PluginProbe ʕ •ᴥ•ʔ
LatePoint – Calendar Booking Plugin for Appointments and Events / 5.2.4
LatePoint – Calendar Booking Plugin for Appointments and Events v5.2.4
5.6.5 5.6.4 5.6.3 5.6.2 5.6.1 5.6.0 5.5.2 5.5.1 5.5.0 5.4.2 trunk 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.91 5.1.92 5.1.93 5.1.94 5.2.0 5.2.1 5.2.10 5.2.11 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.0 5.3.1 5.3.2 5.4.0 5.4.1
latepoint / lib / controllers / auth_controller.php
latepoint / lib / controllers Last commit date
activities_controller.php 11 months ago auth_controller.php 9 months ago booking_form_settings_controller.php 1 year ago bookings_controller.php 1 year ago calendars_controller.php 9 months ago carts_controller.php 1 year ago controller.php 9 months ago customer_cabinet_controller.php 9 months ago customers_controller.php 9 months ago dashboard_controller.php 9 months ago default_agent_controller.php 1 year ago events_controller.php 1 year ago form_fields_controller.php 9 months ago integrations_controller.php 9 months ago invoices_controller.php 1 year ago manage_booking_by_key_controller.php 1 year ago manage_order_by_key_controller.php 1 year ago notifications_controller.php 1 year ago orders_controller.php 1 year ago pro_controller.php 1 year ago process_jobs_controller.php 9 months ago processes_controller.php 1 year ago search_controller.php 1 year ago services_controller.php 9 months ago settings_controller.php 1 year ago steps_controller.php 9 months ago stripe_connect_controller.php 9 months ago support_topics_controller.php 1 year ago todos_controller.php 1 year ago transactions_controller.php 1 year ago wizard_controller.php 1 year ago
auth_controller.php
321 lines
1 <?php
2 if ( ! defined( 'ABSPATH' ) ) {
3 exit; // Exit if accessed directly.
4 }
5
6
7 if ( ! class_exists( 'OsAuthController' ) ) :
8
9
10 class OsAuthController extends OsController {
11
12 function __construct() {
13 parent::__construct();
14 $this->action_access['public'] = array_merge( $this->action_access['public'], [
15 'logout_customer',
16 'login_customer',
17 'login_customer_using_social_data',
18 'login_customer_using_google_token',
19 'login_customer_using_facebook_token',
20 'request_otp',
21 'verify_otp',
22 'resend_otp'
23 ] );
24 $this->views_folder = LATEPOINT_VIEWS_ABSPATH . 'auth/';
25 }
26
27 public function verify_otp(){
28 $this->check_nonce( 'otp_verify_otp_nonce', $this->params['otp']['verify_nonce'] );
29 $otp_verification_params = $this->params_for_otp_verification();
30 $otp_code = $otp_verification_params['otp_code'];
31 $contact_type = $otp_verification_params['contact_type'];
32 $contact_value = $otp_verification_params['contact_value'];
33 $delivery_method = $otp_verification_params['delivery_method'];
34
35 $result = OsOTPHelper::verifyOTP($otp_code, $contact_value, $contact_type, $delivery_method);
36
37 $message = __('Invalid Code', 'latepoint');
38 $status = LATEPOINT_STATUS_ERROR;
39
40 if ( is_wp_error($result) ) {
41 $message = $result->get_error_message();
42 }elseif($result['status'] == LATEPOINT_STATUS_ERROR){
43 $message = $result['message'];
44 }elseif($result['status'] == LATEPOINT_STATUS_SUCCESS) {
45 // Success
46 $status = LATEPOINT_STATUS_SUCCESS;
47 $message = OsOTPHelper::create_verification_token($contact_value, $contact_type);
48 // if auth is enabled - make sure customer is logged in
49 if(OsAuthHelper::is_customer_auth_enabled() && !OsAuthHelper::is_customer_logged_in()){
50 $customer = OsCustomerHelper::get_by_contact($contact_value, $contact_type);
51 if($customer && !$customer->is_new_record()){
52 OsAuthHelper::authorize_customer($customer->id);
53 }
54 }
55 }
56 $this->send_json( array( 'status' => $status, 'message' => $message ) );
57 }
58
59 public function resend_otp(){
60 $this->check_nonce( 'otp_resend_otp_nonce', $this->params['otp']['resend_nonce'] );
61 $otp_verification_params = $this->params_for_otp_verification();
62 $contact_type = $otp_verification_params['contact_type'];
63 $contact_value = $otp_verification_params['contact_value'];
64 $delivery_method = $otp_verification_params['delivery_method'];
65
66 $result = OsOTPHelper::generateAndSendOTP($contact_value, $contact_type, $delivery_method);
67
68 $message = __('Error sending OTP', 'latepoint');
69 $status = LATEPOINT_STATUS_ERROR;
70
71 if ( is_wp_error($result) ) {
72 $message = $result->get_error_message();
73 }elseif($result['status'] == LATEPOINT_STATUS_ERROR){
74 $message = $result['message'];
75 }elseif($result['status'] == LATEPOINT_STATUS_SUCCESS){
76 // Success
77 $status = LATEPOINT_STATUS_SUCCESS;
