controller
2 months ago
core
1 year ago
class-ga-admin.php
2 months ago
class-ga-autoloader.php
4 years ago
class-ga-frontend.php
2 months ago
class-ga-helper.php
2 months ago
class-ga-hook.php
4 years ago
class-ga-notice.php
2 months ago
class-ga-oauth.php
2 months ago
class-ga-sharethis.php
4 years ago
class-ga-stats.php
2 months ago
class-ga-template.php
4 years ago
class-ga-oauth.php
146 lines
| 1 | <?php |
| 2 | if (!defined('ABSPATH')) exit; |
| 3 | |
| 4 | class GA_OAuth { |
| 5 | const OPTION_CLIENT_ID = Ga_Admin::GA_SHARETHIS_PROPERTY_ID; |
| 6 | |
| 7 | public function hooks() { |
| 8 | add_action( 'admin_post_sharethis_ga_connect', array( $this, 'start_broker_oauth' ) ); |
| 9 | add_action( 'admin_post_sharethis_ga_oauth_callback', array( $this, 'handle_broker_oauth_callback' ) ); |
| 10 | } |
| 11 | |
| 12 | public function start_broker_oauth() { |
| 13 | if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) { |
| 14 | wp_die( esc_html__( 'Unauthorized request.', 'googleanalytics' ) ); |
| 15 | } |
| 16 | |
| 17 | check_admin_referer( 'sharethis_ga_connect' ); |
| 18 | |
| 19 | $client_id = get_option( self::OPTION_CLIENT_ID ); |
| 20 | |
| 21 | if ( ! is_string( $client_id ) || '' === $client_id ) { |
| 22 | wp_die( esc_html__( 'Missing ShareThis client ID.', 'googleanalytics' ) ); |
| 23 | } |
| 24 | |
| 25 | $redirect_url = admin_url( 'admin-post.php?action=sharethis_ga_oauth_callback' ); |
| 26 | $nonce = wp_generate_password( 32, false, false ); |
| 27 | |
| 28 | set_transient( |
| 29 | 'sharethis_ga_oauth_state_' . get_current_user_id(), |
| 30 | array( |
| 31 | 'state' => $nonce, |
| 32 | 'exp' => time() + 10 * MINUTE_IN_SECONDS, |
| 33 | ), |
| 34 | 10 * MINUTE_IN_SECONDS |
| 35 | ); |
| 36 | |
| 37 | $broker_url = add_query_arg( |
| 38 | array( |
| 39 | 'client_id' => rawurlencode( $client_id ), |
| 40 | 'redirect_url' => rawurlencode( $redirect_url ), |
| 41 | 'state' => rawurlencode( $nonce ), |
| 42 | 'response_type' => 'code', |
| 43 | ), |
| 44 | trailingslashit( SHARETHIS_GA_BROKER_BASE ). 'authorize' |
| 45 | ); |
| 46 | |
| 47 | wp_redirect( $broker_url ); |
| 48 | exit; |
| 49 | } |
| 50 | |
| 51 | public function handle_broker_oauth_callback() { |
| 52 | if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) { |
| 53 | wp_die( esc_html__( 'Unauthorized request.', 'googleanalytics' ) ); |
| 54 | } |
| 55 | |
| 56 | $code = filter_input( INPUT_GET, 'code', FILTER_UNSAFE_RAW ); |
| 57 | $returned_state = filter_input( INPUT_GET, 'state', FILTER_UNSAFE_RAW ); |
| 58 | |
| 59 | $code = is_string( $code ) ? sanitize_text_field( wp_unslash( $code ) ) : ''; |
| 60 | $returned_state = is_string( $returned_state ) ? sanitize_text_field( wp_unslash( $returned_state ) ) : ''; |
| 61 | |
| 62 | if ( '' === $code || '' === $returned_state ) { |
| 63 | wp_die( esc_html__( 'Missing OAuth callback parameters.', 'googleanalytics' ) ); |
