PHP Class WC_API_Authentication

Mostra file Open project: woocommerce/woocommerce Class Usage Examples

Public Methods

Method Description
__construct ( ) : WC_API_Authentication Setup class
authenticate ( WP_User $user ) : null | WP_Error | WP_User Authenticate the request. The authentication method varies based on whether the request was made over SSL or not.
check_api_key_permissions ( string $key_permissions ) Check that the API keys provided have the proper key-specific permissions to either read or write API resources

Private Methods

Method Description
check_oauth_signature ( array $keys, array $params ) Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret
check_oauth_timestamp_and_nonce ( array $keys, integer $timestamp, string $nonce ) Verify that the timestamp and nonce provided with the request are valid. This prevents replay attacks where an attacker could attempt to re-send an intercepted request at a later time.
get_keys_by_consumer_key ( string $consumer_key ) : array Return the keys for the given consumer key
get_user_by_id ( integer $user_id ) : WC_User Get user by ID
is_consumer_secret_valid ( string $keys_consumer_secret, string $consumer_secret ) : boolean Check if the consumer secret provided for the given user is valid
normalize_parameters ( array $parameters ) : array Normalize each parameter by assuming each parameter may have already been encoded, so attempt to decode, and then re-encode according to RFC 3986
perform_oauth_authentication ( ) : array Perform OAuth 1.0a "one-legged" (http://oauthbible.com/#oauth-10a-one-legged) authentication for non-SSL requests
perform_ssl_authentication ( ) : array SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
update_api_key_last_access ( integer $key_id ) Updated API Key last access datetime

Method Details

__construct() public method

Setup class
Since: 2.1
public __construct ( ) : WC_API_Authentication
return WC_API_Authentication

authenticate() public method

Authenticate the request. The authentication method varies based on whether the request was made over SSL or not.
Since: 2.1
public authenticate ( WP_User $user ) : null | WP_Error | WP_User
$user WP_User
return null | WP_Error | WP_User

check_api_key_permissions() public method

Check that the API keys provided have the proper key-specific permissions to either read or write API resources
public check_api_key_permissions ( string $key_permissions )
$key_permissions string