PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 4.4.3
WooCommerce v4.4.3
10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / includes / class-wc-auth.php
woocommerce / includes Last commit date
abstracts 5 years ago admin 5 years ago cli 5 years ago customizer 5 years ago data-stores 4 years ago emails 6 years ago export 5 years ago gateways 5 years ago import 5 years ago integrations 6 years ago interfaces 6 years ago legacy 5 years ago libraries 6 years ago log-handlers 6 years ago payment-tokens 6 years ago queue 7 years ago shipping 5 years ago shortcodes 5 years ago theme-support 6 years ago tracks 5 years ago traits 6 years ago walkers 8 years ago wccom-site 6 years ago widgets 5 years ago class-wc-ajax.php 5 years ago class-wc-api.php 6 years ago class-wc-auth.php 7 years ago class-wc-autoloader.php 6 years ago class-wc-background-emailer.php 6 years ago class-wc-background-updater.php 7 years ago class-wc-breadcrumb.php 7 years ago class-wc-cache-helper.php 5 years ago class-wc-cart-fees.php 6 years ago class-wc-cart-session.php 6 years ago class-wc-cart-totals.php 5 years ago class-wc-cart.php 5 years ago class-wc-checkout.php 5 years ago class-wc-cli.php 8 years ago class-wc-comments.php 5 years ago class-wc-countries.php 5 years ago class-wc-coupon.php 6 years ago class-wc-customer-download-log.php 8 years ago class-wc-customer-download.php 6 years ago class-wc-customer.php 7 years ago class-wc-data-exception.php 8 years ago class-wc-data-store.php 6 years ago class-wc-datetime.php 7 years ago class-wc-deprecated-action-hooks.php 8 years ago class-wc-deprecated-filter-hooks.php 7 years ago class-wc-discounts.php 6 years ago class-wc-download-handler.php 5 years ago class-wc-emails.php 6 years ago class-wc-embed.php 8 years ago class-wc-form-handler.php 5 years ago class-wc-frontend-scripts.php 6 years ago class-wc-geo-ip.php 8 years ago class-wc-geolite-integration.php 6 years ago class-wc-geolocation.php 6 years ago class-wc-https.php 8 years ago class-wc-install.php 4 years ago class-wc-integrations.php 6 years ago class-wc-log-levels.php 7 years ago class-wc-logger.php 6 years ago class-wc-meta-data.php 7 years ago class-wc-order-factory.php 6 years ago class-wc-order-item-coupon.php 5 years ago class-wc-order-item-fee.php 5 years ago class-wc-order-item-meta.php 7 years ago class-wc-order-item-product.php 5 years ago class-wc-order-item-shipping.php 5 years ago class-wc-order-item-tax.php 5 years ago class-wc-order-item.php 6 years ago class-wc-order-query.php 7 years ago class-wc-order-refund.php 8 years ago class-wc-order.php 5 years ago class-wc-payment-gateways.php 6 years ago class-wc-payment-tokens.php 6 years ago class-wc-post-data.php 6 years ago class-wc-post-types.php 5 years ago class-wc-privacy-background-process.php 8 years ago class-wc-privacy-erasers.php 6 years ago class-wc-privacy-exporters.php 6 years ago class-wc-privacy.php 6 years ago class-wc-product-attribute.php 7 years ago class-wc-product-download.php 6 years ago class-wc-product-external.php 8 years ago class-wc-product-factory.php 7 years ago class-wc-product-grouped.php 8 years ago class-wc-product-query.php 7 years ago class-wc-product-simple.php 6 years ago class-wc-product-variable.php 5 years ago class-wc-product-variation.php 5 