missing_delegation_consent notice appears when accessing any tab #1646
Description
Since updating to Site Kit 1.9.0 a missing_delegation_consent notice appears in the dashboard when accessing any of the services, which all have connected status:
WordPress support topic: https://wordpress.org/support/topic/missing_delegation_consent/
Site Health
### wp-core ###
version: 5.4.1
site_language: nl_NL
user_language: nl_NL
permalink: /%postname%/
https_status: true
user_registration: 0
default_comment_status: closed
multisite: false
user_count: 1
dotorg_communication: true
### wp-paths-sizes ###
wordpress_path: /www
wordpress_size: 1,73 GB (1852872689 bytes)
uploads_path: /www/wp-content/uploads
uploads_size: 434,69 MB (455801632 bytes)
themes_path: /www/wp-content/themes
themes_size: 36,23 MB (37992823 bytes)
plugins_path: /www/wp-content/plugins
plugins_size: 135,12 MB (141682202 bytes)
database_size: 20,48 MB (21479424 bytes)
total_size: 2,34 GB (2509828770 bytes)
### wp-dropins (1) ###
advanced-cache.php: true
### wp-active-theme ###
name: Stockholm Studio (stockholm-studio)
version: 5.1.8.1570992005
author: Select Themes
author_website: http://demo.select-themes.com
parent_theme: Stockholm (stockholm)
theme_features: automatic-feed-links, post-formats, post-thumbnails, title-tag, editor-style, menus, StockholmQodeSidebar, widgets
theme_path: /www/wp-content/themes/stockholm-studio
### wp-parent-theme ###
name: Stockholm (stockholm)
version: 5.2.1
author: Select Themes
author_website: http://demo.select-themes.com
theme_path: /www/wp-content/themes/stockholm
### wp-themes-inactive (1) ###
Twenty Twenty: version: 1.3, author: het WordPress team
### wp-plugins-active (20) ###
Asset CleanUp: Page Speed Booster: version: 1.3.6.4, author: Gabriel Livan
Async JavaScript: version: 2.20.03.01, author: Frank Goossens (futtta)
Autoptimize: version: 2.7.2, author: Frank Goossens (futtta)
Cache Enabler: version: 1.3.5, author: KeyCDN
Duplicator: version: 1.3.34, author: Snap Creek
Flying Pages by WP Speed Matters: version: 2.4.1, author: Gijo Varghese
Health Check & Troubleshooting: version: 1.4.4, author: The WordPress.org community
Leverage Browser Caching: version: 1.9, author: Rinku Yadav
Mailster - Email Newsletter Plugin for WordPress: version: 2.4.10, author: EverPress
Post Hit Counter: version: 1.3.2, author: Hugh Lashbrooke
Redirection: version: 4.8, author: John Godley
ShortPixel Image Optimizer: version: 4.18.1, author: ShortPixel
Simple Custom Post Order: version: 2.5.0, author: Colorlib
Site Kit by Google: version: 1.9.0, author: Google
Slider Revolution: version: 6.1.5, author: ThemePunch
Stockholm Core: version: 1.2.1, author: Select Themes
UpdraftPlus - Backup/Restore: version: 1.16.25, author: UpdraftPlus.Com, DavidAnderson
WPBakery Page Builder: version: 6.1, author: Michael M - WPBakery.com (latest version: 6.2)
WP Retina 2x: version: 5.6.0, author: Jordy Meow
Yoast SEO Premium: version: 14.2, author: Team Yoast
### wp-plugins-inactive (5) ###
Analytify - Google Analytics Dashboard: version: 3.0.0, author: Analytify
Analytify Pro: version: 2.1.2, author: WPBrigade
Search Console: version: 2.0.7, author: Tropicalista
Site Health Tool Manager: version: 1.1, author: William Earnhardt
Yoast SEO: version: 14.2, author: Team Yoast
### wp-media ###
image_editor: WP_Image_Editor_GD
imagick_module_version: Not available
imagemagick_version: Not available
gd_version: bundled (2.1.0 compatible)
ghostscript_version: unknown
### wp-server ###
server_architecture: Linux 4.19.101-stretch980030 x86_64
httpd_software: Apache
php_version: 7.3.18 64bit
php_sapi: fpm-fcgi
max_input_variables: 5000
time_limit: 120
memory_limit: 256M
max_input_time: 60
upload_max_size: 128M
php_post_max_size: 128M
curl_version: 7.52.1 OpenSSL/1.0.2u
suhosin: false
imagick_availability: false
server-headers:
date: Mon, 08 Jun 2020 11:18:29 GMT
server: Apache
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
x-transip-backend: web565
x-transip-balancer: balancer0
htaccess_extra_rules: true
### wp-database ###
extension: mysqli
server_version: 10.1.44-MariaDB-1~stretch
client_version: mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $
### wp-constants ###
WP_HOME: https://www.jonnaklumpenaar.nl
WP_SITEURL: https://www.jonnaklumpenaar.nl
WP_CONTENT_DIR: /www/wp-content
WP_PLUGIN_DIR: /www/wp-content/plugins
WP_MAX_MEMORY_LIMIT: 256M
WP_DEBUG: false
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: false
SCRIPT_DEBUG: false
WP_CACHE: true
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_LOCAL_DEV: undefined
### wp-filesystem ###
wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
### google-site-kit ###
version: 1.9.0
php_version: 7.3.18
wp_version: 5.4.1
reference_url: https://www.jonnaklumpenaar.nl
