PluginProbe ʕ •ᴥ•ʔ
LatePoint – Calendar Booking Plugin for Appointments and Events / 5.2.0
LatePoint – Calendar Booking Plugin for Appointments and Events v5.2.0
5.6.5 5.6.4 5.6.3 5.6.2 5.6.1 5.6.0 5.5.2 5.5.1 5.5.0 5.4.2 trunk 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.91 5.1.92 5.1.93 5.1.94 5.2.0 5.2.1 5.2.10 5.2.11 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.0 5.3.1 5.3.2 5.4.0 5.4.1
latepoint / lib / controllers / auth_controller.php
latepoint / lib / controllers Last commit date
activities_controller.php 11 months ago auth_controller.php 9 months ago booking_form_settings_controller.php 1 year ago bookings_controller.php 1 year ago calendars_controller.php 9 months ago carts_controller.php 1 year ago controller.php 9 months ago customer_cabinet_controller.php 9 months ago customers_controller.php 9 months ago dashboard_controller.php 9 months ago default_agent_controller.php 1 year ago events_controller.php 1 year ago form_fields_controller.php 9 months ago integrations_controller.php 9 months ago invoices_controller.php 1 year ago manage_booking_by_key_controller.php 1 year ago manage_order_by_key_controller.php 1 year ago notifications_controller.php 1 year ago orders_controller.php 1 year ago pro_controller.php 1 year ago process_jobs_controller.php 9 months ago processes_controller.php 1 year ago search_controller.php 1 year ago services_controller.php 9 months ago settings_controller.php 1 year ago steps_controller.php 9 months ago stripe_connect_controller.php 9 months ago support_topics_controller.php 1 year ago todos_controller.php 1 year ago transactions_controller.php 1 year ago wizard_controller.php 1 year ago
auth_controller.php
296 lines
1 <?php
2 if ( ! defined( 'ABSPATH' ) ) {
3 exit; // Exit if accessed directly.
4 }
5
6
7 if ( ! class_exists( 'OsAuthController' ) ) :
8
9
10 class OsAuthController extends OsController {
11
12 function __construct() {
13 parent::__construct();
14 $this->action_access['public'] = array_merge( $this->action_access['public'], [
15 'logout_customer',
16 'login_customer',
17 'login_customer_using_social_data',
18 'login_customer_using_google_token',
19 'login_customer_using_facebook_token',
20 'request_otp',
21 'verify_otp'
22 ] );
23 $this->views_folder = LATEPOINT_VIEWS_ABSPATH . 'auth/';
24 }
25
26 public function verify_otp(){
27 $this->check_nonce( 'otp_verify_otp_nonce', $this->params['otp']['verify_nonce'] );
28 $otp_verification_params = $this->params_for_otp_verification();
29 $otp_code = $otp_verification_params['otp_code'];
30 $contact_type = $otp_verification_params['contact_type'];
31 $contact_value = $otp_verification_params['contact_value'];
32
33 $result = OsOTPHelper::verifyOTP($otp_code, $contact_value, $contact_type, 'email');
34
35 $message = __('Invalid Code', 'latepoint');
36 $status = LATEPOINT_STATUS_ERROR;
37
38 if ( is_wp_error($result) ) {
39 $message = $result->get_error_message();
40 }elseif($result['status'] == LATEPOINT_STATUS_ERROR){
41 $message = $result['message'];
42 }elseif($result['status'] == LATEPOINT_STATUS_SUCCESS) {
43 // Success
44 $status = LATEPOINT_STATUS_SUCCESS;
45 $message = OsOTPHelper::create_verification_token($contact_value, $contact_type);
46 // if auth is enabled - make sure customer is logged in
47 if(OsAuthHelper::is_customer_auth_enabled() && !OsAuthHelper::is_customer_logged_in()){
48 $customer = OsCustomerHelper::get_by_contact($contact_value, $contact_type);
49 if($customer && !$customer->is_new_record()){
50 OsAuthHelper::authorize_customer($customer->id);
51 }
52 }
53 }
54 $this->send_json( array( 'status' => $status, 'message' => $message ) );
55 }
56
57
58 public function request_otp(){
59 $this->check_nonce( 'auth_nonce', $this->params['auth']['nonce'] );
60
61 $auth_params = $this->params_for_otp_request();
62 $contact_type = $auth_params['contact_type'];
63 $contact_value = $auth_params[$contact_type];
64 $delivery_method = $auth_params['delivery_method'];
65
66 if(OsAuthHelper::is_classic_auth_flow()){
67 // in classic flow - you can't send a OTP request to a non existent account
68 $customer = new OsCustomerModel();
69 if($contact_type == 'email'){
70 $existing_customer = $customer->where(['email' => $contact_value])->set_limit(1)->get_results_as_models();
