From a986b603b52884e968c3ee92885c9a2c2ae8173d Mon Sep 17 00:00:00 2001 From: Tim Carr Date: Wed, 8 Apr 2026 15:21:19 +0800 Subject: [PATCH 1/2] Remove v3 API Secret on Plugin Update --- includes/class-convertkit-setup.php | 20 +++++++++++ .../general/other/UpgradePathsCest.php | 33 +++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/includes/class-convertkit-setup.php b/includes/class-convertkit-setup.php index 1730d0adc..14aef7262 100644 --- a/includes/class-convertkit-setup.php +++ b/includes/class-convertkit-setup.php @@ -60,6 +60,10 @@ public function update() { return; } + // Actions that should run regardless of the version number + // whenever the Plugin is updated. + $this->remove_v3_api_secret_from_settings(); + /** * 3.0.4: Add form_id to entries database table. */ @@ -156,6 +160,22 @@ public function update() { } + /** + * Remove v3 API Secret from settings. + * + * @since 3.2.4 + */ + private function remove_v3_api_secret_from_settings() { + + $settings = new ConvertKit_Settings(); + $settings->save( + array( + 'api_secret' => '', + ) + ); + + } + /** * Adds form_id column and key to form entries database table. * diff --git a/tests/EndToEnd/general/other/UpgradePathsCest.php b/tests/EndToEnd/general/other/UpgradePathsCest.php index 94d4f1c39..435e5572a 100644 --- a/tests/EndToEnd/general/other/UpgradePathsCest.php +++ b/tests/EndToEnd/general/other/UpgradePathsCest.php @@ -258,6 +258,39 @@ public function testUpdateFormEntriesTableAddsFormIDColumn(EndToEndTester $I) $I->seeColumnInDatabase('wp_kit_form_entries', 'form_id'); } + /** + * Tests that the v3 API Secret is removed from settings when upgrading to 3.2.4 or later. + * + * @since 3.2.4 + * + * @param EndToEndTester $I Tester. + */ + public function testV3APISecretRemovedFromSettings(EndToEndTester $I) + { + // Setup Plugin with v3 API Key and Secret. + $I->setupKitPlugin( + $I, + [ + 'api_key' => $_ENV['CONVERTKIT_API_KEY'], + 'api_secret' => $_ENV['CONVERTKIT_API_SECRET'], + 'post_form' => '', + 'page_form' => '', + 'product_form' => '', + ] + ); + + // Define an installation version older than 3.2.4. + $I->haveOptionInDatabase('convertkit_version', '3.2.0'); + + // Activate the Plugin. + $I->activateKitPlugin($I, false); + + // Confirm the settings no longer have a value for the v3 API Secret. + $settings = $I->grabOptionFromDatabase('_wp_convertkit_settings'); + $I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']); + $I->assertEquals($settings['api_secret'], ''); + } + /** * Deactivate and reset Plugin(s) after each test, if the test passes. * We don't use _after, as this would provide a screenshot of the Plugin From 74296b9e6424e158a9264656724fd3f0c0414d1a Mon Sep 17 00:00:00 2001 From: Tim Carr Date: Wed, 8 Apr 2026 17:55:37 +0800 Subject: [PATCH 2/2] Update logic and tests --- includes/class-convertkit-setup.php | 8 ++++---- tests/EndToEnd/general/other/UpgradePathsCest.php | 4 +--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/includes/class-convertkit-setup.php b/includes/class-convertkit-setup.php index 14aef7262..6cb68da5b 100644 --- a/includes/class-convertkit-setup.php +++ b/includes/class-convertkit-setup.php @@ -60,10 +60,6 @@ public function update() { return; } - // Actions that should run regardless of the version number - // whenever the Plugin is updated. - $this->remove_v3_api_secret_from_settings(); - /** * 3.0.4: Add form_id to entries database table. */ @@ -155,6 +151,10 @@ public function update() { $posts->schedule_cron_event(); } + // Actions that should run regardless of the version number + // whenever the Plugin is updated. + $this->remove_v3_api_secret_from_settings(); + // Update the installed version number in the options table. update_option( 'convertkit_version', CONVERTKIT_PLUGIN_VERSION ); diff --git a/tests/EndToEnd/general/other/UpgradePathsCest.php b/tests/EndToEnd/general/other/UpgradePathsCest.php index 435e5572a..65cabca4c 100644 --- a/tests/EndToEnd/general/other/UpgradePathsCest.php +++ b/tests/EndToEnd/general/other/UpgradePathsCest.php @@ -127,11 +127,9 @@ public function testGetAccessTokenByAPIKeyAndSecret(EndToEndTester $I) $I->assertArrayHasKey('refresh_token', $settings); $I->assertArrayHasKey('token_expires', $settings); - // Confirm the API Key and Secret are retained, in case we need them in the future. + // Confirm the API Key is retained, as it's needed for Legacy Forms. $I->assertArrayHasKey('api_key', $settings); - $I->assertArrayHasKey('api_secret', $settings); $I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']); - $I->assertEquals($settings['api_secret'], $_ENV['CONVERTKIT_API_SECRET']); // Go to the Plugin's Settings Screen. $I->loadKitSettingsGeneralScreen($I);