FBE: Use of recommended delete connection endpoint over delete permis…

…sion endpoint (#2844)

Summary:

**Problem:**

1. The Delete Permission User API only removed Meta connection assets from the WooCommerce database, leaving asset-related data enabled on Meta surfaces.
2. If a user disconnected the connection before uninstalling assets from Meta surfaces using Managed Connection; the UI for Managed Connection was also removed, making it difficult for users to uninstall this feature from Meta surface.

**Solution:**

1. Replaced the Delete Permission User API with the recommended Delete FBE Connection endpoint, which uninstalls assets from Meta surfaces and removes their permissions.
2. Removed the Managed Connection UI button for uninstalling FBE from Meta surfaces, as the Delete Connection endpoint now handles this functionality.

**Before:**

<img width="784" alt="image" src="https://github.com/user-attachments/assets/76bf6364-2af8-4657-a043-8e79aaff99c6">

**After:**

<img width="803" alt="image" src="https://github.com/user-attachments/assets/45e7ebc8-4a74-4589-a9e3-0e4fff1f4f20">

![Screenshot 2025-02-04 at 15 29 54](https://github.com/user-attachments/assets/77e02cba-ca89-42f9-a016-85c50e4b02fc)

<img width="797" alt="image" src="https://github.com/user-attachments/assets/f4d215b0-0959-4ee8-8347-16c64afe3460">

1. Run new tests: `./vendor/bin/phpunit --filter test_delete_mbe_connection_deletes_user_permission_request`
2. Run all tests : `npm run test:php`
3. Lint: `./vendor/bin/phpcs`
4. Manual testing: I have tested new Disconnect UI flow; it uninstall FBE connection from WooCommerce as well as from Meta surface

- **Removed:** Delete Permission User API

- **Added:** Delete FBE Connection endpoint to uninstall assets from Meta surfaces and remove permissions

- **Removed:** Managed Connection UI button for uninstalling FBE from Meta surfaces (now handled by Delete Connection endpoint)

Pull Request resolved: #2844

Reviewed By: halilozanakgul

Differential Revision: D68972713

Pulled By: atuld123

fbshipit-source-id: b19ee8351b4852c69192449f9af2644960a55307

parent 4be2987
author github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 1738833933 +0000
committer Vahid Kaykhaei <vahidkay@meta.com> 1739267285 +0100

Start `release/3.3.3`.

Start `release/3.3.1`.

Updated the plugin version to 3.3.3

Updated the stable tag to 3.3.3

Fixed the version nr in fb-for-woo.php

Fixed a review comment

.github/workflows/php-unit-tests.yml

@@ -23,7 +23,7 @@ concurrency:
 
 jobs:
   UnitTests:
-    name: PHP unit tests - PHP ${{ matrix.php }}, WP ${{ matrix.wp-version }}
+    name: PHP unit tests - PHP ${{ matrix.php }}, WP ${{ matrix.wp-version }}, WC ${{ matrix.wc-version }}
     runs-on: ubuntu-latest
     env:
       WP_CORE_DIR: "/tmp/wordpress/src"
@@ -32,6 +32,7 @@ jobs:
       matrix:
         php: [7.4, 8.3]
         wp-version: [latest]
+        wc-version: [latest]
 
     steps:
       - name: Install SVN
@@ -49,7 +50,9 @@ jobs:
         uses: woocommerce/grow/prepare-mysql@actions-v1
 
       - name: Install WP tests
-        run: ./bin/install-wp-tests.sh wordpress_test root root localhost ${{ matrix.wp-version }}
+        run: |
+          chmod +x ./bin/install-wp-tests.sh
+          ./bin/install-wp-tests.sh wordpress_test root root localhost ${{ matrix.wp-version }} ${{ matrix.wc-version }}
 
       - name: Run PHP unit tests
         run: composer test-unit

changelog.txt

@@ -1,5 +1,9 @@
 *** Facebook for WooCommerce Changelog ***
 
+= 3.3.3 - 2025-02-06 = 
+* Fix - Use of recommended delete connection endpoint over delete permission endpoint by atuld123 in #2844
+* Add - Expose Brand & MPN to Woocommerce UI by @devbodaghe in #2842
+
 = 3.3.2 - 2025-01-21 =
 * Fix - a bug that arose from reliance on the plugin version compatibility tag by @vinkmeta in #2856
 * Fix - Update catalog link in connections tab to point to Catalog by @devbodaghe in #2848

facebook-for-woocommerce.php

@@ -11,7 +11,7 @@
  * Description: Grow your business on Facebook! Use this official plugin to help sell more of your products using Facebook. After completing the setup, you'll be ready to create ads that promote your products and you can also create a shop section on your Page where customers can browse your products on Facebook.
  * Author: Facebook
  * Author URI: https://www.facebook.com/
- * Version: 3.3.2
+ * Version: 3.3.3
  * Requires at least: 5.6
  * Requires PHP: 7.4
  * Text Domain: facebook-for-woocommerce
@@ -49,7 +49,7 @@ class WC_Facebook_Loader {
 	/**
 	 * @var string the plugin version. This must be in the main plugin file to be automatically bumped by Woorelease.
 	 */
-	const PLUGIN_VERSION = '3.3.2'; // WRCS: DEFINED_VERSION.
+	const PLUGIN_VERSION = '3.3.3'; // WRCS: DEFINED_VERSION.
 
