diff --git a/includes/class-convertkit-setup.php b/includes/class-convertkit-setup.php index 1730d0adc..6cb68da5b 100644 --- a/includes/class-convertkit-setup.php +++ b/includes/class-convertkit-setup.php @@ -151,11 +151,31 @@ public function update() { $posts->schedule_cron_event(); } + // Actions that should run regardless of the version number + // whenever the Plugin is updated. + $this->remove_v3_api_secret_from_settings(); + // Update the installed version number in the options table. update_option( 'convertkit_version', CONVERTKIT_PLUGIN_VERSION ); } + /** + * Remove v3 API Secret from settings. + * + * @since 3.2.4 + */ + private function remove_v3_api_secret_from_settings() { + + $settings = new ConvertKit_Settings(); + $settings->save( + array( + 'api_secret' => '', + ) + ); + + } + /** * Adds form_id column and key to form entries database table. * diff --git a/tests/EndToEnd/general/other/UpgradePathsCest.php b/tests/EndToEnd/general/other/UpgradePathsCest.php index 94d4f1c39..65cabca4c 100644 --- a/tests/EndToEnd/general/other/UpgradePathsCest.php +++ b/tests/EndToEnd/general/other/UpgradePathsCest.php @@ -127,11 +127,9 @@ public function testGetAccessTokenByAPIKeyAndSecret(EndToEndTester $I) $I->assertArrayHasKey('refresh_token', $settings); $I->assertArrayHasKey('token_expires', $settings); - // Confirm the API Key and Secret are retained, in case we need them in the future. + // Confirm the API Key is retained, as it's needed for Legacy Forms. $I->assertArrayHasKey('api_key', $settings); - $I->assertArrayHasKey('api_secret', $settings); $I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']); - $I->assertEquals($settings['api_secret'], $_ENV['CONVERTKIT_API_SECRET']); // Go to the Plugin's Settings Screen. $I->loadKitSettingsGeneralScreen($I); @@ -258,6 +256,39 @@ public function testUpdateFormEntriesTableAddsFormIDColumn(EndToEndTester $I) $I->seeColumnInDatabase('wp_kit_form_entries', 'form_id'); } + /** + * Tests that the v3 API Secret is removed from settings when upgrading to 3.2.4 or later. + * + * @since 3.2.4 + * + * @param EndToEndTester $I Tester. + */ + public function testV3APISecretRemovedFromSettings(EndToEndTester $I) + { + // Setup Plugin with v3 API Key and Secret. + $I->setupKitPlugin( + $I, + [ + 'api_key' => $_ENV['CONVERTKIT_API_KEY'], + 'api_secret' => $_ENV['CONVERTKIT_API_SECRET'], + 'post_form' => '', + 'page_form' => '', + 'product_form' => '', + ] + ); + + // Define an installation version older than 3.2.4. + $I->haveOptionInDatabase('convertkit_version', '3.2.0'); + + // Activate the Plugin. + $I->activateKitPlugin($I, false); + + // Confirm the settings no longer have a value for the v3 API Secret. + $settings = $I->grabOptionFromDatabase('_wp_convertkit_settings'); + $I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']); + $I->assertEquals($settings['api_secret'], ''); + } + /** * Deactivate and reset Plugin(s) after each test, if the test passes. * We don't use _after, as this would provide a screenshot of the Plugin