PluginProbe ʕ •ᴥ•ʔ
LatePoint – Calendar Booking Plugin for Appointments and Events / trunk
LatePoint – Calendar Booking Plugin for Appointments and Events vtrunk
5.6.5 5.6.4 5.6.3 5.6.2 5.6.1 5.6.0 5.5.2 5.5.1 5.5.0 5.4.2 trunk 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.91 5.1.92 5.1.93 5.1.94 5.2.0 5.2.1 5.2.10 5.2.11 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.0 5.3.1 5.3.2 5.4.0 5.4.1
latepoint / lib / controllers / auth_controller.php
latepoint / lib / controllers Last commit date
activities_controller.php 1 month ago auth_controller.php 3 months ago booking_form_settings_controller.php 3 months ago bookings_controller.php 12 hours ago calendars_controller.php 3 months ago carts_controller.php 12 hours ago controller.php 3 months ago customer_cabinet_controller.php 2 months ago customers_controller.php 12 hours ago dashboard_controller.php 2 months ago default_agent_controller.php 3 months ago events_controller.php 3 months ago form_fields_controller.php 1 week ago integrations_controller.php 3 months ago invoices_controller.php 12 hours ago manage_booking_by_key_controller.php 3 months ago manage_order_by_key_controller.php 3 months ago notifications_controller.php 3 months ago orders_controller.php 12 hours ago pro_controller.php 2 weeks ago process_jobs_controller.php 3 months ago processes_controller.php 1 month ago razorpay_connect_controller.php 1 week ago search_controller.php 3 months ago services_controller.php 3 months ago settings_controller.php 2 months ago steps_controller.php 2 weeks ago stripe_connect_controller.php 1 week ago support_topics_controller.php 3 months ago todos_controller.php 3 months ago transactions_controller.php 12 hours ago wizard_controller.php 1 week ago
auth_controller.php
388 lines
1 <?php
2 if ( ! defined( 'ABSPATH' ) ) {
3 exit; // Exit if accessed directly.
4 }
5
6
7 if ( ! class_exists( 'OsAuthController' ) ) :
8
9
10 class OsAuthController extends OsController {
11
12 function __construct() {
13 parent::__construct();
14 $this->action_access['public'] = array_merge(
15 $this->action_access['public'],
16 [
17 'logout_customer',
18 'login_customer',
19 'login_customer_using_social_data',
20 'login_customer_using_google_token',
21 'login_customer_using_facebook_token',
22 'request_otp',
23 'verify_otp',
24 'resend_otp',
25 ]
26 );
27 $this->views_folder = LATEPOINT_VIEWS_ABSPATH . 'auth/';
28 }
29
30 public function verify_otp() {
31 $this->check_nonce( 'otp_verify_otp_nonce', $this->params['otp']['verify_nonce'] );
32 $otp_verification_params = $this->params_for_otp_verification();
33 $otp_code = $otp_verification_params['otp_code'];
34 $contact_type = $otp_verification_params['contact_type'];
35 $contact_value = $otp_verification_params['contact_value'];
36 $delivery_method = $otp_verification_params['delivery_method'];
37
38 $result = OsOTPHelper::verifyOTP( $otp_code, $contact_value, $contact_type, $delivery_method );
39
40 $message = __( 'Invalid Code', 'latepoint' );
41 $status = LATEPOINT_STATUS_ERROR;
42
43 if ( is_wp_error( $result ) ) {
44 $message = $result->get_error_message();
45 } elseif ( $result['status'] == LATEPOINT_STATUS_ERROR ) {
46 $message = $result['message'];
47 } elseif ( $result['status'] == LATEPOINT_STATUS_SUCCESS ) {
48 // Success
49 $status = LATEPOINT_STATUS_SUCCESS;
50 $message = OsOTPHelper::create_verification_token( $contact_value, $contact_type );
51 // if auth is enabled - make sure customer is logged in
52 if ( OsAuthHelper::is_customer_auth_enabled() && ! OsAuthHelper::is_customer_logged_in() ) {
53 $customer = OsCustomerHelper::get_by_contact( $contact_value, $contact_type );
54 if ( $customer && ! $customer->is_new_record() ) {
