WC_API_Authentication::perform_ssl_authentication()privateWC 2.1

SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid

Method of the class: WC_API_Authentication{}

No Hooks.

Return

Array.

Usage

// private - for code of main (parent) class only
$result = $this->perform_ssl_authentication();

Changelog

Since 2.1 Introduced.

WC_API_Authentication::perform_ssl_authentication() code WC 8.6.1

private function perform_ssl_authentication() {
	$params = WC()->api->server->params['GET'];

	// if the $_GET parameters are present, use those first
	if ( ! empty( $params['consumer_key'] ) && ! empty( $params['consumer_secret'] ) ) {
		$keys = $this->get_keys_by_consumer_key( $params['consumer_key'] );

		if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $params['consumer_secret'] ) ) {
			throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 );
		}

		return $keys;
	}

	// if the above is not present, we will do full basic auth
	if ( empty( $_SERVER['PHP_AUTH_USER'] ) || empty( $_SERVER['PHP_AUTH_PW'] ) ) {
		$this->exit_with_unauthorized_headers();
	}

	$keys = $this->get_keys_by_consumer_key( $_SERVER['PHP_AUTH_USER'] );

	if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $_SERVER['PHP_AUTH_PW'] ) ) {
		$this->exit_with_unauthorized_headers();
	}

	return $keys;
}