WC_WCCOM_Site::authenticate_wccom()public staticWC 3.7.0

Authenticate Woo.com request.

Метод класса: WC_WCCOM_Site{}

Хуков нет.

Возвращает

int|false.

Использование

$result = WC_WCCOM_Site::authenticate_wccom( $user_id );
$user_id(int|false) (обязательный)
User ID.

Список изменений

С версии 3.7.0 Введена.

Код WC_WCCOM_Site::authenticate_wccom() WC 8.7.0

public static function authenticate_wccom( $user_id ) {
	if ( ! empty( $user_id ) || ! self::is_request_to_wccom_site_rest_api() ) {
		return $user_id;
	}

	$auth_header = trim( self::get_authorization_header() );

	if ( stripos( $auth_header, 'Bearer ' ) === 0 ) {
		$access_token = trim( substr( $auth_header, 7 ) );
	} elseif ( ! empty( $_GET['token'] ) && is_string( $_GET['token'] ) ) {  // phpcs:ignore WordPress.Security.NonceVerification.Recommended
		$access_token = trim( $_GET['token'] );  // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	} else {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::NO_ACCESS_TOKEN );
			}
		);
		return false;
	}

	if ( ! empty( $_SERVER['HTTP_X_WOO_SIGNATURE'] ) ) {
		$signature = trim( $_SERVER['HTTP_X_WOO_SIGNATURE'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	} elseif ( ! empty( $_GET['signature'] ) && is_string( $_GET['signature'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
		$signature = trim( $_GET['signature'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	} else {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::NO_SIGNATURE );
			}
		);
		return false;
	}

	require_once WC_ABSPATH . 'includes/admin/helper/class-wc-helper-options.php';
	$site_auth = WC_Helper_Options::get( 'auth' );

	if ( empty( $site_auth['access_token'] ) ) {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::SITE_NOT_CONNECTED );
			}
		);
		return false;
	}

	if ( ! hash_equals( $access_token, $site_auth['access_token'] ) ) {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::INVALID_TOKEN );
			}
		);
		return false;
	}

	$body = WP_REST_Server::get_raw_data();

	if ( ! self::verify_wccom_request( $body, $signature, $site_auth['access_token_secret'] ) ) {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::REQUEST_VERIFICATION_FAILED );
			}
		);
		return false;
	}

	$user = get_user_by( 'id', $site_auth['user_id'] );
	if ( ! $user ) {
		add_filter(
			self::AUTH_ERROR_FILTER_NAME,
			function() {
				return new Installer_Error( Installer_Error_Codes::USER_NOT_FOUND );
			}
		);
		return false;
	}

	return $user;
}