WC_Auth::auth_endpoint()protectedWC 2.4.0

Auth endpoint.

Method of the class: WC_Auth{}

No Hooks.

Return

null. Nothing (null).

Usage

// protected - for code of main (parent) or child class
$result = $this->auth_endpoint( $route );
$route(string) (required)
Route.

Changelog

Since 2.4.0 Introduced.

WC_Auth::auth_endpoint() code WC 9.4.2

protected function auth_endpoint( $route ) {
	ob_start();

	$consumer_data = array();

	try {
		$route = strtolower( wc_clean( $route ) );
		$this->make_validation();

		$data = wp_unslash( $_REQUEST ); // WPCS: input var ok, CSRF ok.

		// Login endpoint.
		if ( 'login' === $route && ! is_user_logged_in() ) {
			/**
			 * If a merchant is using the WordPress SSO (handled through Jetpack)
			 * to manage their authorisation then it is likely they'll find that
			 * their username and password do not work through this form. We
			 * instead need to redirect them to the WordPress login so that they
			 * can then be redirected back here with a valid token.
			 */

			// Check if Jetpack is installed and activated.
			if ( class_exists( 'Jetpack' ) && Jetpack::connection()->has_connected_owner() ) {

				// Check if the user is using the WordPress.com SSO.
				if ( Jetpack::is_module_active( 'sso' ) ) {

					$redirect_url = $this->build_url( $data, 'authorize' );

					// Build the SSO URL.
					$login_url = \Automattic\Jetpack\Connection\SSO::get_instance()->build_sso_button_url(
						array(
							'redirect_to' => rawurlencode( esc_url_raw( $redirect_url ) ),
							'action'      => 'login',
						)
					);

					// Perform the redirect.
					wp_safe_redirect( $login_url );
					exit;
				}
			}

			wc_get_template(
				'auth/form-login.php',
				array(
					'app_name'     => wc_clean( $data['app_name'] ),
					'return_url'   => add_query_arg(
						array(
							'success' => 0,
							'user_id' => wc_clean( $data['user_id'] ),
						),
						$this->get_formatted_url( $data['return_url'] )
					),
					'redirect_url' => $this->build_url( $data, 'authorize' ),
				)
			);
			exit;

		} elseif ( 'login' === $route && is_user_logged_in() ) {
			// Redirect with user is logged in.
			wp_redirect( esc_url_raw( $this->build_url( $data, 'authorize' ) ) );
			exit;

		} elseif ( 'authorize' === $route && ! is_user_logged_in() ) {
			// Redirect with user is not logged in and trying to access the authorize endpoint.
			wp_redirect( esc_url_raw( $this->build_url( $data, 'login' ) ) );
			exit;

		} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
			// Authorize endpoint.
			wc_get_template(
				'auth/form-grant-access.php',
				array(
					'app_name'     => wc_clean( $data['app_name'] ),
					'callback_url' => $this->get_formatted_url( $data['callback_url'] ),
					'return_url'   => add_query_arg(
						array(
							'success' => 0,
							'user_id' => wc_clean( $data['user_id'] ),
						),
						$this->get_formatted_url( $data['return_url'] )
					),
					'scope'        => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
					'permissions'  => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
					'granted_url'  => wp_nonce_url( $this->build_url( $data, 'access_granted' ), 'wc_auth_grant_access', 'wc_auth_nonce' ),
					'logout_url'   => wp_logout_url( $this->build_url( $data, 'login' ) ),
					'user'         => wp_get_current_user(),
				)
			);
			exit;

		} elseif ( 'access_granted' === $route && current_user_can( 'manage_woocommerce' ) ) {
			// Granted access endpoint.
			if ( ! isset( $_GET['wc_auth_nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['wc_auth_nonce'] ) ), 'wc_auth_grant_access' ) ) { // WPCS: input var ok.
				throw new Exception( __( 'Invalid nonce verification', 'woocommerce' ) );
			}

			$consumer_data = $this->create_keys( $data['app_name'], $data['user_id'], $data['scope'] );
			$response      = $this->post_consumer_data( $consumer_data, $this->get_formatted_url( $data['callback_url'] ) );

			if ( $response ) {
				wp_redirect(
					esc_url_raw(
						add_query_arg(
							array(
								'success' => 1,
								'user_id' => wc_clean( $data['user_id'] ),
							),
							$this->get_formatted_url( $data['return_url'] )
						)
					)
				);
				exit;
			}
		} else {
			throw new Exception( __( 'You do not have permission to access this page', 'woocommerce' ) );
		}
	} catch ( Exception $e ) {
		$this->maybe_delete_key( $consumer_data );

		/* translators: %s: error message */
		wp_die( sprintf( esc_html__( 'Error: %s.', 'woocommerce' ), esc_html( $e->getMessage() ) ), esc_html__( 'Access denied', 'woocommerce' ), array( 'response' => 401 ) );
	}
}