Remove 401 flag block for API calls (#4342)

* Remove 401 block for API calls

* Add readme and changelog

* Remove flag reset code, constants

* Remove unused unit test function

Author: annemirasol

changelog.txt

@@ -2,6 +2,7 @@
 
 = 9.5.2 - xxxx-xx-xx =
 * Add - Implement custom database cache for persistent caching with in-memory optimization.
+* Update - Remove feature that flags 401s and proactively blocks subsequent API calls until the store has reauthenticated.
 * Fix - Disable payment settings sync when we receive unsupported payment method configurations.
 
 = 9.5.1 - 2025-05-17 =

includes/class-wc-stripe-api.php

@@ -16,20 +16,6 @@ class WC_Stripe_API {
 	const ENDPOINT           = 'https://api.stripe.com/v1/';
 	const STRIPE_API_VERSION = '2024-06-20';
 
-	/**
-	 * The test mode invalid API keys option key.
-	 *
-	 * @var string
-	 */
-	const TEST_MODE_INVALID_API_KEYS_OPTION_KEY = 'wc_stripe_test_invalid_api_keys_detected';
-
-	/**
-	 * The live mode invalid API keys option key.
-	 *
-	 * @var string
-	 */
-	const LIVE_MODE_INVALID_API_KEYS_OPTION_KEY = 'wc_stripe_live_invalid_api_keys_detected';
-
 	/**
 	 * Secret API Key.
 	 *
@@ -245,13 +231,6 @@ public static function request( $request, $api = 'charges', $method = 'POST', $w
 	 * @param string $api
 	 */
 	public static function retrieve( $api ) {
-		// If we have an option flag indicating that the secret key is not valid, we don't attempt the API call and we return an error.
-		$invalid_api_keys_option_key = WC_Stripe_Mode::is_test() ? self::TEST_MODE_INVALID_API_KEYS_OPTION_KEY : self::LIVE_MODE_INVALID_API_KEYS_OPTION_KEY;
-		$invalid_api_keys_detected   = get_option( $invalid_api_keys_option_key );
-		if ( $invalid_api_keys_detected ) {
-			return null; // The UI expects this empty response in case of invalid API keys.
-		}
-
 		WC_Stripe_Logger::log( "{$api}" );
 
 		$response = wp_safe_remote_get(
@@ -265,13 +244,6 @@ public static function retrieve( $api ) {
 
 		// If we get a 401 error, we know the secret key is not valid.
 		if ( is_array( $response ) && isset( $response['response'] ) && is_array( $response['response'] ) && isset( $response['response']['code'] ) && 401 === $response['response']['code'] ) {
-			// We save a flag in the options to avoid making calls until the secret key gets updated.
-			update_option( $invalid_api_keys_option_key, true );
-			update_option( $invalid_api_keys_option_key . '_at', time() );
-
-			// We delete the transient for the account data to trigger the not-connected UI in the admin dashboard.
-			delete_transient( WC_Stripe_Mode::is_test() ? WC_Stripe_Account::TEST_ACCOUNT_OPTION : WC_Stripe_Account::LIVE_ACCOUNT_OPTION );
-
 			// Stripe redacts API keys in the response.
 			WC_Stripe_Logger::log( "Error: GET {$api} returned a 401 " . print_r( $response, true ) );
 

includes/connect/class-wc-stripe-connect.php

@@ -183,11 +183,6 @@ private function save_stripe_keys( $result, $type = 'connect', $mode = 'live' )
 			update_option( 'wc_stripe_' . $prefix . 'oauth_failed_attempts', 0 );
 			update_option( 'wc_stripe_' . $prefix . 'oauth_last_failed_at', '' );
 
-			// Clear the invalid API keys transient.
-			$invalid_api_keys_option_key = $is_test ? WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY : WC_Stripe_API::LIVE_MODE_INVALID_API_KEYS_OPTION_KEY;
-			update_option( $invalid_api_keys_option_key, false );
-			update_option( $invalid_api_keys_option_key . '_at', time() );
-
 			if ( 'app' === $type ) {
 				// Stripe App OAuth access_tokens expire after 1 hour:
 				// https://docs.stripe.com/stripe-apps/api-authentication/oauth#refresh-access-token

readme.txt

@@ -112,6 +112,7 @@ If you get stuck, you can ask for help in the [Plugin Forum](https://wordpress.o
 
 = 9.5.2 - xxxx-xx-xx =
 * Add - Implement custom database cache for persistent caching with in-memory optimization.
+* Update - Remove feature that flags 401s and proactively blocks subsequent API calls until the store has reauthenticated.
 * Fix - Disable payment settings sync when we receive unsupported payment method configurations.
 
 [See changelog for full details across versions](https://raw.githubusercontent.com/woocommerce/woocommerce-gateway-stripe/trunk/changelog.txt).

tests/phpunit/test-class-wc-stripe-api.php

@@ -95,51 +95,10 @@ public function test_set_secret_key_for_mode_with_parameter() {
 		$this->assertEquals( self::LIVE_SECRET_KEY, WC_Stripe_API::get_secret_key() );
 	}
 
-	/**
-	 * Test WC_Stripe_API::retrieve() when API returns 401 error.
-	 */
-	public function test_retrieve_handles_401_error() {
-		// Mock a 401 API response
-		add_filter( 'pre_http_request', [ $this, 'mock_401_response' ] );
-
-		// Call the retrieve method
-		$result = WC_Stripe_API::retrieve( 'test_endpoint' );
-
-		// Verify the result is null
-		$this->assertNull( $result );
-
-		// Verify the invalid API keys option was set
-		$this->assertTrue( get_option( WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY ) );
-
-		// Clean up
-		remove_filter( 'pre_http_request', [ $this, 'mock_401_response' ] );
-		delete_option( WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY );
-	}
-
-	/**
-	 * Test WC_Stripe_API::retrieve() when API keys are invalid.
-	 */
-	public function test_retrieve_returns_null_when_api_keys_are_invalid() {
-		// Set up the invalid API keys option
-		update_option( WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY, true );
-
-		// Call the retrieve method
-		$result = WC_Stripe_API::retrieve( 'test_endpoint' );
-
-		// Verify the result is null
-		$this->assertNull( $result );
-
-		// Clean up
-		delete_option( WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY );
-	}
-
 	/**
 	 * Test WC_Stripe_API::retrieve() when API keys are valid.
 	 */
 	public function test_retrieve_makes_api_call_when_api_keys_are_valid() {
-		// Ensure no invalid API keys option exists
-		delete_option( WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_OPTION_KEY );
-
 		// Mock a successful API response
 		add_filter( 'pre_http_request', [ $this, 'mock_successful_response' ] );
 
@@ -159,23 +118,10 @@ public function test_retrieve_makes_api_call_when_api_keys_are_valid() {
 	public function mock_successful_response() {
 		return [
 			'response' => [
-				'code' => 200,
+				'code'    => 200,
 				'message' => 'OK',
 			],
-			'body' => json_encode( 'success' ),
-		];
-	}
-
-	/**
-	 * Helper method to mock a 401 API response.
-	 */
-	public function mock_401_response() {
-		return [
-			'response' => [
-				'code' => 401,
-				'message' => 'Unauthorized',
-			],
-			'body' => '',
+			'body'     => json_encode( 'success' ),
 		];
 	}
 }