55 OsAuthHelper::authorize_customer( $customer->id );
56 }
57 }
58 }
59 $this->send_json(
60 array(
61 'status' => $status,
62 'message' => $message,
63 )
64 );
65 }
66
67 public function resend_otp() {
68 $this->check_nonce( 'otp_resend_otp_nonce', $this->params['otp']['resend_nonce'] );
69 $otp_verification_params = $this->params_for_otp_verification();
70 $contact_type = $otp_verification_params['contact_type'];
71 $contact_value = $otp_verification_params['contact_value'];
72 $delivery_method = $otp_verification_params['delivery_method'];
73
74 $result = OsOTPHelper::generateAndSendOTP( $contact_value, $contact_type, $delivery_method );
75
76 $message = __( 'Error sending OTP', 'latepoint' );
77 $status = LATEPOINT_STATUS_ERROR;
78
79 if ( is_wp_error( $result ) ) {
80 $message = $result->get_error_message();
81 } elseif ( $result['status'] == LATEPOINT_STATUS_ERROR ) {
82 $message = $result['message'];
83 } elseif ( $result['status'] == LATEPOINT_STATUS_SUCCESS ) {
84 // Success
85 $status = LATEPOINT_STATUS_SUCCESS;
86 $message = OsOTPHelper::otp_input_box_html( $contact_type, $contact_value, $delivery_method );
87 }
88 $this->send_json(
89 array(
90 'status' => $status,
91 'message' => $message,
92 )
93 );
94 }
95
96 public function request_otp() {
97 $this->check_nonce( 'auth_nonce', $this->params['auth']['nonce'] );
98
99 $auth_params = $this->params_for_otp_request();
100 $contact_type = $auth_params['contact_type'];
101 $contact_value = $auth_params[ $contact_type ];
102 $delivery_method = $auth_params['delivery_method'];
103
104 if ( OsAuthHelper::is_classic_auth_flow() ) {
105 // in classic flow - you can't send a OTP request to a non existent account
106 $customer = new OsCustomerModel();
107 if ( $contact_type == 'email' ) {
108 $existing_customer = $customer->where( [ 'email' => $contact_value ] )->set_limit( 1 )->get_results_as_models();
109 if ( ! $existing_customer ) {
110 $this->send_json(
111 array(
112 'status' => LATEPOINT_STATUS_ERROR,
113 'message' => __( 'We don\'t recognize this email. Double-check it or create an account.', 'latepoint' ),
114 )
115 );
116 }
117 } elseif ( $contact_type == 'phone' ) {
118 $existing_customer = $customer->where( [ 'phone' => $contact_value ] )->set_limit( 1 )->get_results_as_models();
119 if ( ! $existing_customer ) {
120 $this->send_json(
121 array(
122 'status' => LATEPOINT_STATUS_ERROR,
123 'message' => __( 'We don\'t recognize this phone number. Double-check it or create an account.', 'latepoint' ),
124 )
125 );
126 }
127 }
128 }
129
130 $result = OsOTPHelper::generateAndSendOTP( $contact_value, $contact_type, $delivery_method );
131
132 $message = __( 'Error sending OTP', 'latepoint' );
133 $status = LATEPOINT_STATUS_ERROR;
134
135 if ( is_wp_error( $result ) ) {
136 $message = $result->get_error_message();
137 } elseif ( $result['status'] == LATEPOINT_STATUS_ERROR ) {
138 $message = $result['message'];
139 } elseif ( $result['status'] == LATEPOINT_STATUS_SUCCESS ) {
140 // Success
141 $status = LATEPOINT_STATUS_SUCCESS;
142 $message = OsOTPHelper::otp_input_box_html( $contact_type, $contact_value, $delivery_method );
143 }
144 $this->send_json(
145 array(
146 'status' => $status,
147 'message' => $message,
148 )
149 );
150 }
151
152
153 private function params_for_otp_verification(): array {
154 $params = OsParamsHelper::get_param( 'otp' );
155 if ( empty( $params ) ) {
156 return [];
157 }
158
159 $otp_params = OsParamsHelper::permit_params(
160 $params,
161 [
162 'contact_value',
163 'contact_type',
164 'delivery_method',
165 'otp_code',
166 ]
167 );
168
169 $otp_params['otp_code'] = sanitize_text_field( $otp_params['otp_code'] );
170 $otp_params['delivery_method'] = sanitize_text_field( $otp_params['delivery_method'] );
