WC_API_Authentication::perform_ssl_authentication()
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
Метод класса: WC_API_Authentication{}
Хуков нет.
Возвращает
Массив
.
Использование
// private - только в коде основоного (родительского) класса $result = $this->perform_ssl_authentication();
Список изменений
С версии 2.1 | Введена. |
Код WC_API_Authentication::perform_ssl_authentication() WC API Authentication::perform ssl authentication WC 7.7.0
private function perform_ssl_authentication() { $params = WC()->api->server->params['GET']; // Get consumer key if ( ! empty( $_SERVER['PHP_AUTH_USER'] ) ) { // Should be in HTTP Auth header by default $consumer_key = $_SERVER['PHP_AUTH_USER']; } elseif ( ! empty( $params['consumer_key'] ) ) { // Allow a query string parameter as a fallback $consumer_key = $params['consumer_key']; } else { throw new Exception( __( 'Consumer key is missing.', 'woocommerce' ), 404 ); } // Get consumer secret if ( ! empty( $_SERVER['PHP_AUTH_PW'] ) ) { // Should be in HTTP Auth header by default $consumer_secret = $_SERVER['PHP_AUTH_PW']; } elseif ( ! empty( $params['consumer_secret'] ) ) { // Allow a query string parameter as a fallback $consumer_secret = $params['consumer_secret']; } else { throw new Exception( __( 'Consumer secret is missing.', 'woocommerce' ), 404 ); } $keys = $this->get_keys_by_consumer_key( $consumer_key ); if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $consumer_secret ) ) { throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 ); } return $keys; }