Skip to content

Remove v3 API Secret on Plugin Update #1065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
n7studios wants to merge 2 commits into
base: main
Choose a base branch
from
+54 −3
Open

Remove v3 API Secret on Plugin Update #1065

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a986b60
Remove v3 API Secret on Plugin Update
n7studios Apr 8, 2026
74296b9
Update logic and tests
n7studios Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions includes/class-convertkit-setup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,11 +151,31 @@ public function update() {
$posts->schedule_cron_event();
}

// Actions that should run regardless of the version number
// whenever the Plugin is updated.
$this->remove_v3_api_secret_from_settings();

// Update the installed version number in the options table.
update_option( 'convertkit_version', CONVERTKIT_PLUGIN_VERSION );

}

/**
* Remove v3 API Secret from settings.
*
* @since 3.2.4
*/
private function remove_v3_api_secret_from_settings() {

$settings = new ConvertKit_Settings();
$settings->save(
array(
'api_secret' => '',
)
);

}

/**
* Adds form_id column and key to form entries database table.
*
Expand Down
37 changes: 34 additions & 3 deletions tests/EndToEnd/general/other/UpgradePathsCest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,9 @@ public function testGetAccessTokenByAPIKeyAndSecret(EndToEndTester $I)
$I->assertArrayHasKey('refresh_token', $settings);
$I->assertArrayHasKey('token_expires', $settings);

// Confirm the API Key and Secret are retained, in case we need them in the future.
// Confirm the API Key is retained, as it's needed for Legacy Forms.
$I->assertArrayHasKey('api_key', $settings);
$I->assertArrayHasKey('api_secret', $settings);
$I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']);
$I->assertEquals($settings['api_secret'], $_ENV['CONVERTKIT_API_SECRET']);

// Go to the Plugin's Settings Screen.
$I->loadKitSettingsGeneralScreen($I);
Expand Down Expand Up @@ -258,6 +256,39 @@ public function testUpdateFormEntriesTableAddsFormIDColumn(EndToEndTester $I)
$I->seeColumnInDatabase('wp_kit_form_entries', 'form_id');
}

/**
* Tests that the v3 API Secret is removed from settings when upgrading to 3.2.4 or later.
*
* @since 3.2.4
*
* @param EndToEndTester $I Tester.
*/
public function testV3APISecretRemovedFromSettings(EndToEndTester $I)
{
// Setup Plugin with v3 API Key and Secret.
$I->setupKitPlugin(
$I,
[
'api_key' => $_ENV['CONVERTKIT_API_KEY'],
'api_secret' => $_ENV['CONVERTKIT_API_SECRET'],
'post_form' => '',
'page_form' => '',
'product_form' => '',
]
);

// Define an installation version older than 3.2.4.
$I->haveOptionInDatabase('convertkit_version', '3.2.0');

// Activate the Plugin.
$I->activateKitPlugin($I, false);

// Confirm the settings no longer have a value for the v3 API Secret.
$settings = $I->grabOptionFromDatabase('_wp_convertkit_settings');
$I->assertEquals($settings['api_key'], $_ENV['CONVERTKIT_API_KEY']);
$I->assertEquals($settings['api_secret'], '');
}

/**
* Deactivate and reset Plugin(s) after each test, if the test passes.
* We don't use _after, as this would provide a screenshot of the Plugin
Expand Down
Loading