitize_som' ) );
 		add_settings_section( 'strava_options', __( 'Options', 'wp-strava' ), null, 'wp-strava' );
 		add_settings_field( 'strava_som', __( 'System of Measurement', 'wp-strava' ), array( $this, 'print_som_input' ), 'wp-strava', 'strava_options' );
 
 		// Hide Options.
-		register_setting( $this->option_page, 'strava_hide_time', array( $this, 'sanitize_hide_time' ) );
+		register_setting( $this->option_group, 'strava_hide_time', array( $this, 'sanitize_hide_time' ) );
 		add_settings_field( 'strava_hide_time', __( 'Time', 'wp-strava' ), array( $this, 'print_hide_time_input' ), 'wp-strava', 'strava_options' );
-		register_setting( $this->option_page, 'strava_hide_elevation', array( $this, 'sanitize_hide_elevation' ) );
+		register_setting( $this->option_group, 'strava_hide_elevation', array( $this, 'sanitize_hide_elevation' ) );
 		add_settings_field( 'strava_hide_elevation', __( 'Elevation', 'wp-strava' ), array( $this, 'print_hide_elevation_input' ), 'wp-strava', 'strava_options' );
 
 		// No Activity Links.
-		register_setting( $this->option_page, 'strava_no_link', array( $this, 'sanitize_no_link' ) );
+		register_setting( $this->option_group, 'strava_no_link', array( $this, 'sanitize_no_link' ) );
 		add_settings_field( 'strava_no_link', __( 'Links', 'wp-strava' ), array( $this, 'print_no_link_input' ), 'wp-strava', 'strava_options' );
 
 		// Cache lifetime.
-		register_setting( $this->option_page, 'strava_cache_time', array( $this, 'sanitize_cache_time' ) );
+		register_setting( $this->option_group, 'strava_cache_time', array( $this, 'sanitize_cache_time' ) );
 		add_settings_section( 'strava_cache', __( 'Cache', 'wp-strava' ), null, 'wp-strava' );
 		add_settings_field( 'strava_cache_time', __( 'Cache time', 'wp-strava' ), array( $this, 'print_cache_input' ), 'wp-strava', 'strava_cache' );
 
 		// Clear cache.
-		register_setting( $this->option_page, 'strava_cache_clear', array( $this, 'sanitize_cache_clear' ) );
+		register_setting( $this->option_group, 'strava_cache_clear', array( $this, 'sanitize_cache_clear' ) );
 		add_settings_field( 'strava_cache_clear', __( 'Clear cache', 'wp-strava' ), array( $this, 'print_clear_input' ), 'wp-strava', 'strava_cache' );
+
+		if ( WPSTRAVA_DEBUG ) {
+			add_settings_section( 'strava_debug', __( 'Debug', 'wp-strava' ), null, 'wp-strava' );
+			add_settings_field( 'strava_debug_info', __( 'Connection Info', 'wp-strava' ), array( $this, 'print_debug_info' ), 'wp-strava', 'strava_debug' );
+		}
 	}
 
 	/**
@@ -449,7 +454,8 @@ private function maybe_clean_info( $ids ) {
 		$infos = $this->info;
 
 		foreach ( $infos as $id => $info ) {
-			if ( ! in_array( $id, $ids ) ) { // phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict -- loose OK.
+			// phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict -- Loose comparison OK.
+			if ( ! in_array( $id, $ids ) ) {
 				$update = true;
 				unset( $infos[ $id ] );
 			}
@@ -677,6 +683,17 @@ public function print_cache_input() {
 		<?php
 	}
 
+	/**
+	 * Print stored connection info.
+	 *
+	 * @author Justin Foell <[email protected]>
+	 * @since  NEXT
+	 */
+	public function print_debug_info() {
+		// phpcs:ignore Squiz.PHP.EmbeddedPhp, WordPress.PHP.DevelopmentFunctions -- Formatting & debug OK.
+		?><textarea style="width: 100%;" rows="11" readonly="readonly"><?php var_export( get_option( 'strava_info' ) ); ?></textarea><?php
+	}
+
 	/**
 	 * Sanitize cache time input.
 	 *
@@ -868,14 +885,15 @@ public function is_settings_updated( $value ) {
 	}
 
 	/**
-	 * Whether or not we're on the options page.
+	 * Whether or not we're on the options.php page (saving options).
 	 *
 	 * @return boolean
 	 * @author Justin Foell <[email protected]>
 	 * @since  2.0.0
 	 */
-	public function is_option_page() {
-		return filter_input( INPUT_POST, 'option_page', FILTER_SANITIZE_STRING ) === $this->option_page;
+	public function is_options_page() {
+		$screen = get_current_screen();
+		return isset( $screen->id ) && 'options' === $screen->id;
 	}
 
 	/**
@@ -886,7 +904,7 @@ public function is_option_page() {
 	 * @since  2.0.0
 	 */
 	public function is_settings_page() {
-		return filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING ) === $this->page_name;
+		return filter_input( INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) === $this->page_name;
 	}
 
 	/**
@@ -908,7 +926,8 @@ public function get_page_name() {
 	 * @since  2.0.0
 	 */
 	private function is_adding_athlete() {
-		return filter_input( INPUT_POST, 'strava_client_id', FILTER_SANITIZE_NUMBER_INT ) && filter_input( INPUT_POST, 'strava_client_secret', FILTER_SANITIZE_STRING );
+		return filter_input( INPUT_POST, 'strava_client_id', FILTER_SANITIZE_NUMBER_INT ) &&
+			filter_input( INPUT_POST, 'strava_client_secret', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
 	}
 
 	/**

templates/admin-settings.php

@@ -3,7 +3,7 @@
 	<h2><?php esc_html_e( 'Strava Settings', 'wp-strava' ); ?></h2>
 
 	<form method="post" action="<?php echo esc_attr( admin_url( 'options.php' ) ); ?>">
-		<?php settings_fields( $this->option_page ); ?>
+		<?php settings_fields( $this->option_group ); ?>
 		<?php do_settings_sections( 'wp-strava' ); ?>
 
 		<p class="submit">

wp-strava.php

@@ -3,7 +3,7 @@
  * Plugin Name: WP Strava
  * Plugin URI: https://wordpress.org/plugins/wp-strava/
  * Description: Show your strava.com activity on your WordPress site. Some Icons are Copyright © Yusuke Kamiyamane. All rights reserved. Licensed under a Creative Commons Attribution 3.0 license.
- * Version: 2.11.1
+ * Version: 2.12.0
  * Author: Carlos Santa Cruz, Justin Foell, Lance Willett, Daniel Lintott, Sebastian Erb
  * License: GPL2
  * Text Domain: wp-strava
@@ -27,7 +27,8 @@
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-define( 'WPSTRAVA_PLUGIN_VERSION', '2.11.1' );
+
+define( 'WPSTRAVA_PLUGIN_VERSION', '2.12.0' );
 define( 'WPSTRAVA_PLUGIN_FILE', __FILE__ );
 define( 'WPSTRAVA_PLUGIN_DIR', trailingslashit( dirname( __FILE__ ) ) );
 define( 'WPSTRAVA_PLUGIN_URL', plugins_url( '/', __FILE__ ) );