Fix problems with expired auth_token

Author: stracker-phil

assets/css/wpcable.css

@@ -43,6 +43,14 @@ img.round {
 	font-size: 12px;
 }
 
+.button.danger:before {
+	font-family: dashicons;
+	content: '\f534 ';
+	font-size: 20px;
+	float: left;
+	margin-right: 6px;
+}
+
 /**************/
 /* Main boxes */
 /**************/
@@ -65,7 +73,6 @@ img.round {
 	z-index: -1;
 	bottom: 0;
 	content: "";
-	/*box-shadow: 0 8px 30px rgba(0,0,0,.3)*/
 }
 
 .whitebox {
@@ -302,16 +309,6 @@ img.round {
 	.date-filters .section {
 		flex-basis: 23%;
 	}
-
-	.date-filters label,
-	.date-filters input[type="text"] {
-
-	}
-
-	.date-filters button {
-
-	}
-
 }
 
 .compareto {

classes/api_calls.php

@@ -255,6 +255,15 @@ private function get_curl( $url, $args = [], $method = 'post', $headers = '' ) {
 			);
 		}
 
+		if ( is_array( $res ) && ! empty( $res['errors'] ) ) {
+			if ( false !== array_search( 'Invalid login credentials', $res['errors'], true ) ) {
+				// The auth_token expired or login failed: Clear the token!
+				// Next time the user visits the settings page, they need to login again.
+				codeable_api_logout();
+				return false;
+			}
+		}
+
 		return $res;
 	}
 

functions/admin-settings.php

@@ -41,13 +41,22 @@ function wpcable_options() {
  * @return void
  */
 function codeable_load_settings_page() {
-	$nonce = false;
+	$nonce  = false;
+	$action = false;
 
-	if ( ! empty( $_REQUEST['_wpnonce'] ) ) {
-		$nonce = wp_unslash( $_REQUEST['_wpnonce'] );
+	if ( empty( $_REQUEST['_wpnonce'] ) ) {
+		return;
 	}
+	if ( empty( $_REQUEST['action'] ) ) {
+		return;
+	}
+
+	$nonce  = wp_unslash( $_REQUEST['_wpnonce'] );
+	$action = wp_unslash( $_REQUEST['action'] );
 
-	if ( $nonce && wp_verify_nonce( $nonce, 'logout' ) ) {
+	if ( 'logout' === $action && wp_verify_nonce( $nonce, $action ) ) {
+		codeable_api_logout();
+	} elseif ( 'flush_data' === $action && wp_verify_nonce( $nonce, $action ) ) {
 		codeable_flush_all_data();
 	}
 }
@@ -111,16 +120,21 @@ function codeable_settings_callback() {
 		add_query_arg( 'action', 'logout' ),
 		'logout'
 	);
-	$logout_warning = __( 'When logging out, all your data (including task notes or color flags) is deleted from the DB. This cannot be undone.\n\nDo you want to clear your data and log out?', 'wpcable' );
+
+	$flush_data_url = wp_nonce_url(
+		add_query_arg( 'action', 'flush_data' ),
+		'flush_data'
+	);
+
+	$flush_data_warning = __( 'All your data is deleted from the DB, including your private task notes or color flags. This cannot be undone.\n\nDo you want to clear your data and log out?', 'wpcable' );
+
+	// Hacky way to save settings without a second redirect...
+	$_SERVER['REQUEST_URI'] = remove_query_arg( [ 'action', '_wpnonce', 'success', 'error' ] );
+
 	?>
 	<div class="wrap wpcable_wrap">
 		<form method="post" action="options.php">
-			<?php settings_fields( 'wpcable_group', '_wpnonce', false ); ?>
-			<input
-				type="hidden"
-				name="_wp_http_referer"
-				value="<?php echo remove_query_arg( ['success', 'error' ] ); ?>"
-			/>
+			<?php settings_fields( 'wpcable_group' ); ?>
 			<?php do_settings_sections( 'wpcable_group' ); ?>
 
 			<h2><?php esc_html_e( 'Task list', 'wpcable' ); ?></h2>
@@ -237,9 +251,11 @@ function codeable_settings_callback() {
 									'<b>' . $wpcable_email . '</b>'
 								);
 								?>
+								<input type="hidden" name="wpcable_email" value="<?php echo esc_attr( $wpcable_email ); ?>" />
 							</p>
 							<p>
-								<a href="<?php echo esc_url( $logout_url ); ?>" class="button" onclick="return confirm('<?php echo esc_attr( $logout_warning ); ?>')"><?php esc_html_e( 'Log out and clear all data', 'wpcable' ); ?></a>
+								<a href="<?php echo esc_url( $logout_url ); ?>" class="button" ><?php esc_html_e( 'Log out', 'wpcable' ); ?></a>
+								<a href="<?php echo esc_url( $flush_data_url ); ?>" class="button danger" onclick="return confirm('<?php echo esc_attr( $flush_data_warning ); ?>')"><?php esc_html_e( 'Clear all data', 'wpcable' ); ?></a>
 							</p>
 						</td>
 					</tr>

functions/helpers.php

@@ -211,6 +211,20 @@ function codeable_page_requires_login( $page_title ) {
 	exit;
 }
 
+/**
+ * Simply expires the current auth_token, so the API sync does not work anymore.
+ * The user will see the login form again when he visits the settings page the next
+ * time.
+ *
+ * @return void
+ */
+function codeable_api_logout() {
+	delete_option( 'wpcable_auth_token' );
+
+	// Flush object cache.
+	wpcable_cache::flush();
+}
+
 /**
  * Flushes all locally stored data and forgets the authentication token.
  *
@@ -250,14 +264,18 @@ function codeable_flush_all_data() {
 		}
 	}
 
-	delete_option( 'wpcable_auth_token' );
+	// Flush object cache.
+	wpcable_cache::flush();
+
 	delete_option( 'wpcable_email' );
 	delete_option( 'wpcable_average' );
 	delete_option( 'wpcable_balance' );
 	delete_option( 'wpcable_revenue' );
 	delete_option( 'wpcable_last_fetch' );
 	delete_option( 'wpcable_account_details' );
 
+	codeable_api_logout();
+
 	$redirect_to = codeable_add_message_param(
 		'success',
 		sprintf(
@@ -267,9 +285,6 @@ function codeable_flush_all_data() {
 		$redirect_to
 	);
 
-	// Flush object cache.
-	wpcable_cache::flush();
-
 	wp_safe_redirect( $redirect_to );
 	exit;
 }
@@ -339,6 +354,12 @@ function codeable_last_fetch_info() {
  * @return bool
  */
 function codeable_api_logged_in() {
+	$token = get_option( 'wpcable_auth_token', false );
+
+	if ( ! $token ) {
+		return false;
+	}
+
 	$api = wpcable_api_calls::inst();
 
 	return $api->auth_token_known();