WC_API_Authentication::authenticate( WP_User $user )

Authenticate the request. The authentication method varies based on whether the request was made over SSL or not.

Contents

Description Description

Parameters Parameters

$user

(Required)

Top ↑

Return Return

(null|WP_Error|WP_User)

Top ↑

Source Source

File: includes/legacy/api/v2/class-wc-api-authentication.php 

	public function authenticate( $user ) {

		// Allow access to the index by default
		if ( '/' === WC()->api->server->path ) {
			return new WP_User( 0 );
		}

		try {

			if ( is_ssl() ) {
				$keys = $this->perform_ssl_authentication();
			} else {
				$keys = $this->perform_oauth_authentication();
			}

			// Check API key-specific permission
			$this->check_api_key_permissions( $keys['permissions'] );

			$user = $this->get_user_by_id( $keys['user_id'] );

			$this->update_api_key_last_access( $keys['key_id'] );

		} catch ( Exception $e ) {
			$user = new WP_Error( 'woocommerce_api_authentication_error', $e->getMessage(), array( 'status' => $e->getCode() ) );
		}

		return $user;
	}

Expand full source code Collapse full source code

Top ↑

Changelog Changelog

Changelog
Version Description
2.1 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
woocommerce.php: WC()

Returns the main instance of WC.
includes/legacy/api/v2/class-wc-api-authentication.php: WC_API_Authentication::check_api_key_permissions()

Check that the API keys provided have the proper key-specific permissions to either read or write API resources
includes/legacy/api/v2/class-wc-api-authentication.php: WC_API_Authentication::update_api_key_last_access()

Updated API Key last access datetime
includes/legacy/api/v2/class-wc-api-authentication.php: WC_API_Authentication::perform_ssl_authentication()

SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
includes/legacy/api/v2/class-wc-api-authentication.php: WC_API_Authentication::perform_oauth_authentication()

Perform OAuth 1.0a “one-legged” (http://oauthbible.com/#oauth-10a-one-legged) authentication for non-SSL requests
includes/legacy/api/v2/class-wc-api-authentication.php: WC_API_Authentication::get_user_by_id()

Get user by ID
Show 1 more use Hide more uses

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.