Plugin management endpoints#9
Conversation
claudiulodro
added
the
[Status] Needs Review
| 'name' => __( 'AMP', 'newspack' ), | ||
| 'download' => 'wporg', | ||
| ], | ||
| ]; |
There was a problem hiding this comment.
What sort of information do we need available about the plugins? I've kicked it off with the following info for each plugin:
name - The plugin name.
download - 'wporg' or a URL to a zip file.
status - 'active', 'inactive', or 'uninstalled'
Any additional information we need? Instead of having this information hard-coded in the get_managed_plugins method, is there a better way of storing/retrieving the managed plugin info?
jeffersonrabb
left a comment
jeffersonrabb
left a comment
There was a problem hiding this comment.
Tests are failing with the following output:
1) Newspack_Test_Plugins_Controller::test_activate_deactivate_plugin_authorized
Failed asserting that 500 matches expected 200.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/api-plugins-controller.php:134
2) Newspack_Test_Plugins_Controller::test_install_uninstall_authorized
Failed asserting that 500 matches expected 200.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/api-plugins-controller.php:191
3) Newspack_Test_Plugin_Manager::test_activate_deactivate_wporg_uninstalled
Failed asserting that WP_Error Object &000000002e5748130000000060def72e (
'errors' => Array &0 (
'newspack_plugin_failed_install' => Array &1 (
0 => 'The authenticity of <span class="code">hello-dolly.1.6.zip</span> could not be verified as no signature was found.'
)
)
'error_data' => Array &2 ()
) is true.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/plugin-manager.php:88
4) Newspack_Test_Plugin_Manager::test_activate_deactivate_url_uninstalled
Failed asserting that WP_Error Object &000000002e57482a0000000060def72e (
'errors' => Array &0 (
'newspack_plugin_failed_install' => Array &1 (
0 => 'The authenticity of <span class="code">hello-dolly.1.6.zip</span> could not be verified as no signature was found.'
)
)
'error_data' => Array &2 ()
) is true.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/plugin-manager.php:104
5) Newspack_Test_Plugin_Manager::test_activate_deactivate_installed
Failed asserting that WP_Error Object &000000002e5748120000000060def72e (
'errors' => Array &0 (
'newspack_plugin_failed_install' => Array &1 (
0 => 'The authenticity of <span class="code">hello-dolly.1.6.zip</span> could not be verified as no signature was found.'
)
)
'error_data' => Array &2 ()
) is true.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/plugin-manager.php:134
6) Newspack_Test_Plugin_Manager::test_plugin_install_uninstall_wporg
Failed asserting that WP_Error Object &000000002e574b630000000060def72e (
'errors' => Array &0 (
'newspack_plugin_failed_install' => Array &1 (
0 => 'The authenticity of <span class="code">hello-dolly.1.6.zip</span> could not be verified as no signature was found.'
)
)
'error_data' => Array &2 ()
) is true.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/plugin-manager.php:163
7) Newspack_Test_Plugin_Manager::test_plugin_install_uninstall_url
Failed asserting that WP_Error Object &000000002e574a2f0000000060def72e (
'errors' => Array &0 (
'newspack_plugin_failed_install' => Array &1 (
0 => 'The authenticity of <span class="code">hello-dolly.1.6.zip</span> could not be verified as no signature was found.'
)
)
'error_data' => Array &2 ()
) is true.
/srv/www/wordpress-trunk/public_html/src/wp-content/plugins/newspack-plugin/tests/unit-tests/plugin-manager.php:178
FAILURES!
