WC_API_Authentication::perform_ssl_authentication() │ private │ WC 2.1

SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid

Метод класса: WC_API_Authentication{}

Хуков нет.

Возвращает

Массив.

Использование

// private - только в коде основоного (родительского) класса
$result = $this->perform_ssl_authentication();

Список изменений

Код WC_API_Authentication::perform_ssl_authentication() WC API Authentication::perform ssl authentication ^{WC 8.7.0}

private function perform_ssl_authentication() {
	$params = WC()->api->server->params['GET'];

	// if the $_GET parameters are present, use those first
	if ( ! empty( $params['consumer_key'] ) && ! empty( $params['consumer_secret'] ) ) {
		$keys = $this->get_keys_by_consumer_key( $params['consumer_key'] );

		if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $params['consumer_secret'] ) ) {
			throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 );
		}

		return $keys;
	}

	// if the above is not present, we will do full basic auth
	if ( empty( $_SERVER['PHP_AUTH_USER'] ) || empty( $_SERVER['PHP_AUTH_PW'] ) ) {
		$this->exit_with_unauthorized_headers();
	}

	$keys = $this->get_keys_by_consumer_key( $_SERVER['PHP_AUTH_USER'] );

	if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $_SERVER['PHP_AUTH_PW'] ) ) {
		$this->exit_with_unauthorized_headers();
	}

	return $keys;
}