WC_REST_Authentication::perform_basic_authentication()
Basic Authentication.
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid.
Метод класса: WC_REST_Authentication{}
Хуков нет.
Возвращает
int|true|false.
Использование
// private - только в коде основоного (родительского) класса $result = $this->perform_basic_authentication();
Код WC_REST_Authentication::perform_basic_authentication() WC REST Authentication::perform basic authentication WC 8.7.0
private function perform_basic_authentication() {
$this->auth_method = 'basic_auth';
$consumer_key = '';
$consumer_secret = '';
// If the $_GET parameters are present, use those first.
if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok.
$consumer_key = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok.
}
// If the above is not present, we will do full basic auth.
if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
$consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok.
}
// Stop if don't have any key.
if ( ! $consumer_key || ! $consumer_secret ) {
return false;
}
// Get user data.
$this->user = $this->get_user_data_by_consumer_key( $consumer_key );
if ( empty( $this->user ) ) {
return false;
}
// Validate user secret.
if ( ! hash_equals( $this->user->consumer_secret, $consumer_secret ) ) { // @codingStandardsIgnoreLine
$this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer secret is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) );
return false;
}
return $this->user->user_id;
}