Tests: 21, Assertions: 50, Failures: 7.```
|
The previous errors seem to be caused by the wordpress.org repo not being ready for WP 5.2 yet. WP 5.2 adds file signature checking to prevent infrastructure attacks on wordpress.org, but it's not quite ready yet. When the signature files are added to wordpress.org, things should work correctly. In the meantime, I recommend WP 5.1 for testing this PR. |
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea and @georgestephanis for the plugin!). All the endpoints are currently failing with the following error: |
4 similar comments
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea and @georgestephanis for the plugin!). All the endpoints are currently failing with the following error: |
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea and @georgestephanis for the plugin!). All the endpoints are currently failing with the following error: |
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea and @georgestephanis for the plugin!). All the endpoints are currently failing with the following error: |
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea and @georgestephanis for the plugin!). All the endpoints are currently failing with the following error: |
|
I've been testing these endpoints via CURL, using this plugin to generate an access token (thank you @claudiulodro for the idea). All the endpoints are currently failing with the following error: |
|
After throwing in a quick fix for the above problem I'm seeing this error when hitting the uninstall endpoint (e.g. |
|
This may be a question for a future PR, but I'm curious if Newspack should keep a log of which plugins it has installed and uninstalled. Specifically I'm wondering about a situation where we take a plugin that Newspack typically manages (e.g. Jetpack) and in some flow we programmatically uninstall or deactivate it. If the customer had installed Jetpack on their own, either before or during the time they were using Newspack, it might be inappropriate for us to uninstall it. If we maintained a list of which plugins we had explicitly installed, it would be easier to assess whether we have the authority to uninstall. |
jeffersonrabb
left a comment
jeffersonrabb
left a comment
There was a problem hiding this comment.
Left a few comments about some errors and a couple of questions.
|
I've fixed the issues around functions not being defined. Those were happening because the API runs outside of the WP Admin context, so those files weren't getting included. Good catch! Thanks for the thorough testing.
I agree; this could definitely be a valid concern. I think we'll need to define our flows a little better to see if that's going to be an issue. I'm not sure what sort of flow would deactivate or uninstall a plugin (maybe if there is some sort of plugin incompatibility with a new plugin being activated?). Let's implement this feature in a separate PR when/if we need it. |
claudiulodro
added
[Status] Needs Review
|
Looks great! I only found one other weird case. VIA these endpoints if install a plugin, then activate, then uninstall (without deactivating first), I get this PHP Notice:
|
jeffersonrabb
added
[Status] Needs Changes or Feedback
|
The latest issue is a bug in Jetpack, and shouldn't be an issue with other plugins. I've submitted a patch at Automattic/jetpack#12056 |
jeffersonrabb
added
[Status] Approved
- Add isEligible guard on Reset: excluded for woocommerce-source emails and emails without a registry_slug (finding #1) - Capture previous status before optimistic update so rollback doesn't assume binary publish/draft (finding #2) - Drop view_category from enrichment response — dead data not consumed by the frontend (finding #3) - Add @todo NPPD-1532 comment on reset endpoint coupling (finding #4) - Add NPPD-1531 comment on optimistic update / store consolidation (#5) - Replace brittle PHPUnit count assertions with structural invariants: required keys, valid source/recipient, exclusive type keys, no duplicates, sort order (findings #6, #7, #8) - Add optimistic-rollback failure test and reset eligibility test (#9, #11) - Add 6th mockEmail fixture (WC draft) for cleaner activate test (#10) - Coerce pluginsReady with Boolean() to handle undefined (#12) - Use noticeText prop consistently on Notice (#13) - Fix preview placeholder to use neutral gray tokens (#14) - Trim EmailItem interface to consumed fields, add source (#15) - Add source-of-truth comment on category_order strings (#16) - Consolidate three duplicate TODO comments into one (#17) - Add NPPD-1525 ticket reference on EmailPreview TODO (#18) - Extract duplicated screen-reader h1 into PageHeading component (#19) - Add text-overflow ellipsis on trigger description column (#20) - Return localized string from recipient getValue for search (#21) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2 participants
All Submissions:
Changes proposed in this Pull Request:
Closes #4.
This PR adds the following REST API endpoints for users with the correct capabilities:
newspack/v1/pluginsnewspack/v1/plugins/{some-plugin}newspack/v1/plugins/{some-plugin}/activatenewspack/v1/plugins/{some-plugin}/deactivatenewspack/v1/plugins/{some-plugin}/installnewspack/v1/plugins/{some-plugin}/uninstallThe GET endpoints retrieve info about plugins and their installation status. The POST endpoints can be used to activate/deactivate/etc. a plugin. See the unit tests for usage.
I've also added a minimal way to get information about the managed plugins, since that was required for the GET endpoints. See my comment below, and please let me know if there's a better way you know (loading from a config file?).
How to test the changes in this Pull Request:
Sorry about the length of this PR; the way endpoints are registered and handled is very verbose in WP. Most of the relevant logic is in the
Plugins_Controller::{something}_itemmethods. It should all be straightforward and following the controller design pattern recommended for REST API endpoints.Other information: