Paste Code: “Sorry, you are not allowed to access this page”

  • Resolved maylene

    (@maylene)


    9 months, 1 week ago

    We updated a client’s site to 2.4.4 on a dev server but received the message “Sorry, you are not allowed to access this page” after trying to add the auth code via the Paste Code button.

    Since the version on live (2.4.3) worked fine, we deployed all other plugin updates but skipped this one. Unfortunately, the live plugin’s connection reset and serves the same access error when trying to Paste Code.

    • We are logged in as admin
    • We cannot reproduce this error on local dev environments
    • It appears in Firefox and Chrome on Mac and Win11

    Any idea how we might fix this issue?

    Debug logs:

    [2024-02-21T20:04:45.899592+00:00] Error: .INFO: Invalid state or auth code! [] []
    [2024-02-21T20:04:45.900839+00:00] Refresh Token:.INFO: Refresh token triggered [] []
    [2024-02-21T20:04:46.307395+00:00] Error: .INFO: invalid_grant: The refresh token is invalid or expired. [] []
    [2024-02-21T20:04:46.403447+00:00] Error: .INFO: Invalid state or auth code! [] []
    [2024-02-21T20:04:46.654773+00:00] Error: .INFO: Invalid state or auth code! [] []
    [2024-02-21T20:04:46.656451+00:00] Refresh Token:.INFO: Refresh token triggered [] []
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Constant Contact

    (@constantcontact)

    Hi @maylene

    Can you provide a bit more information for us, we’re trying to isolate exactly which part of the process you’re in.

    For example, is the error being shown when you’re on say this URL?

    /wp-admin/edit.php?post_type=ctct_forms&page=ctct_options_settings_auth

    or is it showing up after you click to save the pasted code?

    Even just a screenshot of the page with the error would be helpful, and we can provide an email address to send to if you prefer sharing this information privately.

    Thread Starter maylene

    (@maylene)

    Thanks for the quick response.

    Correct. The URL is…

    /wp-admin/edit.php?post_type=ctct_forms&page=ctct_options_settings_auth

    …and it happens when I click the Paste Code button. I don’t have the opportunity to paste it, though, since I get this screen.

    Plugin Author Constant Contact

    (@constantcontact)

    Is the user in question able to access any of the Constant Contact Form settings? It’d be the submenu item under “Contact Form > Settings”, and should have 4 tabs, including General, Spam Control, Support, and Account.

    If the user doesn’t see that submenu, or can’t access via direct link like with /wp-admin/edit.php?post_type=ctct_forms&page=ctct_options_settings_general then it’s probably a permissions issue somehow, or roles/capabilities customization has been performed on the sites in question.

    Thread Starter maylene

    (@maylene)

    Yes, user permissions would seem to be the case except:

    1. We’re using an administrator account
    2. We confirmed the administrator role has all permissions in User Role Editor; should we look for a specific set of settings here?
    3. It works on local
    4. It worked on the dev and production server until we tried updating

    You are correct that we can no longer see the Constant Contact Settings menu, and your shared link doesn’t work. Additionally, individual forms are blank in the editor. Our user created some of these forms and could access all of them recently.

    How would an update affect the plugin’s permission settings?

    Plugin Author Constant Contact

    (@constantcontact)

    What sort of deployments are you doing for this? For example something like https://buddy.works/ or similar?

    Do you have things configured to ignore files in say a .gitignore file found in the wp-content which I’d assume be the point that deployments push up from?

    If yes, I’m curious if you have a vendor line in the .gitignore. Asking this because we also have a vendor folder in our plugin, which includes a library named CMB2 which handles our settings pages as well as much of the rendering of the form builder UI.

    If I’m right so far, I suspect the gitignore may need to be amended to be /vendor with that forward slash at the start. This would tell git to only ignore the vendor folder directly in the wp-content and other plugins that may have their own that are needed, to still get considered and deployed.

    Some things to check on for sure, and not having our CMB2 copy would cause most of the issues mentioned above.

    Thread Starter maylene

    (@maylene)

    After disabling each plugin on the development server one-by-one, we discovered a conflict with the WP Rocket Heartbeat Control plugin. Once we disabled it, the Constant Contact plugin behaved as expected.

    Thank you for your help troubleshooting our issue, @constantcontact.

    In case others have a similar issue, remember to check for conflicts with other plugins. ??

    Plugin Author Constant Contact

    (@constantcontact)

    Interesting, but we’re glad to hear everything is back up and running!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Paste Code: “Sorry, you are not allowed to access this page”’ is closed to new replies.