71 if(!$existing_customer){
72 $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __('We don\'t recognize this email. Double-check it or create an account.', 'latepoint') ) );
73 }
74 }elseif($contact_type == 'phone'){
75 $existing_customer = $customer->where(['phone' => $contact_value])->set_limit(1)->get_results_as_models();
76 if(!$existing_customer){
77 $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __('We don\'t recognize this phone number. Double-check it or create an account.', 'latepoint') ) );
78 }
79 }
80 }
81
82 $result = OsOTPHelper::generateAndSendOTP($contact_value, $contact_type, $delivery_method);
83
84 $message = __('Error sending OTP', 'latepoint');
85 $status = LATEPOINT_STATUS_ERROR;
86
87 if ( is_wp_error($result) ) {
88 $message = $result->get_error_message();
89 }elseif($result['status'] == LATEPOINT_STATUS_ERROR){
90 $message = $result['message'];
91 }elseif($result['status'] == LATEPOINT_STATUS_SUCCESS){
92 // Success
93 $status = LATEPOINT_STATUS_SUCCESS;
94 $message = OsOTPHelper::otp_input_box_html($contact_type, $contact_value, $delivery_method);
95 }
96 $this->send_json( array( 'status' => $status, 'message' => $message ) );
97 }
98
99
100 private function params_for_otp_verification(): array {
101 $params = OsParamsHelper::get_param( 'otp' );
102 if ( empty( $params ) ) {
103 return [];
104 }
105
106 $otp_params = OsParamsHelper::permit_params( $params, [
107 'contact_value',
108 'contact_type',
109 'delivery_method',
110 'otp_code'
111 ] );
112
113 $otp_params['otp_code'] = sanitize_text_field( $otp_params['otp_code'] );
114 $otp_params['delivery_method'] = sanitize_text_field( $otp_params['delivery_method'] );
115
116 if($otp_params['contact_type'] == 'phone'){
117 $otp_params['contact_value'] = sanitize_text_field( $otp_params['contact_value'] );
118 }
119
120 if($otp_params['contact_type'] == 'email'){
121 $otp_params['contact_value'] = sanitize_email( $otp_params['contact_value'] );
122 }
123
124 /**
125 * Filtered auth params for steps
126 *
127 * @param {array} $otp_params a filtered array of auth params
128 * @param {array} $params unfiltered 'auth' params
129 * @returns {array} $otp_params a filtered array of auth params
130 *
131 * @since 5.2.0
132 * @hook latepoint_auth_params_for_otp_verification
133 *
134 */
135 return apply_filters( 'latepoint_auth_params_for_otp_verification', $otp_params, $params );
136 }
137
138 private function params_for_otp_request(): array {
139 $params = OsParamsHelper::get_param( 'auth' );
140 if ( empty( $params ) ) {
141 return [];
142 }
143
144 $auth_params = OsParamsHelper::permit_params( $params, [
145 'email',
146 'phone',
147 'contact_type',
148 'delivery_method',
149 'otp_code'
150 ] );
151
152 if ( ! empty( $auth_params['email'] ) ) {
153 $auth_params['email'] = sanitize_email( $auth_params['email'] );
154 }
155 if ( ! empty( $auth_params['phone'] ) ) {
156 $auth_params['phone'] = sanitize_text_field( $auth_params['phone'] );
157 }
158 if ( ! empty( $auth_params['otp_code'] ) ) {
159 $auth_params['otp_code'] = sanitize_text_field( $auth_params['otp_code'] );
160 }
161
162 /**
163 * Filtered auth params for steps
164 *
165 * @param {array} $auth_params a filtered array of auth params
166 * @param {array} $params unfiltered 'auth' params
167 * @returns {array} $auth_params a filtered array of auth params
168 *
169 * @since 5.2.0
170 * @hook latepoint_params_for_otp_request
171 *
172 */
173 return apply_filters( 'latepoint_params_for_otp_request', $auth_params, $params );
174 }
175
176
177 // Logs out customer and shows blank contact step
178 public function logout_customer() {
179 OsAuthHelper::logout_customer();
180
181 if ( $this->get_return_format() == 'json' ) {
182 $this->send_json( array( 'status' => LATEPOINT_STATUS_SUCCESS, 'message' => __( 'You have been logged out of your account.', 'latepoint' ) ) );
183 }
184 }
185
186 // Login customer and show contact step with prefilled info
187 public function login_customer() {
188 $contact_type = $this->params['auth']['contact_type'];
189 $contact_value = ($contact_type == 'email') ? $this->params['auth']['email'] : $this->params['auth']['phone'];
