WC_REST_Authentication::check_oauth_timestamp_and_nonce() │ private │ WC 1.0

Verify that the timestamp and nonce provided with the request are valid. This prevents replay attacks where an attacker could attempt to re-send an intercepted request at a later time.

A timestamp is valid if it is within 15 minutes of now.
A nonce is valid if it has not been used within the last 15 minutes.

Метод класса: WC_REST_Authentication{}

Хуков нет.

Возвращает

true|false|WP_Error.

Использование

// private - только в коде основоного (родительского) класса
$result = $this->check_oauth_timestamp_and_nonce( $user, $timestamp, $nonce );

$user(stdClass) (обязательный): User data.
$timestamp(int) (обязательный): The unix timestamp for when the request was made.
$nonce(строка) (обязательный): A unique (for the given user) 32 alphanumeric string, consumer-generated.

Код `WC_REST_Authentication::check_oauth_timestamp_and_nonce() WC REST Authentication::check oauth timestamp and nonce` ^{WC 8.7.0}

woocommerce/includes/class-wc-rest-authentication.php

private function check_oauth_timestamp_and_nonce( $user, $timestamp, $nonce ) {
	global $wpdb;

	$valid_window = 15 * 60; // 15 minute window.

	if ( ( $timestamp < time() - $valid_window ) || ( $timestamp > time() + $valid_window ) ) {
		return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid timestamp.', 'woocommerce' ), array( 'status' => 401 ) );
	}

	$used_nonces = maybe_unserialize( $user->nonces );

	if ( empty( $used_nonces ) ) {
		$used_nonces = array();
	}

	if ( in_array( $nonce, $used_nonces, true ) ) {
		return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid nonce - nonce has already been used.', 'woocommerce' ), array( 'status' => 401 ) );
	}

	$used_nonces[ $timestamp ] = $nonce;

	// Remove expired nonces.
	foreach ( $used_nonces as $nonce_timestamp => $nonce ) {
		if ( $nonce_timestamp < ( time() - $valid_window ) ) {
			unset( $used_nonces[ $nonce_timestamp ] );
		}
	}

	$used_nonces = maybe_serialize( $used_nonces );

	$wpdb->update(
		$wpdb->prefix . 'woocommerce_api_keys',
		array( 'nonces' => $used_nonces ),
		array( 'key_id' => $user->key_id ),
		array( '%s' ),
		array( '%d' )
	);

	return true;
}

WC_REST_Authentication::check_oauth_timestamp_and_nonce() │ private │ WC 1.0

Возвращает

Использование

Код WC_REST_Authentication::check_oauth_timestamp_and_nonce() WC REST Authentication::check oauth timestamp and nonce WC 8.7.0

Код `WC_REST_Authentication::check_oauth_timestamp_and_nonce() WC REST Authentication::check oauth timestamp and nonce` ^{WC 8.7.0}