amp_mode: no
site_status: connected-site
user_status: authenticated
active_modules: site-verification, search-console, analytics, pagespeed-insights
required_scopes:
openid: ✅
https://www.googleapis.com/auth/userinfo.profile: ✅
https://www.googleapis.com/auth/userinfo.email: ✅
https://www.googleapis.com/auth/siteverification: ✅
https://www.googleapis.com/auth/webmasters: ✅
https://www.googleapis.com/auth/analytics.readonly: ✅
search_console_property: https://www.jonnaklumpenaar.nl/
analytics_account_id: none
analytics_property_id: none
analytics_profile_id: none
analytics_use_snippet: yes
Additional Context
- Services have connected status
- Error appears for all connected services
Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
-
In the regular error handlers for setup errors, Site Kit should show meaningful messages for the following error codes, which will occur if the respective requirement to connect to Site Kit is no longer met (e.g. could be that the user got unverified by someone, or in the meantime revoked their delegation consent via proxy Permissions screen)
missing_verification:
Looks like the verification token for your site is missing. To fix this, redo the plugin setup.
"Redo the plugin setup" should link to the correct step in the setup flow.missing_delegation_consent:
Looks like your site is not allowed access to Google account data and can't display stats in the dashboard. To fix this, redo the plugin setup.
"Redo the plugin setup" should link to the correct step in the setup flow.missing_search_console_property:
Looks like there is no Search Console property for your site. To fix this, redo the plugin setup.
"Redo the plugin setup" should link to the correct step in the setup flow.
-
Anywhere (in refactored codebase only) an API request is issued, if an exception is thrown with one of the above three (this can happen when on-the-fly refreshing the access token fails), the same message from above should be displayed in the UI, alongside a similar link to the proxy setup which includes the returned
codefrom the error (used to identiify the failed attempt and land on the right step on the proxy).
Implementation Brief
- Modify
OAuth_Client::get_error_message()to include cases for the above three error codes, returning the message from the ACs. - Modify
Authentication::get_authentication_oauth_error_notice()to always callOAuth_Client::get_error_message(); the if-else condition for whether there is a proxy access code should only affect the second part displayed after the error message, which has the correct link (as it already currently is, if proxy code available, link directly to the proxy, otherwise link to splash screen). Adjust the wording to use the second sentence of the ACs ("To fix this, redo the plugin setup."). - Modify
Module::exception_to_error()to explicitly check for whether the exception is aGoogle_Proxy_Code_Exception. If so, callOAuth_Client::get_error_message()to get the correct message, then return aWP_Errorthat includes:- the original
missing_*string as error code - the error message returned as error message
- a 401
statusin error data - the correct proxy setup URL including the access code present in the exception as
reconnectURLin error data (seeAuthentication::get_authentication_oauth_error_notice()for how that is assembled)
- the original
- Modify the various
ErrorNoticecomponents in JS to check if the error includesdata.reconnectURL. If so, include "To fix this, redo the plugin setup." (from ACs) after the error where "redo the plugin setup" links to that URL.
QA Brief
- Set up Site Kit using the proxy as usual
- Connect a service like Analytics
- Open a new tab and navigate to the Site Kit dashboard
- Click on your user in the header and select "Manage Sites" from the dropdown to go to the permissions management screen on the proxy
- Click the button to "Remove access" for the site you are using
- Important: close the browser tab - do not click "Back" to go back to your site as this will trigger a disconnect
- Now we need to trigger the access token to be refreshed which happens automatically on-demand when it expires (after 1hr)
- To skip this 1hr wait time, we need to update the user meta for your user to tell Site Kit that the token should already be expired
- Run
wp user meta set <user> wp_googlesitekit_access_token_expires_in 1where<user>is your WP username, user ID or email
- Clear the session storage
- Reload the Site Kit dashboard
- See error notices with links to "redo the plugin setup"
Changelog entry
- Handle error conditions more gracefully when refreshing access token fails due to e.g. the user having revoked access previously, providing the user with a link to resolve the problem.