 	// Minimum PHP version required by this plugin.
 	const MINIMUM_PHP_VERSION = '7.4.0';

includes/API.php

@@ -250,18 +250,17 @@ public function get_user( string $user_id = '' ): API\User\Response {
 
 
 	/**
-	 * Deletes user API permission.
+	 * Deletes FBE/MBE connection API.
 	 *
 	 * This is their form of "revoke".
 	 *
-	 * @param string $user_id user ID. Defaults to the currently authenticated user
-	 * @param string $permission permission to delete
-	 * @return API\Response|API\User\Permissions\Delete\Response
+	 * @param string $external_business_id external business ID
+	 * @return API\Response|API\FBE\Installation\Delete\Response
 	 * @throws ApiException
 	 */
-	public function delete_user_permission( string $user_id, string $permission ): API\User\Permissions\Delete\Response {
-		$request = new API\User\Permissions\Delete\Request( $user_id, $permission );
-		$this->set_response_handler( API\User\Permissions\Delete\Response::class );
+	public function delete_mbe_connection( string $external_business_id): API\FBE\Installation\Delete\Response {
+		$request = new API\FBE\Installation\Delete\Request( $external_business_id);
+		$this->set_response_handler( API\FBE\Installation\Delete\Response::class );
 		return $this->perform_request( $request );
 	}
 

includes/API/FBE/Installation/Delete/Request.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
+ *
+ * This source code is licensed under the license found in the
+ * LICENSE file in the root directory of this source tree.
+ *
+ * @package FacebookCommerce
+ */
+
+namespace WooCommerce\Facebook\API\FBE\Installation\Delete;
+
+defined( 'ABSPATH' ) || exit;
+
+use WooCommerce\Facebook\API\FBE\Installation;
+
+/**
+ * FBE installation API delete request object.
+ *
+ * @since 3.3.3
+ */
+class Request extends Installation\Request {
+	/**
+	 * API request constructor.
+	 *
+	 * @since 3.3.3
+	 *
+	 * @param string $external_business_id external business_id
+	 */
+	public function __construct( $external_business_id ) {
+		// include the business ID in the request body
+		parent::__construct( 'fbe_installs', 'DELETE' );
+		$this->data['fbe_external_business_id'] = $external_business_id;
+	}
+}

includes/API/FBE/Installation/Delete/Response.php

@@ -0,0 +1,13 @@
+<?php
+declare( strict_types=1 );
+
+namespace WooCommerce\Facebook\API\FBE\Installation\Delete;
+
+defined( 'ABSPATH' ) || exit;
+
+use WooCommerce\Facebook\API;
+
+/**
+ * FBE Installation API delete response object.
+ */
+class Response extends API\Response {}

includes/Admin/Settings_Screens/Connection.php

@@ -288,13 +288,14 @@ private function render_facebook_box( $is_connected ) {
 
 				<?php if ( $is_connected ) : ?>
 
-					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_manage_url() ); ?>" class="button button-primary">
-						<?php esc_html_e( 'Manage Connection', 'facebook-for-woocommerce' ); ?>
-					</a>
-
-					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_disconnect_url() ); ?>" class="uninstall">
+					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_disconnect_url() ); ?>" class="button button-primary uninstall" onclick="return confirmDialog();">
 						<?php esc_html_e( 'Disconnect', 'facebook-for-woocommerce' ); ?>
 					</a>
+					<script>
+						function confirmDialog() {
+							return confirm( 'Are you sure you want to disconnect from Facebook?' );
+						}
+					</script>
 
