Conversation
🔍 WordPress Plugin Check Report
📊 Report
❌ Errors (8)📁 includes/Framework/PaymentGateway/Admin/views/html-admin-gateway-status.php (1 error)
📁 includes/Framework/PaymentGateway/Admin/views/html-user-profile-section.php (1 error)
📁 includes/Framework/PaymentGateway/Admin/views/html-user-payment-token-editor.php (1 error)
📁 includes/Framework/PaymentGateway/Admin/views/html-user-profile-field-customer-id.php (1 error)
📁 includes/Framework/PaymentGateway/Admin/views/html-order-partial-capture.php (1 error)
📁 includes/Framework/PaymentGateway/Admin/views/html-user-payment-token-editor-token.php (1 error)
📁 includes/WC_Payments_Compatibility.php (1 error)
📁 includes/Admin/Product_Editor_Compatibility.php (1 error)
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
|
Thanks for this update. As the user who was recently impacted by this lack of protection, I'm grateful to see it moving forward. I would also strongly encourage you not to delete production data in Square upon WordPress user deletion, whether the user is being deleted on staging or production. There can be many reasons why someone would want to delete a WP User and still keep the customer/payment information on file. If they want to be sure they're deleting that information they can use the data deletion tool instead. For example, perhaps transferred an existing Woo Subscription to another WP user (this happens often enough, such as when the billing contact at a company changes). If we then delete the first WP user, that could also delete a card on file when we don't want it to! As another example: I acquired a plugin a few years ago, and it was one of several plugins the seller owned and sold through the same WordPress setup. We had to split out only the user/payment info for people who were paying for that specific plugin, but not their others. If the seller then cleaned up their old user data, we could have lost the valid payment information as well! Or imagine if someone were moving from WooCommerce to Shopify (sorry) and wanted to transfer their customer data over. They should have the right to do this without the WooCommerce Square plugin deleting any of their external data (even if they decide to "clean up" old WordPress user accounts). Bottom line for me is that when you delete Users in WordPress it should only delete data in WordPress -- nowhere else. Anything else is unexpected by users and the consequences, as I have experienced (and continue to try to recover from), can be severe. |
iamdharmesh
left a comment
iamdharmesh
left a comment
There was a problem hiding this comment.
Thanks for the PR @faisal-alvi. I haven't tested it, but this looks good overall. I just added a request to add filter support if any merchant wants to completely disable removing the card from the Square side.
Side note: If we delete a user with all content is attributed to another user, will it still remove the card data on the Square or WP side? Not directly related to this PR but wanted to get an idea overall to check how it works in that scenario.
Thanks
|
@iamdharmesh Thanks, appreciate the review. Filter: Added User delete + “attribute all content to another user”: That reassignment only affects things like posts/authorship, not WooCommerce saved payment methods. On For Square, deleting those tokens fires |
|
@blogtutor Thanks for the detailed context and examples. This PR has a specific, narrow scope: prevent live cards from being disabled when token removal runs from admin, CLI, or cron in non-production environments. It doesn't touch the broader rule that removing a saved method can still sync to Square in other contexts. What you're describing is a larger product/behavior decision - one that touches subscriptions, migrations, multi-plugin setups, and the tradeoff between merchant expectations and shopper privacy. That deserves its own dedicated discussion. Would you mind opening a new issue (feature request) with the relevant details? We can reference this PR there for context. In the meantime, the filter added in this PR is available for merchants who need custom behavior in their own setup. |
3 participants
All Submissions:
Changes proposed in this Pull Request
Prevents staging/local/development sites (or WooCommerce Subscriptions duplicate sites) that use production Square credentials from calling the Square API to disable customer cards when payment tokens are removed via admin/CLI/cron (e.g. user deletion, privacy erasure). Customer-initiated removal (e.g. My Account → delete payment method) still calls Square so cards are disabled when the customer removes them.
Note
When the safeguard skips the API call, the token is still deleted in WordPress (WooCommerce token store). Only the Square-side “disable card” request is skipped so live customer cards are not affected.
Closes https://linear.app/a8c/issue/SQUARE-247/cards-disabled-from-staging-site.
Steps to test the changes in this Pull Request
WP_ENVIRONMENT_TYPEtostaging(or use a WCS duplicate site). Ensure Square is connected in production mode. As an admin, delete a WordPress user who has saved Square payment tokens (or run a privacy erasure for a user with tokens). Confirm the token is removed in WordPress and that the Square log shows “Skipped disabling card on Square…”. Confirm the same card is still enabled in the Square Dashboard (live account).WP_ENVIRONMENT_TYPEtoproduction(or leave unset). Delete a user (or remove a token via admin) who has saved Square tokens. Confirm the Square API is called and the card is disabled on Square.Changelog entry