WC_REST_Authentication::perform_basic_authentication()
Basic Authentication.
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid.
Метод класса: WC_REST_Authentication{}
Хуков нет.
Возвращает
int|true|false
.
Использование
// private - только в коде основоного (родительского) класса $result = $this->perform_basic_authentication();
Код WC_REST_Authentication::perform_basic_authentication() WC REST Authentication::perform basic authentication WC 9.3.3
private function perform_basic_authentication() { $this->auth_method = 'basic_auth'; $consumer_key = ''; $consumer_secret = ''; // If the $_GET parameters are present, use those first. if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok. $consumer_key = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok. $consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok. } // If the above is not present, we will do full basic auth. if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) { $consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok. $consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok. } // Stop if don't have any key. if ( ! $consumer_key || ! $consumer_secret ) { return false; } // Get user data. $this->user = $this->get_user_data_by_consumer_key( $consumer_key ); if ( empty( $this->user ) ) { return false; } // Validate user secret. if ( ! hash_equals( $this->user->consumer_secret, $consumer_secret ) ) { // @codingStandardsIgnoreLine $this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer secret is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) ); return false; } return $this->user->user_id; }