PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 2.4.0
Tutor LMS – eLearning and online course solution v2.4.0
3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / restapi / RestAuth.php
tutor / restapi Last commit date
REST_Author.php 5 years ago REST_Course.php 4 years ago REST_Course_Announcement.php 5 years ago REST_Lesson.php 5 years ago REST_Quiz.php 5 years ago REST_Rating.php 5 years ago REST_Response.php 5 years ago REST_Topic.php 5 years ago RestAuth.php 3 years ago
RestAuth.php
270 lines
1 <?php
2 /**
3 * Manage Rest API Authentication
4 *
5 * API key, secret create, invoke etc
6 *
7 * @package Tutor
8 * @author Themeum <support@themeum.com>
9 * @link https://themeum.com
10 * @since 2.2.1
11 */
12
13 namespace TUTOR;
14
15 use Tutor\Helpers\QueryHelper;
16
17 if ( ! defined( 'ABSPATH' ) ) {
18 exit;
19 }
20
21 /**
22 * Rest API authentication
23 *
24 * @since 2.2.1
25 */
26 class RestAuth {
27
28 /**
29 * Permissions
30 *
31 * @var string
32 */
33 const READ = 'read';
34
35 /**
36 * User meta key to store key, secret, permission info
37 *
38 * @var string
39 */
40 const KEYS_USER_META_KEY = 'tutor-api-key-secret';
41
42 /**
43 * Register hooks.
44 *
45 * @since 2.2.1
46 *
47 * @return void
48 */
49 public function __construct() {
50 add_action( 'wp_ajax_tutor_generate_api_keys', __CLASS__ . '::generate_api_keys' );
51 add_action( 'wp_ajax_tutor_revoke_api_keys', __CLASS__ . '::revoke_api_keys' );
52 }
53
54 /**
55 * Generate api keys
56 *
57 * @since 2.2.1
58 *
59 * @return void send wp_json response
60 */
61 public static function generate_api_keys() {
62 // Validate nonce.
63 tutor_utils()->checking_nonce();
64
65 // Check user permission.
66 if ( ! current_user_can( 'administrator' ) ) {
67 wp_send_json_error( tutor_utils()->error_message() );
68 }
69
70 $api_key = 'key_' . bin2hex( random_bytes( 16 ) );
71 $api_secret = 'secret_' . bin2hex( random_bytes( 32 ) );
72
73 $permission = Input::post( 'permission' );
74
75 $info = wp_json_encode(
76 array(
77 'key' => $api_key,
78 'secret' => $api_secret,
79 'permission' => $permission,
80 )
81 );
82
83 // Update user meta.
84 $add = add_user_meta(
85 get_current_user_id(),
86 self::KEYS_USER_META_KEY,
87 $info
88 );
89
90 if ( $add ) {
91 $response = self::prepare_response( $add, $api_key, $api_secret, $permission );
92 wp_send_json_success( $response );
93 } else {
94 wp_send_json_error( tutor_utils()->error_message( '0' ) );
95 }
96
97 }
98
99 /**
100 * Revoke api keys
101 *
102 * @since 2.2.1
103 *
104 * @return void send wp_json response
105 */
106 public static function revoke_api_keys() {
107 // Validate nonce.
108 tutor_utils()->checking_nonce();
109
110 // Check user permission.
111 if ( ! current_user_can( 'administrator' ) ) {
112 wp_send_json_error( tutor_utils()->error_message() );
113 }
114
115 $meta_id = Input::post( 'meta_id', 0, Input::TYPE_INT );
116
117 if ( ! $meta_id ) {
118 wp_send_json_error( __( 'Invalid meta id', 'tutor' ) );
119 }
120
121 // Delete api keys.
122 global $wpdb;
123 $delete = QueryHelper::delete( $wpdb->usermeta, array( 'umeta_id' => $meta_id ) );
124
125 if ( $delete ) {
126 wp_send_json_success( __( 'API keys permanently revoked', 'tutor' ) );
127 } else {
128 wp_send_json_error( __( 'API keys revoke failed, please try again.', 'tutor' ) );
129 }
130 }
131
132 /**
133 * Check if api key & secret is valid
134 *
135 * @since 2.2.1
136 *
137 * @param string $api_key api key.
138 * @param string $api_secret api secret.
