WC_API_Authentication::check_oauth_signature()privateWC 1.0

Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret

Метод класса: WC_API_Authentication{}

Хуков нет.

Возвращает

null. Ничего.

Использование

// private - только в коде основоного (родительского) класса
$result = $this->check_oauth_signature( $keys, $params );
$keys(массив) (обязательный)
-
$params(массив) (обязательный)
the request parameters

Код WC_API_Authentication::check_oauth_signature() WC 7.7.2

woocommerce/includes/legacy/api/v1/class-wc-api-authentication.php 
private function check_oauth_signature( $keys, $params ) {

	$http_method = strtoupper( WC()->api->server->method );

	$base_request_uri = rawurlencode( untrailingslashit( get_woocommerce_api_url( '' ) ) . WC()->api->server->path );

	// Get the signature provided by the consumer and remove it from the parameters prior to checking the signature
	$consumer_signature = rawurldecode( str_replace( ' ', '+', $params['oauth_signature'] ) );
	unset( $params['oauth_signature'] );

	// Remove filters and convert them from array to strings to void normalize issues
	if ( isset( $params['filter'] ) ) {
		$filters = $params['filter'];
		unset( $params['filter'] );
		foreach ( $filters as $filter => $filter_value ) {
			$params[ 'filter[' . $filter . ']' ] = $filter_value;
		}
	}

	// Normalize parameter key/values
	$params = $this->normalize_parameters( $params );

	// Sort parameters
	if ( ! uksort( $params, 'strcmp' ) ) {
		throw new Exception( __( 'Invalid signature - failed to sort parameters.', 'woocommerce' ), 401 );
	}

	// Form query string
	$query_params = array();
	foreach ( $params as $param_key => $param_value ) {

		$query_params[] = $param_key . '%3D' . $param_value; // join with equals sign
	}
	$query_string = implode( '%26', $query_params ); // join with ampersand

	$string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string;

	if ( 'HMAC-SHA1' !== $params['oauth_signature_method'] && 'HMAC-SHA256' !== $params['oauth_signature_method'] ) {
		throw new Exception( __( 'Invalid signature - signature method is invalid.', 'woocommerce' ), 401 );
	}

	$hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) );

	$signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $keys['consumer_secret'], true ) );

	if ( ! hash_equals( $signature, $consumer_signature ) ) {
		throw new Exception( __( 'Invalid signature - provided signature does not match.', 'woocommerce' ), 401 );
	}
}