Direct people to refresh OIDC connection when needed

app/controllers/admin/dfc_product_imports_controller.rb

@@ -11,19 +11,8 @@ def model_class
     end
 
     def index
-      # The plan:
-      #
-      # * Fetch DFC catalog as JSON from URL.
-      enterprise = OpenFoodNetwork::Permissions.new(spree_current_user)
-        .managed_product_enterprises.is_primary_producer
-        .find(params.require(:enterprise_id))
-
-      catalog_url = params.require(:catalog_url)
-      catalog = DfcCatalog.load(spree_current_user, catalog_url)
       catalog.apply_wholesale_values!
 
-      # * First step: import all products for given enterprise.
-      # * Second step: render table and let user decide which ones to import.
       imported = catalog.products.map do |subject|
         existing_variant = enterprise.supplied_variants.linked_to(subject.semanticId)
 
@@ -40,6 +29,28 @@ def index
            ActionController::ParameterMissing => e
       flash[:error] = e.message
       redirect_to admin_product_import_path
+    rescue Rack::OAuth2::Client::Error
+      oidc_settings_link = helpers.link_to(
+        t('spree.admin.tab.oidc_settings'),
+        admin_oidc_settings_path
+      )
+      flash[:error] = t(".connection_invalid_html", oidc_settings_link:)
+      redirect_to admin_product_import_path
+    end
+
+    private
+
+    def enterprise
+      @enterprise ||= OpenFoodNetwork::Permissions.new(spree_current_user)
+        .managed_product_enterprises.is_primary_producer
+        .find(params.require(:enterprise_id))
+    end
+
+    def catalog
+      @catalog ||= DfcCatalog.load(
+        spree_current_user,
+        params.require(:catalog_url)
+      )
     end
   end
 end

app/webpacker/css/admin_v3/components/messages.scss

@@ -58,6 +58,11 @@
     &.error {
       color: $color-flash-error-text;
       background-color: $color-flash-error-bg;
+
+      a:not(.button) {
+        color: $color-flash-error-text;
+        text-decoration: underline;
+      }
     }
 
     .msg {

config/locales/en.yml

@@ -846,6 +846,9 @@ en:
         map: Map
 
     dfc_product_imports:
+      connection_invalid_html: |
+        Connecting with your OIDC account failed.
+        Please refresh your OIDC connection at: %{oidc_settings_link}
       index:
         title: "Importing a DFC product catalog"
         imported_products: "Imported products:"

engines/dfc_provider/app/services/dfc_request.rb

@@ -81,5 +81,8 @@ def refresh_access_token!
       token: token.access_token,
       refresh_token: token.refresh_token
     )
+  rescue Rack::OAuth2::Client::Error
+    @user.oidc_account.update!(token: nil, refresh_token: nil)
+    raise
   end
 end

engines/dfc_provider/spec/services/dfc_request_spec.rb

@@ -63,6 +63,18 @@
     # The absence of errors makes this test pass.
   end
 
+  it "clears invalid refresh tokens", vcr: true do
+    stub_request(:get, "http://example.net/api").to_return(status: 401)
+
+    account.refresh_token = "some-invalid-token"
+    account.updated_at = 1.day.ago
+
+    expect { api.call("http://example.net/api") }
+      .to raise_error(Rack::OAuth2::Client::Error)
+
+    expect(account.refresh_token).to eq nil
+  end
+
   it "refreshes the access token and retrieves the FDC catalog", vcr: true do
     # A refresh is only attempted if the token is stale.
     account.uid = "testdfc@protonmail.com"