years ago class-wc-query.php 5 years ago class-wc-rate-limiter.php 6 years ago class-wc-regenerate-images-request.php 7 years ago class-wc-regenerate-images.php 7 years ago class-wc-register-wp-admin-settings.php 8 years ago class-wc-rest-authentication.php 6 years ago class-wc-rest-exception.php 6 years ago class-wc-session-handler.php 6 years ago class-wc-shipping-rate.php 8 years ago class-wc-shipping-zone.php 6 years ago class-wc-shipping-zones.php 6 years ago class-wc-shipping.php 5 years ago class-wc-shortcodes.php 6 years ago class-wc-structured-data.php 5 years ago class-wc-tax.php 6 years ago class-wc-template-loader.php 6 years ago class-wc-tracker.php 6 years ago class-wc-validation.php 5 years ago class-wc-webhook.php 6 years ago class-woocommerce.php 4 years ago wc-account-functions.php 5 years ago wc-attribute-functions.php 5 years ago wc-cart-functions.php 5 years ago wc-conditional-functions.php 6 years ago wc-core-functions.php 5 years ago wc-coupon-functions.php 7 years ago wc-deprecated-functions.php 5 years ago wc-formatting-functions.php 5 years ago wc-notice-functions.php 6 years ago wc-order-functions.php 5 years ago wc-order-item-functions.php 6 years ago wc-page-functions.php 6 years ago wc-product-functions.php 6 years ago wc-rest-functions.php 6 years ago wc-stock-functions.php 5 years ago wc-template-functions.php 5 years ago wc-template-hooks.php 6 years ago wc-term-functions.php 6 years ago wc-update-functions.php 4 years ago wc-user-functions.php 5 years ago wc-webhook-functions.php 5 years ago wc-widget-functions.php 8 years ago
class-wc-auth.php
422 lines
1 <?php
2 /**
3 * WooCommerce Auth
4 *
5 * Handles wc-auth endpoint requests.
6 *
7 * @package WooCommerce/API
8 * @since 2.4.0
9 */
10
11 defined( 'ABSPATH' ) || exit;
12
13 /**
14 * Auth class.
15 */
16 class WC_Auth {
17
18 /**
19 * Version.
20 *
21 * @var int
22 */
23 const VERSION = 1;
24
25 /**
26 * Setup class.
27 *
28 * @since 2.4.0
29 */
30 public function __construct() {
31 // Add query vars.
32 add_filter( 'query_vars', array( $this, 'add_query_vars' ), 0 );
33
34 // Register auth endpoint.
35 add_action( 'init', array( __CLASS__, 'add_endpoint' ), 0 );
36
37 // Handle auth requests.
38 add_action( 'parse_request', array( $this, 'handle_auth_requests' ), 0 );
39 }
40
41 /**
42 * Add query vars.
43 *
44 * @since 2.4.0
45 * @param array $vars Query variables.
46 * @return string[]
47 */
48 public function add_query_vars( $vars ) {
49 $vars[] = 'wc-auth-version';
50 $vars[] = 'wc-auth-route';
51 return $vars;
52 }
53
54 /**
55 * Add auth endpoint.
56 *
57 * @since 2.4.0
58 */
59 public static function add_endpoint() {
60 add_rewrite_rule( '^wc-auth/v([1]{1})/(.*)?', 'index.php?wc-auth-version=$matches[1]&wc-auth-route=$matches[2]', 'top' );
61 }
62
63 /**
64 * Get scope name.
65 *
66 * @since 2.4.0
67 * @param string $scope Permission scope.
68 * @return string
69 */
70 protected function get_i18n_scope( $scope ) {
71 $permissions = array(
72 'read' => __( 'Read', 'woocommerce' ),
73 'write' => __( 'Write', 'woocommerce' ),
74 'read_write' => __( 'Read/Write', 'woocommerce' ),
75 );
76
77 return $permissions[ $scope ];
78 }
79
80 /**
81 * Return a list of permissions a scope allows.
82 *
83 * @since 2.4.0
84 * @param string $scope Permission scope.
