PluginProbe ʕ •ᴥ•ʔ
ShareThis Dashboard for Google Analytics / 3.3.1
ShareThis Dashboard for Google Analytics v3.3.1
3.3.2 trunk 1.0.7 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.1 2.1.2 2.1.3 2.1.4 2.1.5 2.2.5 2.3.5 2.3.6 2.3.7 2.3.8 2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.5.3 2.5.4 2.5.5 3.0.0 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.2.0 3.2.1 3.2.2 3.2.3 3.2.4 3.3.0 3.3.1
googleanalytics / class / class-ga-oauth.php
googleanalytics / class Last commit date
controller 2 months ago core 1 year ago class-ga-admin.php 2 months ago class-ga-autoloader.php 4 years ago class-ga-frontend.php 2 months ago class-ga-helper.php 2 months ago class-ga-hook.php 4 years ago class-ga-notice.php 2 months ago class-ga-oauth.php 2 months ago class-ga-sharethis.php 4 years ago class-ga-stats.php 2 months ago class-ga-template.php 4 years ago
class-ga-oauth.php
146 lines
1 <?php
2 if (!defined('ABSPATH')) exit;
3
4 class GA_OAuth {
5 const OPTION_CLIENT_ID = Ga_Admin::GA_SHARETHIS_PROPERTY_ID;
6
7 public function hooks() {
8 add_action( 'admin_post_sharethis_ga_connect', array( $this, 'start_broker_oauth' ) );
9 add_action( 'admin_post_sharethis_ga_oauth_callback', array( $this, 'handle_broker_oauth_callback' ) );
10 }
11
12 public function start_broker_oauth() {
13 if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
14 wp_die( esc_html__( 'Unauthorized request.', 'googleanalytics' ) );
15 }
16
17 check_admin_referer( 'sharethis_ga_connect' );
18
19 $client_id = get_option( self::OPTION_CLIENT_ID );
20
21 if ( ! is_string( $client_id ) || '' === $client_id ) {
22 wp_die( esc_html__( 'Missing ShareThis client ID.', 'googleanalytics' ) );
23 }
24
25 $redirect_url = admin_url( 'admin-post.php?action=sharethis_ga_oauth_callback' );
26 $nonce = wp_generate_password( 32, false, false );
27
28 set_transient(
29 'sharethis_ga_oauth_state_' . get_current_user_id(),
30 array(
31 'state' => $nonce,
32 'exp' => time() + 10 * MINUTE_IN_SECONDS,
33 ),
34 10 * MINUTE_IN_SECONDS
35 );
36
37 $broker_url = add_query_arg(
38 array(
39 'client_id' => rawurlencode( $client_id ),
40 'redirect_url' => rawurlencode( $redirect_url ),
41 'state' => rawurlencode( $nonce ),
42 'response_type' => 'code',
43 ),
44 trailingslashit( SHARETHIS_GA_BROKER_BASE ). 'authorize'
45 );
46
47 wp_redirect( $broker_url );
48 exit;
49 }
50
51 public function handle_broker_oauth_callback() {
52 if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
53 wp_die( esc_html__( 'Unauthorized request.', 'googleanalytics' ) );
54 }
55
56 $code = filter_input( INPUT_GET, 'code', FILTER_UNSAFE_RAW );
57 $returned_state = filter_input( INPUT_GET, 'state', FILTER_UNSAFE_RAW );
58
59 $code = is_string( $code ) ? sanitize_text_field( wp_unslash( $code ) ) : '';
60 $returned_state = is_string( $returned_state ) ? sanitize_text_field( wp_unslash( $returned_state ) ) : '';
61
62 if ( '' === $code || '' === $returned_state ) {
63 wp_die( esc_html__( 'Missing OAuth callback parameters.', 'googleanalytics' ) );
64 }
65
66 $stored = get_transient( 'sharethis_ga_oauth_state_' . get_current_user_id() );
67
68 if ( ! is_array( $stored ) || empty( $stored['state'] ) || ! hash_equals( $stored['state'], $returned_state ) ) {
69 wp_die( esc_html__( 'Invalid OAuth state.', 'googleanalytics' ) );
70 }
71
72 delete_transient( 'sharethis_ga_oauth_state_' . get_current_user_id() );
73
74 $client_id = (string) get_option( self::OPTION_CLIENT_ID, '' );
75
76 if ( '' === $client_id ) {
77 wp_die( esc_html__( 'Missing installation ID.', 'googleanalytics' ) );
78 }
79
80 $callback_url = admin_url( 'admin-post.php?action=sharethis_ga_oauth_callback' );
81
82 $response = wp_remote_post(
83 trailingslashit( SHARETHIS_GA_BROKER_BASE ) . 'token',
84 array(
85 'timeout' => 20,
86 'headers' => array(
87 'Content-Type' => 'application/x-www-form-urlencoded',
88 ),
89 'body' => array(
90 'grant_type' => 'authorization_code',
91 'code' => $code,
92 'client_id' => $client_id,
93 'redirect_uri' => $callback_url,
94 ),
95 )
96 );
97
98 if ( is_wp_error( $response ) ) {
99 wp_die( esc_html( $response->get_error_message() ) );
100 }
101
102 $status_code = wp_remote_retrieve_response_code( $response );
103 $body = wp_remote_retrieve_body( $response );
104 $data = json_decode( $body, true );
105
106 if ( 200 !== $status_code || ! is_array( $data ) ) {
107 wp_die( esc_html__( 'OAuth redemption failed.', 'googleanalytics' ) );
108 }
109
110 if ( ! empty( $data['refresh_token'] ) ) {
111 update_option(
112 'sharethis_ga_refresh_token',
113 sanitize_text_field( (string) $data['refresh_token'] )
114 );
115 }
116
117 if ( ! empty( $data['access_token'] ) ) {
118 update_option(
119 'ga4-token',
120 wp_json_encode(
121 array(
122 'access_token' => sanitize_text_field( (string) $data['access_token'] ),
123 'expires_in' => ! empty( $data['expires_in'] ) ? absint( $data['expires_in'] ) : 3600,
124 'created' => time(),
125 'token_type' => 'Bearer',
126 )
127 )
128 );
129 }
130
131 wp_safe_redirect(
132 admin_url( 'admin.php?page=googleanalytics/settings&ga_connected=1' )
133 );
134 exit;
135 }
136
137 /**
138 * Helper for rendering the "Connect" button URL in admin.
139 */
140 public function get_connect_url() {
141 return wp_nonce_url(
142 admin_url( 'admin-post.php?action=sharethis_ga_connect' ),
143 'sharethis_ga_connect'
144 );
145 }
146 }