PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 4.9.1
WP STAGING – WordPress Backup, Restore, Migration & Clone v4.9.1
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Framework / Security / Auth.php
wp-staging / Framework / Security Last commit date
Otp 6 months ago AccessToken.php 11 months ago Auth.php 2 years ago Capabilities.php 1 year ago DataEncryption.php 1 month ago EncryptionNoticeService.php 1 month ago Nonce.php 3 years ago UniqueIdentifier.php 3 years ago
Auth.php
78 lines
1 <?php
2
3 namespace WPStaging\Framework\Security;
4
5 /**
6 * Class Auth
7 *
8 * This class provide helping methods for authentication different kinds of request
9 * like ajax, non-ajax etc
10 *
11 * @package WPStaging\Framework\Security
12 */
13 class Auth
14 {
15 /**
16 * @var Capabilities
17 */
18 protected $capabilities;
19
20 /**
21 * @var AccessToken
22 */
23 protected $accessToken;
24
25 /**
26 * @var Nonce
27 */
28 protected $nonce;
29
30 /**
31 * @param Capabilities $capabilities
32 * @param AccessToken $accessToken
33 * @param Nonce $nonce
34 */
35 public function __construct(Capabilities $capabilities, AccessToken $accessToken, Nonce $nonce)
36 {
37 $this->capabilities = $capabilities;
38 $this->accessToken = $accessToken;
39 $this->nonce = $nonce;
40 }
41
42 /**
43 * Validate (ajax) request with wpstg nonce or access token.
44 * Criteria to be a valid request should satisfy any point below:
45 *
46 * A. User must be logged in and must have capability to manage WP Staging.
47 * WP Staging Nonce must be valid
48 * or
49 * B. WP Staging Access Token must be valid
50 *
51 *
52 * @param string $nonce
53 * @param string $capability
54 * @todo In case we need it later, we can consider updating $capability to be an array of capabilities
55 *
56 * @return bool
57 */
58 public function isAuthenticatedRequest(string $nonce = '', string $capability = ''): bool
59 {
60 if (empty($nonce)) {
61 $nonce = Nonce::WPSTG_NONCE;
62 }
63
64 if (empty($capability)) {
65 $capability = $this->capabilities->manageWPSTG();
66 }
67
68 if (
69 $this->nonce->requestHasValidNonce($nonce) &&
70 current_user_can($capability)
71 ) {
72 return true;
73 }
74
75 return $this->accessToken->requestHasValidToken();
76 }
77 }
78