Merge branch 'develop' into trunk

Author: dkotter

.github/workflows/e2e.yml

@@ -30,6 +30,7 @@ jobs:
         uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
         with:
           name: ${{ github.event.repository.name }}
+          path: ${{ github.event.repository.name }}
 
       - name: Display structure of downloaded files
         run: ls -R

.github/workflows/generate-zip.yml

@@ -1,4 +1,4 @@
-name: Generate ZIP file
+name: Build release zip
 
 on:
   workflow_dispatch:
@@ -9,7 +9,7 @@ on:
 
 jobs:
   generate-zip-file:
-    name: Generate ZIP file
+    name: Build release zip
     runs-on: ubuntu-latest
 
     steps:
@@ -35,11 +35,8 @@ jobs:
         if: steps.cache-node-modules.outputs.cache-hit != 'true'
         run: npm ci --no-optional
 
-      - name: Generate ZIP file
-        run: npm run build && rm -rf ./woocommerce-gateway-gocardless && unzip woocommerce-gateway-gocardless.zip -d ./woocommerce-gateway-gocardless
+      - name: Build plugin
+        run: npm run build
 
-      - name: Use the Upload Artifact GitHub Action
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
-        with:
-          name: woocommerce-gateway-gocardless
-          path: woocommerce-gateway-gocardless/
+      - name: Generate ZIP file
+        uses: 10up/action-wordpress-plugin-build-zip@b9e621e1261ccf51592b6f3943e4dc4518fca0d1 # v1.0.2

.github/workflows/qit.yml

@@ -127,7 +127,7 @@ jobs:
           path: phpcompat-result.txt
 
       - name: Run security test
-        if: "${{ inputs.tests == 'security' || contains(github.event.pull_request.labels.*.name, 'needs: qit security test') && ( success() || failure() ) }}"
+        if: "${{ ( ( inputs.tests == 'default' || inputs.tests == 'security' ) || contains(github.event.pull_request.labels.*.name, 'needs: qit default tests') || contains(github.event.pull_request.labels.*.name, 'needs: qit security test') ) && ( success() || failure() ) }}"
         id: run-security-test
         run: ./vendor/bin/qit run:security ${{ github.event.repository.name }} --zip=${{ github.event.repository.name }}.zip --wait > security-result.txt
 
@@ -139,7 +139,7 @@ jobs:
           path: security-result.txt
 
       - name: Run malware test
-        if: "${{ inputs.tests == 'malware' || contains(github.event.pull_request.labels.*.name, 'needs: qit malware test') && ( success() || failure() ) }}"
+        if: "${{ ( ( inputs.tests == 'default' || inputs.tests == 'malware' ) || contains(github.event.pull_request.labels.*.name, 'needs: qit default tests') || contains(github.event.pull_request.labels.*.name, 'needs: qit malware test') ) && ( success() || failure() ) }}"
         id: run-malware-test
         run: ./vendor/bin/qit run:malware ${{ github.event.repository.name }} --zip=${{ github.event.repository.name }}.zip --wait > malware-result.txt
 

changelog.txt

@@ -1,5 +1,10 @@
 *** GoCardless for WooCommerce Changelog ***
 
+2025-10-07 - version 2.9.8
+* Fix - Automatically disconnect the GoCardless account and display a reconnect notice when the token becomes invalid or inactive.
+* Dev - Bump WooCommerce "tested up to" version 10.2.
+* Dev - Bump WooCommerce minimum supported version to 10.0.
+
 2025-08-05 - version 2.9.7
 * Add - Improved subscription cancellation by cancelling "Pending Submission" payments and preventing retries on non-cancellable payments.
 * Fix - Ensure webhook events are handled properly without any issues.

includes/class-wc-gocardless-api.php

@@ -174,7 +174,8 @@ protected static function _request( $endpoint, $args = array() ) {
 			return $resp;
 		}
 
-		$parsed_resp = json_decode( wp_remote_retrieve_body( $resp ), true );
+		$response_code = wp_remote_retrieve_response_code( $resp );
+		$parsed_resp   = json_decode( wp_remote_retrieve_body( $resp ), true );
 		if ( is_null( $parsed_resp ) ) {
 			wc_gocardless()->log( sprintf( '%s - Failed to decode JSON resp %s', __METHOD__, print_r( wp_remote_retrieve_body( $resp ), true ) ) ); //phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
 			return new WP_Error( 'error_json_decode', esc_html__( 'Error decoding JSON response', 'woocommerce-gateway-gocardless' ) );
@@ -198,6 +199,33 @@ protected static function _request( $endpoint, $args = array() ) {
 				return new WP_Error( 'error_gocardless_create_refund', esc_html__( 'GoCardless refund endpoint is disabled by default. Please contact [email protected] to enable it for you.', 'woocommerce-gateway-gocardless' ) );
 			}
 