139 *
140 * @return boolean
141 */
142 public static function validate_api_key_secret( $api_key, $api_secret ) {
143 global $wpdb;
144 $table = $wpdb->usermeta;
145
146 $valid = false;
147
148 $results = QueryHelper::get_all(
149 $table,
150 array( 'meta_key' => self::KEYS_USER_META_KEY ), //phpcs:ignore
151 'umeta_id'
152 );
153
154 if ( is_array( $results ) && count( $results ) ) {
155 foreach ( $results as $result ) {
156 $result = json_decode( $result->meta_value );
157 if ( $result->key === $api_key && $result->secret === $api_secret ) {
158 $valid = true;
159 break;
160 }
161 }
162 }
163
164 return $valid;
165 }
166
167 /**
168 * Process api request
169 *
170 * @since 2.2.1
171 *
172 * @return boolean
173 */
174 public static function process_api_request() {
175 $headers = apache_request_headers();
176
177 if ( isset( $headers['Authorization'] ) ) {
178 $authorization_header = $headers['Authorization'];
179
180 if ( strpos( $authorization_header, 'Basic' ) !== false ) {
181 $base_64_credentials = str_replace( 'Basic ', '', $authorization_header );
182 $credentials = base64_decode( $base_64_credentials ); //phpcs:ignore
183
184 list($api_key, $api_secret) = explode( ':', $credentials );
185
186 if ( self::validate_api_key_secret( $api_key, $api_secret ) ) {
187 return true;
188 }
189 }
190 }
191
192 // Key and secret are invalid or not provided.
193 return false;
194 }
195
196 /**
197 * Prepare html response
198 *
199 * @since 2.2.1
200 *
201 * @param int $meta_id meta id.
202 * @param string $key api key.
203 * @param string $secret api secret.
204 * @param string $permission authorization permission.
205 *
206 * @return string
207 */
208 public static function prepare_response( $meta_id, $key, $secret, $permission ) {
209 $user_id = get_current_user_id();
210 ob_start();
211 ?>
212 <tr>
213 <td>
214 <?php echo esc_html( tutor_utils()->display_name( $user_id ) ); ?>
215 </td>
216 <td>
217 <a class="tutor-btn tutor-btn-outline-primary tutor-btn-sm">
218 <span class="tutor-icon-copy tutor-mr-8"></span>
219 <span class="tutor-copy-text" data-text="<?php echo esc_attr( $key ); ?>">
220 <?php echo esc_html( substr( $key, 0, 5 ) . '...' ); ?>
221 </span>
222 </a>
223 </td>
224 <td>
225 <a class="tutor-btn tutor-btn-outline-primary tutor-btn-sm">
226 <span class="tutor-icon-copy tutor-mr-8"></span>
227 <span class="tutor-copy-text" data-text="<?php echo esc_attr( $secret ); ?>">
228 <?php echo esc_html( substr( $secret, 0, 9 ) . '...' ); ?>
229 </span>
230 </a>
231 </td>
232 <td>
233 <?php echo esc_html( ucfirst( $permission ) ); ?>
234 </td>
235 <td>
236 <div class="tutor-dropdown-parent">
237 <button type="button" class="tutor-iconic-btn" action-tutor-dropdown="toggle">
238 <span class="tutor-icon-kebab-menu" area-hidden="true"></span>
239 </button>
240 <div class="tutor-dropdown tutor-dropdown-dark tutor-text-left">
241 <a href="javascript:void(0)" class="tutor-dropdown-item">
242 <i class="tutor-icon-trash-can-bold tutor-mr-8" area-hidden="true" data-meta-id="<?php echo esc_attr( $meta_id ); ?>"></i>
243 <span data-meta-id="<?php echo esc_attr( $meta_id ); ?>"><?php esc_html_e( 'Revoke', 'tutor' ); ?></span>
244 </a>
245 </div>
246 </div>
247 </td>
248 </tr>
249 <?php
250 return ob_get_clean();
251 }
252
253 /**
254 * Get available permission
255 *
256 * @since 2.2.1
257 *
258 * @return array
259 */
260 public static function available_permissions(): array {
261 $permissions = array(
262 array(
263 'value' => self::READ,
264 'label' => __( 'Read', 'tutor' ),
265 ),
266 );
267 return $permissions;
268 }
269 }
270