WC_API_Authentication::check_oauth_signature()
Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret
Метод класса: WC_API_Authentication{}
Хуков нет.
Возвращает
null
. Ничего (null).
Использование
// private - только в коде основоного (родительского) класса $result = $this->check_oauth_signature( $keys, $params );
- $keys(массив) (обязательный)
- -
- $params(массив) (обязательный)
- the request parameters
Код WC_API_Authentication::check_oauth_signature() WC API Authentication::check oauth signature WC 8.7.0
private function check_oauth_signature( $keys, $params ) { $http_method = strtoupper( WC()->api->server->method ); $server_path = WC()->api->server->path; // if the requested URL has a trailingslash, make sure our base URL does as well if ( isset( $_SERVER['REDIRECT_URL'] ) && '/' === substr( $_SERVER['REDIRECT_URL'], -1 ) ) { $server_path .= '/'; } $base_request_uri = rawurlencode( untrailingslashit( get_woocommerce_api_url( '' ) ) . $server_path ); // Get the signature provided by the consumer and remove it from the parameters prior to checking the signature $consumer_signature = rawurldecode( str_replace( ' ', '+', $params['oauth_signature'] ) ); unset( $params['oauth_signature'] ); // Sort parameters if ( ! uksort( $params, 'strcmp' ) ) { throw new Exception( __( 'Invalid signature - failed to sort parameters.', 'woocommerce' ), 401 ); } // Normalize parameter key/values $params = $this->normalize_parameters( $params ); $query_parameters = array(); foreach ( $params as $param_key => $param_value ) { if ( is_array( $param_value ) ) { foreach ( $param_value as $param_key_inner => $param_value_inner ) { $query_parameters[] = $param_key . '%255B' . $param_key_inner . '%255D%3D' . $param_value_inner; } } else { $query_parameters[] = $param_key . '%3D' . $param_value; // join with equals sign } } $query_string = implode( '%26', $query_parameters ); // join with ampersand $string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string; if ( 'HMAC-SHA1' !== $params['oauth_signature_method'] && 'HMAC-SHA256' !== $params['oauth_signature_method'] ) { throw new Exception( __( 'Invalid signature - signature method is invalid.', 'woocommerce' ), 401 ); } $hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) ); $secret = $keys['consumer_secret'] . '&'; $signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $secret, true ) ); if ( ! hash_equals( $signature, $consumer_signature ) ) { throw new Exception( __( 'Invalid signature - provided signature does not match.', 'woocommerce' ), 401 ); } }