| 64 | } |
| 65 | |
| 66 | $stored = get_transient( 'sharethis_ga_oauth_state_' . get_current_user_id() ); |
| 67 | |
| 68 | if ( ! is_array( $stored ) || empty( $stored['state'] ) || ! hash_equals( $stored['state'], $returned_state ) ) { |
| 69 | wp_die( esc_html__( 'Invalid OAuth state.', 'googleanalytics' ) ); |
| 70 | } |
| 71 | |
| 72 | delete_transient( 'sharethis_ga_oauth_state_' . get_current_user_id() ); |
| 73 | |
| 74 | $client_id = (string) get_option( self::OPTION_CLIENT_ID, '' ); |
| 75 | |
| 76 | if ( '' === $client_id ) { |
| 77 | wp_die( esc_html__( 'Missing installation ID.', 'googleanalytics' ) ); |
| 78 | } |
| 79 | |
| 80 | $callback_url = admin_url( 'admin-post.php?action=sharethis_ga_oauth_callback' ); |
| 81 | |
| 82 | $response = wp_remote_post( |
| 83 | trailingslashit( SHARETHIS_GA_BROKER_BASE ) . 'token', |
| 84 | array( |
| 85 | 'timeout' => 20, |
| 86 | 'headers' => array( |
| 87 | 'Content-Type' => 'application/x-www-form-urlencoded', |
| 88 | ), |
| 89 | 'body' => array( |
| 90 | 'grant_type' => 'authorization_code', |
| 91 | 'code' => $code, |
| 92 | 'client_id' => $client_id, |
| 93 | 'redirect_uri' => $callback_url, |
| 94 | ), |
| 95 | ) |
| 96 | ); |
| 97 | |
| 98 | if ( is_wp_error( $response ) ) { |
| 99 | wp_die( esc_html( $response->get_error_message() ) ); |
| 100 | } |
| 101 | |
| 102 | $status_code = wp_remote_retrieve_response_code( $response ); |
| 103 | $body = wp_remote_retrieve_body( $response ); |
| 104 | $data = json_decode( $body, true ); |
| 105 | |
| 106 | if ( 200 !== $status_code || ! is_array( $data ) ) { |
| 107 | wp_die( esc_html__( 'OAuth redemption failed.', 'googleanalytics' ) ); |
| 108 | } |
| 109 | |
| 110 | if ( ! empty( $data['refresh_token'] ) ) { |
| 111 | update_option( |
| 112 | 'sharethis_ga_refresh_token', |
| 113 | sanitize_text_field( (string) $data['refresh_token'] ) |
| 114 | ); |
| 115 | } |
| 116 | |
| 117 | if ( ! empty( $data['access_token'] ) ) { |
| 118 | update_option( |
| 119 | 'ga4-token', |
| 120 | wp_json_encode( |
| 121 | array( |
| 122 | 'access_token' => sanitize_text_field( (string) $data['access_token'] ), |
| 123 | 'expires_in' => ! empty( $data['expires_in'] ) ? absint( $data['expires_in'] ) : 3600, |
| 124 | 'created' => time(), |
| 125 | 'token_type' => 'Bearer', |
| 126 | ) |
| 127 | ) |
| 128 | ); |
| 129 | } |
| 130 | |
| 131 | wp_safe_redirect( |
| 132 | admin_url( 'admin.php?page=googleanalytics/settings&ga_connected=1' ) |
| 133 | ); |
| 134 | exit; |
| 135 | } |
| 136 | |
| 137 | /** |
| 138 | * Helper for rendering the "Connect" button URL in admin. |
| 139 | */ |
| 140 | public function get_connect_url() { |
| 141 | return wp_nonce_url( |
| 142 | admin_url( 'admin-post.php?action=sharethis_ga_connect' ), |
| 143 | 'sharethis_ga_connect' |
| 144 | ); |
| 145 | } |
| 146 | } |