171
172 if ( $otp_params['contact_type'] == 'phone' ) {
173 $otp_params['contact_value'] = sanitize_text_field( $otp_params['contact_value'] );
174 }
175
176 if ( $otp_params['contact_type'] == 'email' ) {
177 $otp_params['contact_value'] = sanitize_email( $otp_params['contact_value'] );
178 }
179
180 /**
181 * Filtered auth params for steps
182 *
183 * @param {array} $otp_params a filtered array of auth params
184 * @param {array} $params unfiltered 'auth' params
185 * @returns {array} $otp_params a filtered array of auth params
186 *
187 * @since 5.2.0
188 * @hook latepoint_auth_params_for_otp_verification
189 *
190 */
191 return apply_filters( 'latepoint_auth_params_for_otp_verification', $otp_params, $params );
192 }
193
194 private function params_for_otp_request(): array {
195 $params = OsParamsHelper::get_param( 'auth' );
196 if ( empty( $params ) ) {
197 return [];
198 }
199
200 $auth_params = OsParamsHelper::permit_params(
201 $params,
202 [
203 'email',
204 'phone',
205 'contact_type',
206 'delivery_method',
207 'otp_code',
208 ]
209 );
210
211 if ( ! empty( $auth_params['email'] ) ) {
212 $auth_params['email'] = sanitize_email( $auth_params['email'] );
213 }
214 if ( ! empty( $auth_params['phone'] ) ) {
215 $auth_params['phone'] = sanitize_text_field( $auth_params['phone'] );
216 }
217 if ( ! empty( $auth_params['otp_code'] ) ) {
218 $auth_params['otp_code'] = sanitize_text_field( $auth_params['otp_code'] );
219 }
220
221 /**
222 * Filtered auth params for steps
223 *
224 * @param {array} $auth_params a filtered array of auth params
225 * @param {array} $params unfiltered 'auth' params
226 * @returns {array} $auth_params a filtered array of auth params
227 *
228 * @since 5.2.0
229 * @hook latepoint_params_for_otp_request
230 *
231 */
232 return apply_filters( 'latepoint_params_for_otp_request', $auth_params, $params );
233 }
234
235
236 // Logs out customer and shows blank contact step
237 public function logout_customer() {
238 // Verify nonce.
239 $this->check_nonce( 'auth_nonce', $this->params['auth']['nonce'] );
240
241 OsAuthHelper::logout_customer();
242
243 if ( $this->get_return_format() == 'json' ) {
244 $this->send_json(
245 array(
246 'status' => LATEPOINT_STATUS_SUCCESS,
247 'message' => __( 'You have been logged out of your account.', 'latepoint' ),
248 )
249 );
250 }
251 }
252
253 // Login customer and show contact step with prefilled info
254 public function login_customer() {
255 // Verify nonce.
256 $this->check_nonce( 'auth_nonce', $this->params['auth']['nonce'] );
257
258 $contact_type = $this->params['auth']['contact_type'];
259 $contact_value = ( $contact_type == 'email' ) ? $this->params['auth']['email'] : $this->params['auth']['phone'];
260 $customer = OsAuthHelper::login_customer( $contact_value, $this->params['auth']['password'], $this->params['auth']['contact_type'] );
261 if ( $customer ) {
262 $status = LATEPOINT_STATUS_SUCCESS;
263 $customer_id = $customer->id;
264 $response_html = __( 'Welcome back', 'latepoint' );
265 } else {
266 $status = LATEPOINT_STATUS_ERROR;
267 if ( $contact_type == 'email' ) {
268 $response_html = __( 'Sorry, that email or password didn\'t work.', 'latepoint' );
269 } elseif ( $contact_type == 'phone' ) {
270 $response_html = __( 'Sorry, that phone number or password didn\'t work.', 'latepoint' );
271 } else {
272 $response_html = __( 'Sorry, that didn\'t work.', 'latepoint' );
273 }
274 $customer_id = '';
275 }
276 if ( $this->get_return_format() == 'json' ) {
277 $this->send_json(
278 array(
279 'status' => $status,
280 'message' => $response_html,
281 'customer_id' => $customer_id,
282 )
283 );
284 }
285 }
286
287 public function login_customer_using_social_data( $network, $social_user ) {
