PluginProbe ʕ •ᴥ•ʔ
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager / 2.2.4
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager v2.2.4
2.3.6 trunk 1.1 1.2 1.3 1.3.1 1.3.2 1.3.3 1.4 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.5.0 1.6.0 1.6.1 1.6.2 2.0.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.13.1 2.0.2 2.0.3 2.0.4 2.0.4.1 2.0.4.2 2.0.4.3 2.0.4.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.8.1 2.0.9 2.1.0 2.1.1 2.1.10 2.1.11 2.1.12 2.1.13 2.1.14 2.1.2 2.1.3 2.1.3.1 2.1.4 2.1.4.1 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.3.1 2.2.4 2.2.4.1 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 2.3.0 2.3.1 2.3.2 2.3.2.1 2.3.3 2.3.4 2.3.5
insert-headers-and-footers / includes / class-wpcode-library-auth.php
insert-headers-and-footers / includes Last commit date
admin 1 year ago auto-insert 1 year ago conditional-logic 1 year ago execute 1 year ago generator 2 years ago lite 1 year ago capabilities.php 2 years ago class-wpcode-admin-bar-info.php 2 years ago class-wpcode-auto-insert.php 1 year ago class-wpcode-capabilities.php 3 years ago class-wpcode-conditional-logic.php 1 year ago class-wpcode-error.php 2 years ago class-wpcode-file-cache.php 1 year ago class-wpcode-file-logger.php 3 years ago class-wpcode-generator.php 3 years ago class-wpcode-install.php 2 years ago class-wpcode-library-auth.php 1 year ago class-wpcode-library.php 1 year ago class-wpcode-settings.php 2 years ago class-wpcode-smart-tags.php 2 years ago class-wpcode-snippet-cache.php 2 years ago class-wpcode-snippet-execute.php 1 year ago class-wpcode-snippet.php 1 year ago compat.php 2 years ago global-output.php 2 years ago helpers.php 1 year ago icons.php 1 year ago ihaf.php 3 years ago legacy.php 3 years ago pluggable.php 2 years ago post-type.php 1 year ago safe-mode.php 2 years ago shortcode.php 2 years ago
class-wpcode-library-auth.php
292 lines
1 <?php
2 /**
3 * Class for handling the WPCode library authentication.
4 *
5 * @package WPCode
6 */
7
8 /**
9 * Class WPCode_Library_Auth.
10 */
11 class WPCode_Library_Auth {
12 /**
13 * The base api URL.
14 *
15 * @var string
16 */
17 public $library_url = 'https://library.wpcode.com';
18
19 /**
20 * Is the current plugin authenticated with the WPCode Library?
21 *
22 * @var bool
23 */
24 private $has_auth;
25
26 /**
27 * The api key used for authenticated requests to the library.
28 *
29 * @var string
30 */
31 private $auth_key;
32
33 /**
34 * The auth data from the db.
35 *
36 * @var array
37 */
38 private $auth_data;
39
40 /**
41 * Library auth constructor.
42 */
43 public function __construct() {
44 add_action( 'wp_ajax_wpcode_library_store_auth', array( $this, 'store_auth_key' ) );
45 add_action( 'wp_ajax_wpcode_library_delete_auth', array( $this, 'delete_auth' ) );
46 }
47
48 /**
49 * Ajax handler that returns the auth url used to start the Connect process.
50 *
51 * @return string
52 */
53 public function auth_url() {
54
55 if ( $this->has_auth() ) {
56 return '';
57 }
58
59 $site_name = get_bloginfo( 'name' );
60 if ( empty( $site_name ) ) {
61 $site_name = __( 'Your WordPress Site', 'insert-headers-and-footers' );
62 }
63
64 // This is needed, so we don't run into issues with special characters.
65 // Base64 encode without padding for better compatibility between PHP versions.
66 $site_name = rtrim( strtr( base64_encode( $site_name ), '+/', '-_' ), '=' );
67 $ajax_url = rtrim( strtr( base64_encode( admin_url( 'admin-ajax.php' ) ), '+/', '-_' ), '=' );
68
69 $auth_url = add_query_arg(
70 array(
71 'site' => $site_name,
72 'version' => WPCODE_VERSION,
73 'ajax' => $ajax_url,
74 ),
75 $this->get_api_url( 'connect' )
76 );
77
78 return $auth_url;
79 }
80
81 /**
82 * Get the full URL to an API endpoint by passing the path.
83 *
84 * @param string $path The path for the API endpoint.
85 *
86 * @return string
87 */
88 public function get_api_url( $path ) {
89 return trailingslashit( $this->library_url ) . 'api/' . $path;
90 }
91
92 /**
93 * Ajax handler to save the auth API key.
