WC_REST_Authentication::perform_basic_authentication()
Basic Authentication.
SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid.
Method of the class: WC_REST_Authentication{}
No Hooks.
Return
Int|true|false.
Usage
// private - for code of main (parent) class only $result = $this->perform_basic_authentication();
WC_REST_Authentication::perform_basic_authentication() WC REST Authentication::perform basic authentication code WC 8.7.0
private function perform_basic_authentication() {
$this->auth_method = 'basic_auth';
$consumer_key = '';
$consumer_secret = '';
// If the $_GET parameters are present, use those first.
if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok.
$consumer_key = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok.
}
// If the above is not present, we will do full basic auth.
if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
$consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok.
}
// Stop if don't have any key.
if ( ! $consumer_key || ! $consumer_secret ) {
return false;
}
// Get user data.
$this->user = $this->get_user_data_by_consumer_key( $consumer_key );
if ( empty( $this->user ) ) {
return false;
}
// Validate user secret.
if ( ! hash_equals( $this->user->consumer_secret, $consumer_secret ) ) { // @codingStandardsIgnoreLine
$this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer secret is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) );
return false;
}
return $this->user->user_id;
}