85 * @return array
86 */
87 protected function get_permissions_in_scope( $scope ) {
88 $permissions = array();
89 switch ( $scope ) {
90 case 'read':
91 $permissions[] = __( 'View coupons', 'woocommerce' );
92 $permissions[] = __( 'View customers', 'woocommerce' );
93 $permissions[] = __( 'View orders and sales reports', 'woocommerce' );
94 $permissions[] = __( 'View products', 'woocommerce' );
95 break;
96 case 'write':
97 $permissions[] = __( 'Create webhooks', 'woocommerce' );
98 $permissions[] = __( 'Create coupons', 'woocommerce' );
99 $permissions[] = __( 'Create customers', 'woocommerce' );
100 $permissions[] = __( 'Create orders', 'woocommerce' );
101 $permissions[] = __( 'Create products', 'woocommerce' );
102 break;
103 case 'read_write':
104 $permissions[] = __( 'Create webhooks', 'woocommerce' );
105 $permissions[] = __( 'View and manage coupons', 'woocommerce' );
106 $permissions[] = __( 'View and manage customers', 'woocommerce' );
107 $permissions[] = __( 'View and manage orders and sales reports', 'woocommerce' );
108 $permissions[] = __( 'View and manage products', 'woocommerce' );
109 break;
110 }
111 return apply_filters( 'woocommerce_api_permissions_in_scope', $permissions, $scope );
112 }
113
114 /**
115 * Build auth urls.
116 *
117 * @since 2.4.0
118 * @param array $data Data to build URL.
119 * @param string $endpoint Endpoint.
120 * @return string
121 */
122 protected function build_url( $data, $endpoint ) {
123 $url = wc_get_endpoint_url( 'wc-auth/v' . self::VERSION, $endpoint, home_url( '/' ) );
124
125 return add_query_arg(
126 array(
127 'app_name' => wc_clean( $data['app_name'] ),
128 'user_id' => wc_clean( $data['user_id'] ),
129 'return_url' => rawurlencode( $this->get_formatted_url( $data['return_url'] ) ),
130 'callback_url' => rawurlencode( $this->get_formatted_url( $data['callback_url'] ) ),
131 'scope' => wc_clean( $data['scope'] ),
132 ), $url
133 );
134 }
135
136 /**
137 * Decode and format a URL.
138 *
139 * @param string $url URL.
140 * @return string
141 */
142 protected function get_formatted_url( $url ) {
143 $url = urldecode( $url );
144
145 if ( ! strstr( $url, '://' ) ) {
146 $url = 'https://' . $url;
147 }
148
149 return $url;
150 }
151
152 /**
153 * Make validation.
154 *
155 * @since 2.4.0
156 * @throws Exception When validate fails.
157 */
158 protected function make_validation() {
159 $data = array();
160 $params = array(
161 'app_name',
162 'user_id',
163 'return_url',
164 'callback_url',
165 'scope',
166 );
167
168 foreach ( $params as $param ) {
169 if ( empty( $_REQUEST[ $param ] ) ) { // WPCS: input var ok, CSRF ok.
170 /* translators: %s: parameter */
171 throw new Exception( sprintf( __( 'Missing parameter %s', 'woocommerce' ), $param ) );
172 }
173
174 $data[ $param ] = wp_unslash( $_REQUEST[ $param ] ); // WPCS: input var ok, CSRF ok, sanitization ok.
175 }
176
177 if ( ! in_array( $data['scope'], array( 'read', 'write', 'read_write' ), true ) ) {
178 /* translators: %s: scope */
179 throw new Exception( sprintf( __( 'Invalid scope %s', 'woocommerce' ), wc_clean( $data['scope'] ) ) );
180 }
181
182 foreach ( array( 'return_url', 'callback_url' ) as $param ) {
183 $param = $this->get_formatted_url( $data[ $param ] );
184
185 if ( false === filter_var( $param, FILTER_VALIDATE_URL ) ) {
186 /* translators: %s: url */
187 throw new Exception( sprintf( __( 'The %s is not a valid URL', 'woocommerce' ), $param ) );
188 }
189 }
190
191 $callback_url = $this->get_formatted_url( $data['callback_url'] );
192
193 if ( 0 !== stripos( $callback_url, 'https://' ) ) {
194 throw new Exception( __( 'The callback_url needs to be over SSL', 'woocommerce' ) );
195 }
196 }
197
198 /**
199 * Create keys.
200 *
201 * @since 2.4.0
202 *
203 * @param string $app_name App name.
204 * @param string $app_user_id User ID.