 				<?php else : ?>
 

includes/Handlers/Connection.php

@@ -381,13 +381,22 @@ public function handle_disconnect() {
 			wp_die( esc_html__( 'You do not have permission to uninstall Facebook Business Extension.', 'facebook-for-woocommerce' ) );
 		}
 		try {
-			$response = facebook_for_woocommerce()->get_api()->get_user();
-			$id       = $response->get_id();
-			if ( null !== $id ) {
-				$response = facebook_for_woocommerce()->get_api()->delete_user_permission( (string) $id , 'manage_business_extension' );
+			$external_business_id = $this->get_external_business_id();
+			if ( null != $external_business_id ) {
+				$response = facebook_for_woocommerce()->get_api()->delete_mbe_connection((string) $external_business_id );
 				facebook_for_woocommerce()->get_message_handler()->add_message( __( 'Disconnection successful.', 'facebook-for-woocommerce' ) );
+
+				$body = wp_remote_retrieve_body( $response );
+				$body = json_decode( $body, true );
+				if ( ! is_array( $body ) || empty( $body['data'] ) || 200 !== (int) wp_remote_retrieve_response_code( $response ) ) {
+					facebook_for_woocommerce()->log( 'Failed to disconnect' );
+					facebook_for_woocommerce()->log( print_r( $body, true ) );
+					throw new ApiException(
+						sprintf(wp_remote_retrieve_response_message( $response ))
+					);
+				}
 			} else {
-				facebook_for_woocommerce()->log( 'User id not found for the disconnection procedure, connection will be reset.' );
+				facebook_for_woocommerce()->log( 'External business id not found for the disconnection procedure, connection will be reset.' );
 			}
 		} catch ( ApiException $exception ) {
 			facebook_for_woocommerce()->log( sprintf( 'An error occurred during disconnection: %s.', $exception->getMessage() ) );
@@ -592,20 +601,6 @@ public function get_commerce_connect_url() {
 	}
 
 
-	/**
-	 * Gets the URL to manage the connection.
-	 *
-	 * @since 2.0.0
-	 *
-	 * @return string
-	 */
-	public function get_manage_url() {
-		$app_id      = $this->get_client_id();
-		$business_id = $this->get_external_business_id();
-		return "https://www.facebook.com/facebook_business_extension?app_id={$app_id}&external_business_id={$business_id}";
-	}
-
-
 	/**
 	 * Gets the URL for disconnecting.
 	 *

package.json

@@ -1,6 +1,6 @@
 {
   "name": "facebook-for-woocommerce",
-  "version": "3.3.0",
+  "version": "3.3.3",
   "author": "Facebook",
   "homepage": "https://woocommerce.com/products/facebook/",
   "license": "GPL-2.0",

readme.txt

@@ -3,7 +3,7 @@ Contributors: facebook, automattic, woothemes
 Tags: facebook, woocommerce, marketing, product catalog feed, pixel
 Requires at least: 5.6
 Tested up to: 6.7
-Stable tag: 3.3.2
+Stable tag: 3.3.3
 Requires PHP: 7.4
 MySQL: 5.6 or greater
 License: GPLv2 or later
@@ -40,6 +40,10 @@ When opening a bug on GitHub, please give us as many details as possible.
 
 == Changelog ==
 
+= 3.3.3 - 2025-02-06 = 
+* Fix - Use of recommended delete connection endpoint over delete permission endpoint by atuld123 in #2844
+* Add - Expose Brand & MPN to Woocommerce UI by @devbodaghe in #2842
+
 = 3.3.2 - 2025-01-21 =
 * Fix - a bug that arose from reliance on the plugin version compatibility tag by @vinkmeta in #2856
 * Fix - Update catalog link in connections tab to point to Catalog by @devbodaghe in #2848

tests/Unit/ApiTest.php

@@ -167,18 +167,18 @@ public function test_get_user_returns_user_information_request() {
 	}
 
 	/**
-	 * Tests delete user permission performs a request to delete user permission.
+	 * Tests delete mbe request performs a request to delete facebook connection.
 	 *
 	 * @return void
 	 * @throws ApiException In case of failed request.
 	 */
-	public function test_delete_user_permission_deletes_user_permission_request() {
-		$user_id    = '111189594891749';
-		$permission = 'manage_business_extension';
+	public function test_delete_mbe_connection_deletes_mbe_request() {
+		$external_business_id = 'wordpress-facebook-62c3f1add134a';
 
-		$response = function( $result, $parsed_args, $url ) use ( $user_id, $permission ) {
+		$response = function( $result, $parsed_args, $url ) use ( $external_business_id ) {
 			$this->assertEquals( 'DELETE', $parsed_args['method'] );
-			$this->assertEquals( "{$this->endpoint}{$this->version}/{$user_id}/permissions/{$permission}", $url );
+			$this->assertEquals( "{$this->endpoint}{$this->version}/fbe_business/fbe_installs", $url );
+			$this->assertEquals( '{"fbe_external_business_id":"wordpress-facebook-62c3f1add134a"}', $parsed_args['body'] );
 			return [
 				'body'     => '{"success":true}',
 				'response' => [
@@ -189,7 +189,7 @@ public function test_delete_user_permission_deletes_user_permission_request() {
 		};
 		add_filter( 'pre_http_request', $response, 10, 3 );
 
-		$response = $this->api->delete_user_permission( $user_id, $permission );
+		$response = $this->api->delete_mbe_connection( $external_business_id );
 
 		$this->assertTrue( $response->success );
 	}