288 $customer_id = '';
289 if ( isset( $social_user['social_id'] ) ) {
290 $customer_was_updated = false;
291 $old_customer_data = [];
292 $social_id_field_name = $network . '_user_id';
293 $status = LATEPOINT_STATUS_SUCCESS;
294 $response_html = $social_user['social_id'];
295 // Search for existing customer with email that google provided
296 $customer = new OsCustomerModel();
297 $customer = $customer->where( array( 'email' => $social_user['email'] ) )->set_limit( 1 )->get_results_as_models();
298 if ( OsAuthHelper::can_wp_users_login_as_customers() ) {
299 if ( $customer->wordpress_user_id != email_exists( $social_user['email'] ) ) {
300 $old_customer_data = $customer->get_data_vars();
301 $customer->update_attributes( [ 'wordpress_user_id' => null ] );
302 $wp_user_id = OsCustomerHelper::create_wp_user_for_customer( $customer );
303 $customer_was_updated = true;
304 if ( ! $wp_user_id ) {
305 $status = LATEPOINT_STATUS_ERROR;
306 $response_html = __( 'Error creating wp user', 'latepoint' );
307 }
308 }
309 }
310 // Create customer if its not found
311 if ( ! $customer ) {
312 $customer = new OsCustomerModel();
313 $customer->first_name = $social_user['first_name'];
314 $customer->last_name = $social_user['last_name'];
315 $customer->email = $social_user['email'];
316 $customer->$social_id_field_name = $social_user['social_id'];
317 if ( ! $customer->save( true ) ) {
318 $response_html = $customer->get_error_messages();
319 $status = LATEPOINT_STATUS_ERROR;
320 } else {
321 do_action( 'latepoint_customer_created', $customer );
322 }
323 }
324
325 if ( ( $status == LATEPOINT_STATUS_SUCCESS ) && $customer->id ) {
326 $customer_id = $customer->id;
327 // Update customer google user id if its not set yet
328 if ( $customer->$social_id_field_name != $social_user['social_id'] ) {
329 $old_customer_data = $customer->get_data_vars();
330 $customer->$social_id_field_name = $social_user['social_id'];
331 $customer->save();
332 $customer_was_updated = true;
333 }
334 OsAuthHelper::authorize_customer( $customer->id );
335 $response_html = __( 'Welcome back', 'latepoint' );
336 }
337 if ( $customer_was_updated && $old_customer_data ) {
338 do_action( 'latepoint_customer_updated', $customer, $old_customer_data );
339 }
340 } else {
341 // ERROR WITH GOOGLE LOGIN
342 $status = LATEPOINT_STATUS_ERROR;
343 $response_html = $social_user['error'];
344 }
345 if ( $this->get_return_format() == 'json' ) {
346 $this->send_json(
347 array(
348 'status' => $status,
349 'message' => $response_html,
350 'customer_id' => $customer_id,
351 )
352 );
353 }
354 }
355
356
357 public function login_customer_using_google_token() {
358 // Condition for pro compatibility. Remove later.
359 if ( isset( $this->params['nonce'] ) ) {
360 // Verify nonce.
361 $this->check_nonce( 'social_login_nonce', $this->params['nonce'] );
362 }
363
364 $social_user = [];
365 $token = sanitize_text_field( $this->params['token'] );
366 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'google', $token );
367 if ( ! empty( $social_user ) ) {
368 $this->login_customer_using_social_data( 'google', $social_user );
369 }
370 }
371
372 public function login_customer_using_facebook_token() {
373 // Condition for pro compatibility. Remove later.
374 if ( isset( $this->params['nonce'] ) ) {
375 // Verify nonce.
376 $this->check_nonce( 'social_login_nonce', $this->params['nonce'] );
377 }
378
379 $social_user = [];
380 $token = sanitize_text_field( $this->params['token'] );
381 $social_user = apply_filters( 'latepoint_get_social_user_by_token', $social_user, 'facebook', $token );
382 if ( ! empty( $social_user ) ) {
383 $this->login_customer_using_social_data( 'facebook', $social_user );
384 }
385 }
386 }
387 endif;
388