Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.
WC_REST_Authentication::check_oauth_signature( stdClass $user, array $params )
Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret.
Description Description
Parameters Parameters
- $user
-
(Required) User data.
- $params
-
(Required) The request parameters.
Return Return
(true|WP_Error)
Source Source
File: includes/class-wc-rest-authentication.php
private function check_oauth_signature( $user, $params ) {
$http_method = isset( $_SERVER['REQUEST_METHOD'] ) ? strtoupper( $_SERVER['REQUEST_METHOD'] ) : ''; // WPCS: sanitization ok.
$request_path = isset( $_SERVER['REQUEST_URI'] ) ? wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) : ''; // WPCS: sanitization ok.
$wp_base = get_home_url( null, '/', 'relative' );
if ( substr( $request_path, 0, strlen( $wp_base ) ) === $wp_base ) {
$request_path = substr( $request_path, strlen( $wp_base ) );
}
$base_request_uri = rawurlencode( get_home_url( null, $request_path, is_ssl() ? 'https' : 'http' ) );
// Get the signature provided by the consumer and remove it from the parameters prior to checking the signature.
$consumer_signature = rawurldecode( str_replace( ' ', '+', $params['oauth_signature'] ) );
unset( $params['oauth_signature'] );
// Sort parameters.
if ( ! uksort( $params, 'strcmp' ) ) {
return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - failed to sort parameters.', 'woocommerce' ), array( 'status' => 401 ) );
}
// Normalize parameter key/values.
$params = $this->normalize_parameters( $params );
$query_string = implode( '%26', $this->join_with_equals_sign( $params ) ); // Join with ampersand.
$string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string;
if ( 'HMAC-SHA1' !== $params['oauth_signature_method'] && 'HMAC-SHA256' !== $params['oauth_signature_method'] ) {
return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - signature method is invalid.', 'woocommerce' ), array( 'status' => 401 ) );
}
$hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) );
$secret = $user->consumer_secret . '&';
$signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $secret, true ) );
if ( ! hash_equals( $signature, $consumer_signature ) ) { // @codingStandardsIgnoreLine
return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - provided signature does not match.', 'woocommerce' ), array( 'status' => 401 ) );
}
return true;
}