WC_API_Authentication::perform_ssl_authentication()
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
Метод класса: WC_API_Authentication{}
Хуков нет.
Возвращает
Массив.
Использование
// private - только в коде основоного (родительского) класса $result = $this->perform_ssl_authentication();
Список изменений
| С версии 2.1 | Введена. |
Код WC_API_Authentication::perform_ssl_authentication() WC API Authentication::perform ssl authentication WC 7.7.0
private function perform_ssl_authentication() {
$params = WC()->api->server->params['GET'];
// Get consumer key
if ( ! empty( $_SERVER['PHP_AUTH_USER'] ) ) {
// Should be in HTTP Auth header by default
$consumer_key = $_SERVER['PHP_AUTH_USER'];
} elseif ( ! empty( $params['consumer_key'] ) ) {
// Allow a query string parameter as a fallback
$consumer_key = $params['consumer_key'];
} else {
throw new Exception( __( 'Consumer key is missing.', 'woocommerce' ), 404 );
}
// Get consumer secret
if ( ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
// Should be in HTTP Auth header by default
$consumer_secret = $_SERVER['PHP_AUTH_PW'];
} elseif ( ! empty( $params['consumer_secret'] ) ) {
// Allow a query string parameter as a fallback
$consumer_secret = $params['consumer_secret'];
} else {
throw new Exception( __( 'Consumer secret is missing.', 'woocommerce' ), 404 );
}
$keys = $this->get_keys_by_consumer_key( $consumer_key );
if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $consumer_secret ) ) {
throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 );
}
return $keys;
}