205 * @param string $scope Scope.
206 *
207 * @return array
208 */
209 protected function create_keys( $app_name, $app_user_id, $scope ) {
210 global $wpdb;
211
212 $description = sprintf(
213 /* translators: 1: app name 2: scope 3: date 4: time */
214 __( '%1$s - API %2$s (created on %3$s at %4$s).', 'woocommerce' ),
215 wc_clean( $app_name ),
216 $this->get_i18n_scope( $scope ),
217 date_i18n( wc_date_format() ),
218 date_i18n( wc_time_format() )
219 );
220 $user = wp_get_current_user();
221
222 // Created API keys.
223 $permissions = in_array( $scope, array( 'read', 'write', 'read_write' ), true ) ? sanitize_text_field( $scope ) : 'read';
224 $consumer_key = 'ck_' . wc_rand_hash();
225 $consumer_secret = 'cs_' . wc_rand_hash();
226
227 $wpdb->insert(
228 $wpdb->prefix . 'woocommerce_api_keys',
229 array(
230 'user_id' => $user->ID,
231 'description' => $description,
232 'permissions' => $permissions,
233 'consumer_key' => wc_api_hash( $consumer_key ),
234 'consumer_secret' => $consumer_secret,
235 'truncated_key' => substr( $consumer_key, -7 ),
236 ),
237 array(
238 '%d',
239 '%s',
240 '%s',
241 '%s',
242 '%s',
243 '%s',
244 )
245 );
246
247 return array(
248 'key_id' => $wpdb->insert_id,
249 'user_id' => $app_user_id,
250 'consumer_key' => $consumer_key,
251 'consumer_secret' => $consumer_secret,
252 'key_permissions' => $permissions,
253 );
254 }
255
256 /**
257 * Post consumer data.
258 *
259 * @since 2.4.0
260 *
261 * @throws Exception When validation fails.
262 * @param array $consumer_data Consumer data.
263 * @param string $url URL.
264 * @return bool
265 */
266 protected function post_consumer_data( $consumer_data, $url ) {
267 $params = array(
268 'body' => wp_json_encode( $consumer_data ),
269 'timeout' => 60,
270 'headers' => array(
271 'Content-Type' => 'application/json;charset=' . get_bloginfo( 'charset' ),
272 ),
273 );
274
275 $response = wp_safe_remote_post( esc_url_raw( $url ), $params );
276
277 if ( is_wp_error( $response ) ) {
278 throw new Exception( $response->get_error_message() );
279 } elseif ( 200 !== intval( $response['response']['code'] ) ) {
280 throw new Exception( __( 'An error occurred in the request and at the time were unable to send the consumer data', 'woocommerce' ) );
281 }
282
283 return true;
284 }
285
286 /**
287 * Handle auth requests.
288 *
289 * @since 2.4.0
290 * @throws Exception When auth_endpoint validation fails.
291 */
292 public function handle_auth_requests() {
293 global $wp;
294
295 if ( ! empty( $_GET['wc-auth-version'] ) ) { // WPCS: input var ok, CSRF ok.
296 $wp->query_vars['wc-auth-version'] = wc_clean( wp_unslash( $_GET['wc-auth-version'] ) ); // WPCS: input var ok, CSRF ok.
297 }
298
299 if ( ! empty( $_GET['wc-auth-route'] ) ) { // WPCS: input var ok, CSRF ok.
300 $wp->query_vars['wc-auth-route'] = wc_clean( wp_unslash( $_GET['wc-auth-route'] ) ); // WPCS: input var ok, CSRF ok.
301 }
302
303 // wc-auth endpoint requests.
304 if ( ! empty( $wp->query_vars['wc-auth-version'] ) && ! empty( $wp->query_vars['wc-auth-route'] ) ) {
305 $this->auth_endpoint( $wp->query_vars['wc-auth-route'] );
306 }
307 }
308
309 /**
310 * Auth endpoint.
311 *
312 * @since 2.4.0
313 * @throws Exception When validation fails.
314 * @param string $route Route.