78 $message = OsOTPHelper::otp_input_box_html($contact_type, $contact_value, $delivery_method);
79 }
80 $this->send_json( array( 'status' => $status, 'message' => $message ) );
81 }
82
83 public function request_otp(){
84 $this->check_nonce( 'auth_nonce', $this->params['auth']['nonce'] );
85
86 $auth_params = $this->params_for_otp_request();
87 $contact_type = $auth_params['contact_type'];
88 $contact_value = $auth_params[$contact_type];
89 $delivery_method = $auth_params['delivery_method'];
90
91 if(OsAuthHelper::is_classic_auth_flow()){
92 // in classic flow - you can't send a OTP request to a non existent account
93 $customer = new OsCustomerModel();
94 if($contact_type == 'email'){
95 $existing_customer = $customer->where(['email' => $contact_value])->set_limit(1)->get_results_as_models();
96 if(!$existing_customer){
97 $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __('We don\'t recognize this email. Double-check it or create an account.', 'latepoint') ) );
98 }
99 }elseif($contact_type == 'phone'){
100 $existing_customer = $customer->where(['phone' => $contact_value])->set_limit(1)->get_results_as_models();
101 if(!$existing_customer){
102 $this->send_json( array( 'status' => LATEPOINT_STATUS_ERROR, 'message' => __('We don\'t recognize this phone number. Double-check it or create an account.', 'latepoint') ) );
103 }
104 }
105 }
106
107 $result = OsOTPHelper::generateAndSendOTP($contact_value, $contact_type, $delivery_method);
108
109 $message = __('Error sending OTP', 'latepoint');
110 $status = LATEPOINT_STATUS_ERROR;
111
112 if ( is_wp_error($result) ) {
113 $message = $result->get_error_message();
114 }elseif($result['status'] == LATEPOINT_STATUS_ERROR){
115 $message = $result['message'];
116 }elseif($result['status'] == LATEPOINT_STATUS_SUCCESS){
117 // Success
118 $status = LATEPOINT_STATUS_SUCCESS;
119 $message = OsOTPHelper::otp_input_box_html($contact_type, $contact_value, $delivery_method);
120 }
121 $this->send_json( array( 'status' => $status, 'message' => $message ) );
122 }
123
124
125 private function params_for_otp_verification(): array {
126 $params = OsParamsHelper::get_param( 'otp' );
127 if ( empty( $params ) ) {
128 return [];
129 }
130
131 $otp_params = OsParamsHelper::permit_params( $params, [
132 'contact_value',
133 'contact_type',
134 'delivery_method',
135 'otp_code'
136 ] );
137
138 $otp_params['otp_code'] = sanitize_text_field( $otp_params['otp_code'] );
139 $otp_params['delivery_method'] = sanitize_text_field( $otp_params['delivery_method'] );
140
141 if($otp_params['contact_type'] == 'phone'){
142 $otp_params['contact_value'] = sanitize_text_field( $otp_params['contact_value'] );
143 }
144
145 if($otp_params['contact_type'] == 'email'){
146 $otp_params['contact_value'] = sanitize_email( $otp_params['contact_value'] );
147 }
148
149 /**
150 * Filtered auth params for steps
151 *
152 * @param {array} $otp_params a filtered array of auth params
153 * @param {array} $params unfiltered 'auth' params
154 * @returns {array} $otp_params a filtered array of auth params
155 *
156 * @since 5.2.0
157 * @hook latepoint_auth_params_for_otp_verification
158 *
159 */
160 return apply_filters( 'latepoint_auth_params_for_otp_verification', $otp_params, $params );
161 }
162
163 private function params_for_otp_request(): array {
164 $params = OsParamsHelper::get_param( 'auth' );
165 if ( empty( $params ) ) {
166 return [];
167 }
168
169 $auth_params = OsParamsHelper::permit_params( $params, [
170 'email',
171 'phone',
172 'contact_type',
173 'delivery_method',
174 'otp_code'
175 ] );
176
177 if ( ! empty( $auth_params['email'] ) ) {
178 $auth_params['email'] = sanitize_email( $auth_params['email'] );
179 }
180 if ( ! empty( $auth_params['phone'] ) ) {
181 $auth_params['phone'] = sanitize_text_field( $auth_params['phone'] );
182 }
183 if ( ! empty( $auth_params['otp_code'] ) ) {
184 $auth_params['otp_code'] = sanitize_text_field( $auth_params['otp_code'] );
185 }
186
187 /**
188 * Filtered auth params for steps
189 *
190 * @param {array} $auth_params a filtered array of auth params
191 * @param {array} $params unfiltered 'auth' params
192 * @returns {array} $auth_params a filtered array of auth params
193 *
194 * @since 5.2.0
195 * @hook latepoint_params_for_otp_request
196 *
197 */
198 return apply_filters( 'latepoint_params_for_otp_request', $auth_params, $params );
199 }
200
201
202 // Logs out customer and shows blank contact step
203 public function logout_customer() {
204 OsAuthHelper::logout_customer();
205
206 if ( $this->get_return_format() == 'json' ) {
