WC_Auth::auth_endpoint( string $route )
Auth endpoint.
Description Description
Parameters Parameters
- $route
-
(Required) Route.
Source Source
File: includes/class-wc-auth.php
protected function auth_endpoint( $route ) {
ob_start();
$consumer_data = array();
try {
$route = strtolower( wc_clean( $route ) );
$this->make_validation();
$data = wp_unslash( $_REQUEST ); // WPCS: input var ok, CSRF ok.
// Login endpoint.
if ( 'login' === $route && ! is_user_logged_in() ) {
wc_get_template(
'auth/form-login.php', array(
'app_name' => wc_clean( $data['app_name'] ),
'return_url' => add_query_arg(
array(
'success' => 0,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
),
'redirect_url' => $this->build_url( $data, 'authorize' ),
)
);
exit;
} elseif ( 'login' === $route && is_user_logged_in() ) {
// Redirect with user is logged in.
wp_redirect( esc_url_raw( $this->build_url( $data, 'authorize' ) ) );
exit;
} elseif ( 'authorize' === $route && ! is_user_logged_in() ) {
// Redirect with user is not logged in and trying to access the authorize endpoint.
wp_redirect( esc_url_raw( $this->build_url( $data, 'login' ) ) );
exit;
} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
// Authorize endpoint.
wc_get_template(
'auth/form-grant-access.php', array(
'app_name' => wc_clean( $data['app_name'] ),
'return_url' => add_query_arg(
array(
'success' => 0,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
),
'scope' => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
'granted_url' => wp_nonce_url( $this->build_url( $data, 'access_granted' ), 'wc_auth_grant_access', 'wc_auth_nonce' ),
'logout_url' => wp_logout_url( $this->build_url( $data, 'login' ) ),
'user' => wp_get_current_user(),
)
);
exit;
} elseif ( 'access_granted' === $route && current_user_can( 'manage_woocommerce' ) ) {
// Granted access endpoint.
if ( ! isset( $_GET['wc_auth_nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['wc_auth_nonce'] ) ), 'wc_auth_grant_access' ) ) { // WPCS: input var ok.
throw new Exception( __( 'Invalid nonce verification', 'woocommerce' ) );
}
$consumer_data = $this->create_keys( $data['app_name'], $data['user_id'], $data['scope'] );
$response = $this->post_consumer_data( $consumer_data, $this->get_formatted_url( $data['callback_url'] ) );
if ( $response ) {
wp_redirect(
esc_url_raw(
add_query_arg(
array(
'success' => 1,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
)
)
);
exit;
}
} else {
throw new Exception( __( 'You do not have permission to access this page', 'woocommerce' ) );
}
} catch ( Exception $e ) {
$this->maybe_delete_key( $consumer_data );
/* translators: %s: error message */
wp_die( sprintf( esc_html__( 'Error: %s.', 'woocommerce' ), esc_html( $e->getMessage() ) ), esc_html__( 'Access denied', 'woocommerce' ), array( 'response' => 401 ) );
}
}
Changelog Changelog
| Version | Description |
|---|---|
| 2.4.0 | Introduced. |