WC_REST_Authentication::perform_basic_authentication()privateWC 1.0

Basic Authentication.

SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid.

Метод класса: WC_REST_Authentication{}

Хуков нет.

Возвращает

int|true|false.

Использование

// private - только в коде основоного (родительского) класса
$result = $this->perform_basic_authentication();

Код WC_REST_Authentication::perform_basic_authentication() WC 9.3.3

private function perform_basic_authentication() {
	$this->auth_method = 'basic_auth';
	$consumer_key      = '';
	$consumer_secret   = '';

	// If the $_GET parameters are present, use those first.
	if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok.
		$consumer_key    = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok.
		$consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok.
	}

	// If the above is not present, we will do full basic auth.
	if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
		$consumer_key    = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok.
		$consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok.
	}

	// Stop if don't have any key.
	if ( ! $consumer_key || ! $consumer_secret ) {
		return false;
	}

	// Get user data.
	$this->user = $this->get_user_data_by_consumer_key( $consumer_key );
	if ( empty( $this->user ) ) {
		return false;
	}

	// Validate user secret.
	if ( ! hash_equals( $this->user->consumer_secret, $consumer_secret ) ) { // @codingStandardsIgnoreLine
		$this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer secret is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) );

		return false;
	}

	return $this->user->user_id;
}