WC_REST_Authentication::get_oauth_parameters()publicWC 3.0.0

Get oAuth parameters from $_GET, $_POST or request header.

Method of the class: WC_REST_Authentication{}

No Hooks.

Return

Array|WP_Error.

Usage

$WC_REST_Authentication = new WC_REST_Authentication();
$WC_REST_Authentication->get_oauth_parameters();

Changelog

Since 3.0.0 Introduced.

WC_REST_Authentication::get_oauth_parameters() code WC 8.6.1

public function get_oauth_parameters() {
	$params = array_merge( $_GET, $_POST ); // WPCS: CSRF ok.
	$params = wp_unslash( $params );
	$header = $this->get_authorization_header();

	if ( ! empty( $header ) ) {
		// Trim leading spaces.
		$header        = trim( $header );
		$header_params = $this->parse_header( $header );

		if ( ! empty( $header_params ) ) {
			$params = array_merge( $params, $header_params );
		}
	}

	$param_names = array(
		'oauth_consumer_key',
		'oauth_timestamp',
		'oauth_nonce',
		'oauth_signature',
		'oauth_signature_method',
	);

	$errors   = array();
	$have_one = false;

	// Check for required OAuth parameters.
	foreach ( $param_names as $param_name ) {
		if ( empty( $params[ $param_name ] ) ) {
			$errors[] = $param_name;
		} else {
			$have_one = true;
		}
	}

	// All keys are missing, so we're probably not even trying to use OAuth.
	if ( ! $have_one ) {
		return array();
	}

	// If we have at least one supplied piece of data, and we have an error,
	// then it's a failed authentication.
	if ( ! empty( $errors ) ) {
		$message = sprintf(
			/* translators: %s: amount of errors */
			_n( 'Missing OAuth parameter %s', 'Missing OAuth parameters %s', count( $errors ), 'woocommerce' ),
			implode( ', ', $errors )
		);

		$this->set_error( new WP_Error( 'woocommerce_rest_authentication_missing_parameter', $message, array( 'status' => 401 ) ) );

		return array();
	}

	return $params;
}