94 *
95 * @return void
96 */
97 public function store_auth_key() {
98 check_ajax_referer( 'wpcode_admin' );
99
100 if ( ! current_user_can( 'wpcode_activate_snippets' ) ) {
101 wp_send_json_error( esc_html__( 'You do not have permissions to connect WPCode to the library.', 'insert-headers-and-footers' ) );
102 }
103
104 $key = ! empty( $_POST['key'] ) ? sanitize_key( $_POST['key'] ) : false;
105 $username = ! empty( $_POST['username'] ) ? sanitize_user( wp_unslash( $_POST['username'] ) ) : false;
106 $origin = ! empty( $_POST['origin'] ) ? esc_url_raw( wp_unslash( $_POST['origin'] ) ) : false;
107 $deploy_snippet_id = ! empty( $_POST['deploy_snippet_id'] ) ? sanitize_key( $_POST['deploy_snippet_id'] ) : false;
108 $webhook_secret = ! empty( $_POST['webhook_secret'] ) ? sanitize_key( $_POST['webhook_secret'] ) : '';
109 $client_id = ! empty( $_POST['client_id'] ) ? sanitize_key( $_POST['client_id'] ) : false;
110
111 if ( ! $key || $this->library_url !== $origin ) {
112 wp_send_json_error();
113 }
114
115 $this->save_auth_data( $key, $username, $webhook_secret, $client_id );
116
117 if ( ! empty( $deploy_snippet_id ) ) {
118 // If we have a snippet id from the deployment process, set that as a transient to show a notice, so they can pick up where they started.
119 set_transient( 'wpcode_deploy_snippet_id', $deploy_snippet_id, HOUR_IN_SECONDS );
120 }
121
122 // Reset the auth data.
123 unset( $this->auth_data );
124 unset( $this->auth_key );
125 unset( $this->has_auth );
126
127 do_action( 'wpcode_library_api_auth_connected' );
128
129 wp_send_json_success(
130 array(
131 'title' => __( 'Authentication successfully completed', 'insert-headers-and-footers' ),
132 'text' => __( 'Reloading page, please wait.', 'insert-headers-and-footers' ),
133 )
134 );
135 }
136
137 /**
138 * Save the auth data to the db.
139 *
140 * @param string $key The auth key.
141 * @param string $username The username.
142 * @param string $webhook_secret The webhook secret.
143 * @param string $client_id The client id.
144 *
145 * @return void
146 */
147 public function save_auth_data( $key, $username, $webhook_secret, $client_id ) {
148 // Don't autoload this as we'll only need it on some pages and in specific requests.
149 update_option(
150 'wpcode_library_api_auth',
151 array(
152 'key' => $key,
153 'username' => $username,
154 'webhook_secret' => $webhook_secret,
155 'client_id' => $client_id,
156 'connected_at' => time(),
157 ),
158 false
159 );
160 }
161
162 /**
163 * Ajax handler to delete the auth data and disconnect the site from the WPCode Library.
164 *
165 * @return void
166 */
167 public function delete_auth() {
168 check_ajax_referer( 'wpcode_admin' );
169
170 if ( ! current_user_can( 'wpcode_activate_snippets' ) ) {
171 wp_send_json_error( esc_html__( 'You do not have permissions to connect WPCode to the library.', 'insert-headers-and-footers' ) );
172 }
173
174 if ( $this->delete_auth_data() ) {
175 do_action( 'wpcode_library_api_auth_deleted' );
176 wp_send_json_success();
177 }
178
179 wp_send_json_error();
180 }
181
182 /**
183 * Delete the auth data from the db.
184 *
185 * @return bool
186 */
187 public function delete_auth_data() {
188 return delete_option( 'wpcode_library_api_auth' );
189 }
190
191 /**
192 * Check if the site is authenticated.
193 *
194 * @return bool
195 */
196 public function has_auth() {
197 if ( ! isset( $this->has_auth ) ) {
198 $auth_key = $this->get_auth_key();
199
200 $this->has_auth = ! empty( $auth_key );
201 }
202
203 return $this->has_auth;
204 }
205
206 /**
207 * The auth key.
208 *
209 * @return bool|string
210 */
211 public function get_auth_key() {
212 if ( ! isset( $this->auth_key ) ) {
213 $data = $this->get_auth_data();
214 $this->auth_key = isset( $data['key'] ) ? $data['key'] : false;
215 }
216
217 return $this->auth_key;
218 }
219
220 /**
221 * The webhook secret.
222 *
223 * @return bool|string
224 */
225 public function get_webhook_secret() {
226 $data = $this->get_auth_data();
227
228 return isset( $data['webhook_secret'] ) ? $data['webhook_secret'] : false;
229 }
230
231 /**
232 * The client id.
233 *
234 * @return bool|string
235 */
236 public function get_client_id() {
237 $data = $this->get_auth_data();
238
239 return isset( $data['client_id'] ) ? $data['client_id'] : false;
240 }
241
242 /**
243 * Get the auth data from the db.
244 *
245 * @return array|bool
246 */
247 public function get_auth_data() {
248 if ( ! isset( $this->auth_data ) ) {
249 $this->auth_data = $this->load_auth_data();
250 }
251
252 return $this->auth_data;
253 }
254
255 /**
256 * Get the auth data from the db.
257 *
258 * @return array|bool
259 */
260 public function load_auth_data() {
261 return get_option( 'wpcode_library_api_auth', false );
262 }
263
264 /**
265 * The auth username.
266 *
267 * @return bool|string
268 */
269 public function get_auth_username() {
270 $data = $this->get_auth_data();
271
272 return isset( $data['username'] ) ? $data['username'] : false;
273 }
274
275 /**
276 * Use the API key saved in the db to sign a value, used for authenticating requests from the library to the plugin.
277 *
278 * @param string $string The string to sign.
279 *
280 * @return string
281 */
282 public function sign( $string ) {
283 $api_key = $this->get_webhook_secret();
284
285 if ( empty( $api_key ) ) {
286 return false;
287 }
288
289 return hash_hmac( 'sha256', (string) $string, $api_key );
290 }
291 }
292