190 $customer = OsAuthHelper::login_customer( $contact_value, $this->params['auth']['password'], $this->params['auth']['contact_type'] );
191 if ( $customer ) {
192 $status = LATEPOINT_STATUS_SUCCESS;
193 $customer_id = $customer->id;
194 $response_html = __( 'Welcome back', 'latepoint' );
195 } else {
196 $status = LATEPOINT_STATUS_ERROR;
197 if($contact_type == 'email'){
198 $response_html = __( 'Sorry, that email or password didn\'t work.', 'latepoint' );
199 }elseif($contact_type == 'phone'){
200 $response_html = __( 'Sorry, that phone number or password didn\'t work.', 'latepoint' );
201 }else{
202 $response_html = __( 'Sorry, that didn\'t work.', 'latepoint' );
203 }
204 $customer_id = '';
205 }
206 if ( $this->get_return_format() == 'json' ) {
207 $this->send_json( array( 'status' => $status, 'message' => $response_html, 'customer_id' => $customer_id ) );
208 }
209 }
210
211 public function login_customer_using_social_data( $network, $social_user ) {
212 $customer_id = '';
213 if ( isset( $social_user['social_id'] ) ) {
214 $customer_was_updated = false;
215 $old_customer_data = [];
216 $social_id_field_name = $network . '_user_id';
217 $status = LATEPOINT_STATUS_SUCCESS;
218 $response_html = $social_user['social_id'];
219 // Search for existing customer with email that google provided
220 $customer = new OsCustomerModel();
221 $customer = $customer->where( array( 'email' => $social_user['email'] ) )->set_limit( 1 )->get_results_as_models();
222 if ( OsAuthHelper::can_wp_users_login_as_customers() ) {
223 if ( $customer->wordpress_user_id != email_exists( $social_user['email'] ) ) {
224 $old_customer_data = $customer->get_data_vars();
225 $customer->update_attributes( [ 'wordpress_user_id' => null ] );
226 $wp_user_id = OsCustomerHelper::create_wp_user_for_customer( $customer );
227 $customer_was_updated = true;
228 if ( ! $wp_user_id ) {
229 $status = LATEPOINT_STATUS_ERROR;
230 $response_html = __( 'Error creating wp user', 'latepoint' );
231 }
232 }
233 }
234 // Create customer if its not found
235 if ( ! $customer ) {
236 $customer = new OsCustomerModel();
237 $customer->first_name = $social_user['first_name'];
238 $customer->last_name = $social_user['last_name'];
239 $customer->email = $social_user['email'];
240 $customer->$social_id_field_name = $social_user['social_id'];
241 if ( ! $customer->save( true ) ) {
242 $response_html = $customer->get_error_messages();
243 $status = LATEPOINT_STATUS_ERROR;
244 } else {
245 do_action( 'latepoint_customer_created', $customer );
246 }
247 }
248
249 if ( ( $status == LATEPOINT_STATUS_SUCCESS ) && $customer->id ) {
250 $customer_id = $customer->id;
251 // Update customer google user id if its not set yet
252 if ( $customer->$social_id_field_name != $social_user['social_id'] ) {
253 $old_customer_data = $customer->get_data_vars();
254 $customer->$social_id_field_name = $social_user['social_id'];
255 $customer->save();
256 $customer_was_updated = true;
257 }
258 OsAuthHelper::authorize_customer( $customer->id );
259 $response_html = __( 'Welcome back', 'latepoint' );
260 }
261 if ( $customer_was_updated && $old_customer_data ) {
262 do_action( 'latepoint_customer_updated', $customer, $old_customer_data );
263 }
264 } else {
265 // ERROR WITH GOOGLE LOGIN
266 $status = LATEPOINT_STATUS_ERROR;
267 $response_html = $social_user['error'];
268 }
269 if ( $this->get_return_format() == 'json' ) {
270 $this->send_json( array( 'status' => $status, 'message' => $response_html, 'customer_id' => $customer_id ) );
271 }
272
273 }
274
275
276 public function login_customer_using_google_token() {
277 $social_user = [];
278 $token = sanitize_text_field( $this->params['token'] );
279 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'google', $token );
280 if ( !empty($social_user) ) {
281 $this->login_customer_using_social_data( 'google', $social_user );
282 }
283 }
284
285 public function login_customer_using_facebook_token() {
286 $social_user = [];
287 $token = sanitize_text_field( $this->params['token'] );
288 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'facebook', $token );
289 if ( !empty($social_user) ) {
290 $this->login_customer_using_social_data( 'facebook', $social_user );
291 }
292 }
293
294
295 }
296 endif;