Separate GA/SC scopes (#2372)

* Use separate scopes for GA/SC integrations

* Update tests with google scope expectations
This commit is contained in:
Adam Rutkowski 2022-10-25 13:17:17 +02:00 committed by GitHub
parent d29597ed37
commit 8e75f2fc07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 19 deletions

View File

@ -5,28 +5,21 @@ defmodule Plausible.Google.Api do
@type google_analytics_view() :: {view_name :: String.t(), view_id :: String.t()}
@scope URI.encode_www_form(
"https://www.googleapis.com/auth/webmasters.readonly email https://www.googleapis.com/auth/analytics.readonly"
)
@search_console_scope URI.encode_www_form(
"email https://www.googleapis.com/auth/webmasters.readonly"
)
@import_scope URI.encode_www_form("email https://www.googleapis.com/auth/analytics.readonly")
@verified_permission_levels ["siteOwner", "siteFullUser", "siteRestrictedUser"]
def authorize_url(site_id, redirect_to) do
if Application.get_env(:plausible, :environment) == "test" do
""
else
"https://accounts.google.com/o/oauth2/v2/auth?client_id=#{client_id()}&redirect_uri=#{redirect_uri()}&prompt=consent&response_type=code&access_type=offline&scope=#{@scope}&state=" <>
Jason.encode!([site_id, redirect_to])
end
def search_console_authorize_url(site_id, redirect_to) do
"https://accounts.google.com/o/oauth2/v2/auth?client_id=#{client_id()}&redirect_uri=#{redirect_uri()}&prompt=consent&response_type=code&access_type=offline&scope=#{@search_console_scope}&state=" <>
Jason.encode!([site_id, redirect_to])
end
def import_authorize_url(site_id, redirect_to) do
if Application.get_env(:plausible, :environment) == "test" do
""
else
"https://accounts.google.com/o/oauth2/v2/auth?client_id=#{client_id()}&redirect_uri=#{redirect_uri()}&prompt=consent&response_type=code&access_type=offline&scope=#{@import_scope}&state=" <>
Jason.encode!([site_id, redirect_to])
end
"https://accounts.google.com/o/oauth2/v2/auth?client_id=#{client_id()}&redirect_uri=#{redirect_uri()}&prompt=consent&response_type=code&access_type=offline&scope=#{@import_scope}&state=" <>
Jason.encode!([site_id, redirect_to])
end
def fetch_verified_properties(auth) do

View File

@ -96,7 +96,7 @@
<div class="text-sm mt-2 text-gray-900 dark:text-gray-100">Your latest import has failed. You can try importing again by clicking the button below. If you try multiple times and the import keeps failing, please contact support.</div>
<% end %>
<div class="flex mt-2">
<%= button(to: Plausible.Google.Api.authorize_url(@site.id, "import"), class: "inline-flex pr-4 items-center border border-gray-100 shadow rounded-md focus:outline-none focus:ring-1 focus:ring-offset-1 focus:ring-gray-200 mt-8 hover:bg-gray-50 dark:hover:bg-gray-700") do %>
<%= button(to: Plausible.Google.Api.import_authorize_url(@site.id, "import"), class: "inline-flex pr-4 items-center border border-gray-100 shadow rounded-md focus:outline-none focus:ring-1 focus:ring-offset-1 focus:ring-gray-200 mt-8 hover:bg-gray-50 dark:hover:bg-gray-700") do %>
<%= google_logo() %>
<span style="font-family: Roboto, system-ui" class="text-sm font-medium text-gray-600 dark:text-gray-50">Continue with Google<span>
<% end %>

View File

@ -57,7 +57,7 @@
<% end %>
<% end %>
<% else %>
<%= button("Continue with Google", to: Plausible.Google.Api.authorize_url(@site.id, "search-console"), class: "button mt-8") %>
<%= button("Continue with Google", to: Plausible.Google.Api.search_console_authorize_url(@site.id, "search-console"), class: "button mt-8") %>
<div class="text-gray-700 dark:text-gray-300 mt-8">
NB: You also need to set up your site on <%= link("Google Search Console", to: "https://search.google.com/search-console/about") %> for the integration to work. <%= link("Read the docs", to: "https://plausible.io/docs/google-search-console-integration", class: "text-indigo-500", rel: "noreferrer") %>

View File

@ -281,10 +281,17 @@ defmodule PlausibleWeb.SiteControllerTest do
describe "GET /:website/settings/general" do
setup [:create_user, :log_in, :create_site]
setup_patch_env(:google, client_id: "some", api_url: "https://www.googleapis.com")
test "shows settings form", %{conn: conn, site: site} do
conn = get(conn, "/#{site.domain}/settings/general")
resp = html_response(conn, 200)
assert html_response(conn, 200) =~ "General information"
assert resp =~ "General information"
assert resp =~ "Data Import from Google Analytics"
assert resp =~ "https://accounts.google.com/o/oauth2/v2/auth?"
assert resp =~ "analytics.readonly"
refute resp =~ "webmasters.readonly"
end
end
@ -409,6 +416,17 @@ defmodule PlausibleWeb.SiteControllerTest do
context
end
test "displays Continue with Google link", %{conn: conn, user: user} do
site = insert(:site, domain: "notconnectedyet.example.com", members: [user])
conn = get(conn, "/#{site.domain}/settings/search-console")
resp = html_response(conn, 200)
assert resp =~ "Continue with Google"
assert resp =~ "https://accounts.google.com/o/oauth2/v2/auth?"
assert resp =~ "webmasters.readonly"
refute resp =~ "analytics.readonly"
end
test "displays appropriate error in case of google account `google_auth_error`", %{
conn: conn,
site: site