WC_API_Authentication::perform_ssl_authentication()
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
Method of the class: WC_API_Authentication{}
No Hooks.
Return
Array.
Usage
// private - for code of main (parent) class only $result = $this->perform_ssl_authentication();
Changelog
| Since 2.1 | Introduced. |
WC_API_Authentication::perform_ssl_authentication() WC API Authentication::perform ssl authentication code WC 7.7.0
private function perform_ssl_authentication() {
$params = WC()->api->server->params['GET'];
// Get consumer key
if ( ! empty( $_SERVER['PHP_AUTH_USER'] ) ) {
// Should be in HTTP Auth header by default
$consumer_key = $_SERVER['PHP_AUTH_USER'];
} elseif ( ! empty( $params['consumer_key'] ) ) {
// Allow a query string parameter as a fallback
$consumer_key = $params['consumer_key'];
} else {
throw new Exception( __( 'Consumer key is missing.', 'woocommerce' ), 404 );
}
// Get consumer secret
if ( ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
// Should be in HTTP Auth header by default
$consumer_secret = $_SERVER['PHP_AUTH_PW'];
} elseif ( ! empty( $params['consumer_secret'] ) ) {
// Allow a query string parameter as a fallback
$consumer_secret = $params['consumer_secret'];
} else {
throw new Exception( __( 'Consumer secret is missing.', 'woocommerce' ), 404 );
}
$keys = $this->get_keys_by_consumer_key( $consumer_key );
if ( ! $this->is_consumer_secret_valid( $keys['consumer_secret'], $consumer_secret ) ) {
throw new Exception( __( 'Consumer secret is invalid.', 'woocommerce' ), 401 );
}
return $keys;
}