WC_REST_Authentication::check_oauth_timestamp_and_nonce()
Verify that the timestamp and nonce provided with the request are valid. This prevents replay attacks where an attacker could attempt to re-send an intercepted request at a later time.
- A timestamp is valid if it is within 15 minutes of now.
- A nonce is valid if it has not been used within the last 15 minutes.
Метод класса: WC_REST_Authentication{}
Хуков нет.
Возвращает
true|false|WP_Error
.
Использование
// private - только в коде основоного (родительского) класса $result = $this->check_oauth_timestamp_and_nonce( $user, $timestamp, $nonce );
- $user(stdClass) (обязательный)
- User data.
- $timestamp(int) (обязательный)
- The unix timestamp for when the request was made.
- $nonce(строка) (обязательный)
- A unique (for the given user) 32 alphanumeric string, consumer-generated.
Код WC_REST_Authentication::check_oauth_timestamp_and_nonce() WC REST Authentication::check oauth timestamp and nonce WC 8.7.0
private function check_oauth_timestamp_and_nonce( $user, $timestamp, $nonce ) { global $wpdb; $valid_window = 15 * 60; // 15 minute window. if ( ( $timestamp < time() - $valid_window ) || ( $timestamp > time() + $valid_window ) ) { return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid timestamp.', 'woocommerce' ), array( 'status' => 401 ) ); } $used_nonces = maybe_unserialize( $user->nonces ); if ( empty( $used_nonces ) ) { $used_nonces = array(); } if ( in_array( $nonce, $used_nonces, true ) ) { return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid nonce - nonce has already been used.', 'woocommerce' ), array( 'status' => 401 ) ); } $used_nonces[ $timestamp ] = $nonce; // Remove expired nonces. foreach ( $used_nonces as $nonce_timestamp => $nonce ) { if ( $nonce_timestamp < ( time() - $valid_window ) ) { unset( $used_nonces[ $nonce_timestamp ] ); } } $used_nonces = maybe_serialize( $used_nonces ); $wpdb->update( $wpdb->prefix . 'woocommerce_api_keys', array( 'nonces' => $used_nonces ), array( 'key_id' => $user->key_id ), array( '%s' ), array( '%d' ) ); return true; }