+			/*
+			 * Error Handling for 401 unauthorized response code.
+			 *
+			 * If API respond with 401 unauthorized response code, it means:
+			 *
+			 * - `access_token_not_found` (the access token was not recognised); or
+			 * - `access_token_revoked` (the user has revoked your access to their account); or
+			 * - `access_token_not_active` (the access token is inactive for another reason)
+			 *
+			 * We need to disconnect from GoCardless and display a notice to the user to connect again.
+			 */
+			if ( 401 === $response_code && 'invalid_api_usage' === $parsed_resp['error']['type'] ) {
+				// Unauthorized response code, disconnect from GoCardless.
+				wc_gocardless()->log( sprintf( '%s - Unauthorized response code, disconnecting from GoCardless', __METHOD__ ) );
+				$settings                 = get_option( 'woocommerce_gocardless_settings', array() );
+				$settings['access_token'] = '';
+				update_option( 'woocommerce_gocardless_settings', $settings );
+
+				// Clear the available scheme transient.
+				delete_transient( 'wc_gocardless_available_scheme_identifiers' );
+
+				wc_gocardless()->log( sprintf( '%s - Disconnected from GoCardless', __METHOD__ ) );
+
+				// Add option to display notice to connect GoCardless again.
+				update_option( 'wc_gocardless_access_token_unauthorized', true );
+			}
+
 			$new_mandate = null;
 			if ( ! empty( $parsed_resp['error']['errors'] ) && is_array( $parsed_resp['error']['errors'] ) ) {
 				$message .= '. ' . esc_html__( 'Error details: ', 'woocommerce-gateway-gocardless' );

includes/class-wc-gocardless-gateway.php

@@ -159,6 +159,9 @@ public function connect_gocardless() {
 		// Clear the available scheme transient.
 		delete_transient( 'wc_gocardless_available_scheme_identifiers' );
 
+		// Clear option which displays notice to connect GoCardless.
+		delete_option( 'wc_gocardless_access_token_unauthorized' );
+
 		// Delete notice that informs merchant to connect with GoCardless.
 		WC_Admin_Notices::remove_notice( 'gocardless_connect_prompt' );
 

includes/class-wc-gocardless-order-admin.php

@@ -25,6 +25,7 @@ public function init() {
 		$this->add_order_actions();
 
 		add_action( 'admin_notices', array( $this, 'display_connection_notices' ) );
+		add_action( 'admin_notices', array( $this, 'display_access_token_unauthorized_notice' ) );
 
 		// GoCardless Connect/Disconnect actions.
 		add_action( 'admin_post_wc_connect_gocardless', array( $this, 'connect_gocardless' ) );
@@ -576,4 +577,45 @@ public function get_connection_notice() {
 
 		return $notice;
 	}
+
+	/**
+	 * Display notice for access token unauthorized.
+	 *
+	 * @since 2.9.8
+	 */
+	public function display_access_token_unauthorized_notice() {
+		// Check if option is set to display notice.
+		if ( ! get_option( 'wc_gocardless_access_token_unauthorized' ) ) {
+			return;
+		}
+
+		// Check if access token is there.
+		$settings = get_option( 'woocommerce_gocardless_settings', array() );
+		if ( ! empty( $settings['access_token'] ) ) {
+			// Remove the option to display notice, as we have an access token now (in case it missed to remove while connect to GoCardless).
+			delete_option( 'wc_gocardless_access_token_unauthorized' );
+			return;
+		}
+		?>
+		<div class="notice notice-warning">
+			<p>
+			<?php
+			echo wp_kses(
+				sprintf(
+					/* translators: %s: settings URL */
+					__( 'The connection to your <strong>GoCardless</strong> account has been disconnected because the access token is no longer active or valid. Please <a href="%s">connect</a> your GoCardless account to continue accepting payments.', 'woocommerce-gateway-gocardless' ),
+					wc_gocardless()->get_setting_url()
+				),
+				array(
+					'a'      => array(
+						'href' => array(),
+					),
+					'strong' => array(),
+				)
+			);
+			?>
+			</p>
+		</div>
+		<?php
+	}
 }