WC_API_Authentication::perform_ssl_authentication()
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
Method of the class: WC_API_Authentication{}
No Hooks.
Return
Array
.
Usage
// private - for code of main (parent) class only $result = $this->perform_ssl_authentication();
Changelog
Since 2.1 | Introduced. |
WC_API_Authentication::perform_ssl_authentication() WC API Authentication::perform ssl authentication code WC 8.6.1
private function perform_ssl_authentication() { $params = WC()->api->server->params['GET']; // if the $_GET parameters are present, use those first if ( ! empty( $params['consumer_key'] ) && ! empty( $params['consumer_secret'] ) ) { $keys = $this->get_keys_by_consumer_key( $params['consumer_key'] ); if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $params['consumer_secret'] ) ) { throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 ); } return $keys; } // if the above is not present, we will do full basic auth if ( empty( $_SERVER['PHP_AUTH_USER'] ) || empty( $_SERVER['PHP_AUTH_PW'] ) ) { $this->exit_with_unauthorized_headers(); } $keys = $this->get_keys_by_consumer_key( $_SERVER['PHP_AUTH_USER'] ); if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $_SERVER['PHP_AUTH_PW'] ) ) { $this->exit_with_unauthorized_headers(); } return $keys; }