WC_Auth::auth_endpoint() │ protected │ WC 2.4.0
Auth endpoint.
Method of the class: WC_Auth{}
No Hooks.
Return
null
. Nothing (null).
Usage
// protected - for code of main (parent) or child class $result = $this->auth_endpoint( $route );
- $route(string) (required)
- Route.
Changelog
Since 2.4.0 | Introduced. |
WC_Auth::auth_endpoint() WC Auth::auth endpoint code WC 9.4.2
protected function auth_endpoint( $route ) { ob_start(); $consumer_data = array(); try { $route = strtolower( wc_clean( $route ) ); $this->make_validation(); $data = wp_unslash( $_REQUEST ); // WPCS: input var ok, CSRF ok. // Login endpoint. if ( 'login' === $route && ! is_user_logged_in() ) { /** * If a merchant is using the WordPress SSO (handled through Jetpack) * to manage their authorisation then it is likely they'll find that * their username and password do not work through this form. We * instead need to redirect them to the WordPress login so that they * can then be redirected back here with a valid token. */ // Check if Jetpack is installed and activated. if ( class_exists( 'Jetpack' ) && Jetpack::connection()->has_connected_owner() ) { // Check if the user is using the WordPress.com SSO. if ( Jetpack::is_module_active( 'sso' ) ) { $redirect_url = $this->build_url( $data, 'authorize' ); // Build the SSO URL. $login_url = \Automattic\Jetpack\Connection\SSO::get_instance()->build_sso_button_url( array( 'redirect_to' => rawurlencode( esc_url_raw( $redirect_url ) ), 'action' => 'login', ) ); // Perform the redirect. wp_safe_redirect( $login_url ); exit; } } wc_get_template( 'auth/form-login.php', array( 'app_name' => wc_clean( $data['app_name'] ), 'return_url' => add_query_arg( array( 'success' => 0, 'user_id' => wc_clean( $data['user_id'] ), ), $this->get_formatted_url( $data['return_url'] ) ), 'redirect_url' => $this->build_url( $data, 'authorize' ), ) ); exit; } elseif ( 'login' === $route && is_user_logged_in() ) { // Redirect with user is logged in. wp_redirect( esc_url_raw( $this->build_url( $data, 'authorize' ) ) ); exit; } elseif ( 'authorize' === $route && ! is_user_logged_in() ) { // Redirect with user is not logged in and trying to access the authorize endpoint. wp_redirect( esc_url_raw( $this->build_url( $data, 'login' ) ) ); exit; } elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) { // Authorize endpoint. wc_get_template( 'auth/form-grant-access.php', array( 'app_name' => wc_clean( $data['app_name'] ), 'callback_url' => $this->get_formatted_url( $data['callback_url'] ), 'return_url' => add_query_arg( array( 'success' => 0, 'user_id' => wc_clean( $data['user_id'] ), ), $this->get_formatted_url( $data['return_url'] ) ), 'scope' => $this->get_i18n_scope( wc_clean( $data['scope'] ) ), 'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ), 'granted_url' => wp_nonce_url( $this->build_url( $data, 'access_granted' ), 'wc_auth_grant_access', 'wc_auth_nonce' ), 'logout_url' => wp_logout_url( $this->build_url( $data, 'login' ) ), 'user' => wp_get_current_user(), ) ); exit; } elseif ( 'access_granted' === $route && current_user_can( 'manage_woocommerce' ) ) { // Granted access endpoint. if ( ! isset( $_GET['wc_auth_nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['wc_auth_nonce'] ) ), 'wc_auth_grant_access' ) ) { // WPCS: input var ok. throw new Exception( __( 'Invalid nonce verification', 'woocommerce' ) ); } $consumer_data = $this->create_keys( $data['app_name'], $data['user_id'], $data['scope'] ); $response = $this->post_consumer_data( $consumer_data, $this->get_formatted_url( $data['callback_url'] ) ); if ( $response ) { wp_redirect( esc_url_raw( add_query_arg( array( 'success' => 1, 'user_id' => wc_clean( $data['user_id'] ), ), $this->get_formatted_url( $data['return_url'] ) ) ) ); exit; } } else { throw new Exception( __( 'You do not have permission to access this page', 'woocommerce' ) ); } } catch ( Exception $e ) { $this->maybe_delete_key( $consumer_data ); /* translators: %s: error message */ wp_die( sprintf( esc_html__( 'Error: %s.', 'woocommerce' ), esc_html( $e->getMessage() ) ), esc_html__( 'Access denied', 'woocommerce' ), array( 'response' => 401 ) ); } }