WC_REST_Authentication::check_oauth_signature()
Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret.
Метод класса: WC_REST_Authentication{}
Хуков нет.
Возвращает
true|WP_Error
.
Использование
// private - только в коде основоного (родительского) класса $result = $this->check_oauth_signature( $user, $params );
- $user(stdClass) (обязательный)
- User data.
- $params(массив) (обязательный)
- The request parameters.
Код WC_REST_Authentication::check_oauth_signature() WC REST Authentication::check oauth signature WC 8.7.0
private function check_oauth_signature( $user, $params ) { $http_method = isset( $_SERVER['REQUEST_METHOD'] ) ? strtoupper( $_SERVER['REQUEST_METHOD'] ) : ''; // WPCS: sanitization ok. $request_path = isset( $_SERVER['REQUEST_URI'] ) ? wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) : ''; // WPCS: sanitization ok. $wp_base = get_home_url( null, '/', 'relative' ); if ( substr( $request_path, 0, strlen( $wp_base ) ) === $wp_base ) { $request_path = substr( $request_path, strlen( $wp_base ) ); } $base_request_uri = rawurlencode( get_home_url( null, $request_path, is_ssl() ? 'https' : 'http' ) ); // Get the signature provided by the consumer and remove it from the parameters prior to checking the signature. $consumer_signature = rawurldecode( str_replace( ' ', '+', $params['oauth_signature'] ) ); unset( $params['oauth_signature'] ); // Sort parameters. if ( ! uksort( $params, 'strcmp' ) ) { return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - failed to sort parameters.', 'woocommerce' ), array( 'status' => 401 ) ); } // Normalize parameter key/values. $params = $this->normalize_parameters( $params ); $query_string = implode( '%26', $this->join_with_equals_sign( $params ) ); // Join with ampersand. $string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string; if ( 'HMAC-SHA1' !== $params['oauth_signature_method'] && 'HMAC-SHA256' !== $params['oauth_signature_method'] ) { return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - signature method is invalid.', 'woocommerce' ), array( 'status' => 401 ) ); } $hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) ); $secret = $user->consumer_secret . '&'; $signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $secret, true ) ); if ( ! hash_equals( $signature, $consumer_signature ) ) { // @codingStandardsIgnoreLine return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - provided signature does not match.', 'woocommerce' ), array( 'status' => 401 ) ); } return true; }