207 $this->send_json( array( 'status' => LATEPOINT_STATUS_SUCCESS, 'message' => __( 'You have been logged out of your account.', 'latepoint' ) ) );
208 }
209 }
210
211 // Login customer and show contact step with prefilled info
212 public function login_customer() {
213 $contact_type = $this->params['auth']['contact_type'];
214 $contact_value = ($contact_type == 'email') ? $this->params['auth']['email'] : $this->params['auth']['phone'];
215 $customer = OsAuthHelper::login_customer( $contact_value, $this->params['auth']['password'], $this->params['auth']['contact_type'] );
216 if ( $customer ) {
217 $status = LATEPOINT_STATUS_SUCCESS;
218 $customer_id = $customer->id;
219 $response_html = __( 'Welcome back', 'latepoint' );
220 } else {
221 $status = LATEPOINT_STATUS_ERROR;
222 if($contact_type == 'email'){
223 $response_html = __( 'Sorry, that email or password didn\'t work.', 'latepoint' );
224 }elseif($contact_type == 'phone'){
225 $response_html = __( 'Sorry, that phone number or password didn\'t work.', 'latepoint' );
226 }else{
227 $response_html = __( 'Sorry, that didn\'t work.', 'latepoint' );
228 }
229 $customer_id = '';
230 }
231 if ( $this->get_return_format() == 'json' ) {
232 $this->send_json( array( 'status' => $status, 'message' => $response_html, 'customer_id' => $customer_id ) );
233 }
234 }
235
236 public function login_customer_using_social_data( $network, $social_user ) {
237 $customer_id = '';
238 if ( isset( $social_user['social_id'] ) ) {
239 $customer_was_updated = false;
240 $old_customer_data = [];
241 $social_id_field_name = $network . '_user_id';
242 $status = LATEPOINT_STATUS_SUCCESS;
243 $response_html = $social_user['social_id'];
244 // Search for existing customer with email that google provided
245 $customer = new OsCustomerModel();
246 $customer = $customer->where( array( 'email' => $social_user['email'] ) )->set_limit( 1 )->get_results_as_models();
247 if ( OsAuthHelper::can_wp_users_login_as_customers() ) {
248 if ( $customer->wordpress_user_id != email_exists( $social_user['email'] ) ) {
249 $old_customer_data = $customer->get_data_vars();
250 $customer->update_attributes( [ 'wordpress_user_id' => null ] );
251 $wp_user_id = OsCustomerHelper::create_wp_user_for_customer( $customer );
252 $customer_was_updated = true;
253 if ( ! $wp_user_id ) {
254 $status = LATEPOINT_STATUS_ERROR;
255 $response_html = __( 'Error creating wp user', 'latepoint' );
256 }
257 }
258 }
259 // Create customer if its not found
260 if ( ! $customer ) {
261 $customer = new OsCustomerModel();
262 $customer->first_name = $social_user['first_name'];
263 $customer->last_name = $social_user['last_name'];
264 $customer->email = $social_user['email'];
265 $customer->$social_id_field_name = $social_user['social_id'];
266 if ( ! $customer->save( true ) ) {
267 $response_html = $customer->get_error_messages();
268 $status = LATEPOINT_STATUS_ERROR;
269 } else {
270 do_action( 'latepoint_customer_created', $customer );
271 }
272 }
273
274 if ( ( $status == LATEPOINT_STATUS_SUCCESS ) && $customer->id ) {
275 $customer_id = $customer->id;
276 // Update customer google user id if its not set yet
277 if ( $customer->$social_id_field_name != $social_user['social_id'] ) {
278 $old_customer_data = $customer->get_data_vars();
279 $customer->$social_id_field_name = $social_user['social_id'];
280 $customer->save();
281 $customer_was_updated = true;
282 }
283 OsAuthHelper::authorize_customer( $customer->id );
284 $response_html = __( 'Welcome back', 'latepoint' );
285 }
286 if ( $customer_was_updated && $old_customer_data ) {
287 do_action( 'latepoint_customer_updated', $customer, $old_customer_data );
288 }
289 } else {
290 // ERROR WITH GOOGLE LOGIN
291 $status = LATEPOINT_STATUS_ERROR;
292 $response_html = $social_user['error'];
293 }
294 if ( $this->get_return_format() == 'json' ) {
295 $this->send_json( array( 'status' => $status, 'message' => $response_html, 'customer_id' => $customer_id ) );
296 }
297
298 }
299
300
301 public function login_customer_using_google_token() {
302 $social_user = [];
303 $token = sanitize_text_field( $this->params['token'] );
304 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'google', $token );
305 if ( !empty($social_user) ) {
306 $this->login_customer_using_social_data( 'google', $social_user );
307 }
308 }
309
310 public function login_customer_using_facebook_token() {
311 $social_user = [];
312 $token = sanitize_text_field( $this->params['token'] );
313 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'facebook', $token );
314 if ( !empty($social_user) ) {
315 $this->login_customer_using_social_data( 'facebook', $social_user );
316 }
317 }
318
319
320 }
321 endif;