315 */
316 protected function auth_endpoint( $route ) {
317 ob_start();
318
319 $consumer_data = array();
320
321 try {
322 $route = strtolower( wc_clean( $route ) );
323 $this->make_validation();
324
325 $data = wp_unslash( $_REQUEST ); // WPCS: input var ok, CSRF ok.
326
327 // Login endpoint.
328 if ( 'login' === $route && ! is_user_logged_in() ) {
329 wc_get_template(
330 'auth/form-login.php', array(
331 'app_name' => wc_clean( $data['app_name'] ),
332 'return_url' => add_query_arg(
333 array(
334 'success' => 0,
335 'user_id' => wc_clean( $data['user_id'] ),
336 ), $this->get_formatted_url( $data['return_url'] )
337 ),
338 'redirect_url' => $this->build_url( $data, 'authorize' ),
339 )
340 );
341 exit;
342
343 } elseif ( 'login' === $route && is_user_logged_in() ) {
344 // Redirect with user is logged in.
345 wp_redirect( esc_url_raw( $this->build_url( $data, 'authorize' ) ) );
346 exit;
347
348 } elseif ( 'authorize' === $route && ! is_user_logged_in() ) {
349 // Redirect with user is not logged in and trying to access the authorize endpoint.
350 wp_redirect( esc_url_raw( $this->build_url( $data, 'login' ) ) );
351 exit;
352
353 } elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
354 // Authorize endpoint.
355 wc_get_template(
356 'auth/form-grant-access.php', array(
357 'app_name' => wc_clean( $data['app_name'] ),
358 'return_url' => add_query_arg(
359 array(
360 'success' => 0,
361 'user_id' => wc_clean( $data['user_id'] ),
362 ), $this->get_formatted_url( $data['return_url'] )
363 ),
364 'scope' => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
365 'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
366 'granted_url' => wp_nonce_url( $this->build_url( $data, 'access_granted' ), 'wc_auth_grant_access', 'wc_auth_nonce' ),
367 'logout_url' => wp_logout_url( $this->build_url( $data, 'login' ) ),
368 'user' => wp_get_current_user(),
369 )
370 );
371 exit;
372
373 } elseif ( 'access_granted' === $route && current_user_can( 'manage_woocommerce' ) ) {
374 // Granted access endpoint.
375 if ( ! isset( $_GET['wc_auth_nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['wc_auth_nonce'] ) ), 'wc_auth_grant_access' ) ) { // WPCS: input var ok.
376 throw new Exception( __( 'Invalid nonce verification', 'woocommerce' ) );
377 }
378
379 $consumer_data = $this->create_keys( $data['app_name'], $data['user_id'], $data['scope'] );
380 $response = $this->post_consumer_data( $consumer_data, $this->get_formatted_url( $data['callback_url'] ) );
381
382 if ( $response ) {
383 wp_redirect(
384 esc_url_raw(
385 add_query_arg(
386 array(
387 'success' => 1,
388 'user_id' => wc_clean( $data['user_id'] ),
389 ), $this->get_formatted_url( $data['return_url'] )
390 )
391 )
392 );
393 exit;
394 }
395 } else {
396 throw new Exception( __( 'You do not have permission to access this page', 'woocommerce' ) );
397 }
398 } catch ( Exception $e ) {
399 $this->maybe_delete_key( $consumer_data );
400
401 /* translators: %s: error message */
402 wp_die( sprintf( esc_html__( 'Error: %s.', 'woocommerce' ), esc_html( $e->getMessage() ) ), esc_html__( 'Access denied', 'woocommerce' ), array( 'response' => 401 ) );
403 }
404 }
405
406 /**
407 * Maybe delete key.
408 *
409 * @since 2.4.0
410 *
411 * @param array $key Key.
412 */
413 private function maybe_delete_key( $key ) {
414 global $wpdb;
415
416 if ( isset( $key['key_id'] ) ) {
417 $wpdb->delete( $wpdb->prefix . 'woocommerce_api_keys', array( 'key_id' => $key['key_id'] ), array( '%d' ) );
418 }
419 }
420 }
421 new WC_Auth();
422