Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redoing how we fetch access tokens from WooCommerce Connect Server. #2788

Merged
merged 5 commits into from
Aug 21, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 54 additions & 6 deletions includes/Handlers/Connection.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ class Connection {
const OAUTH_URL = 'https://facebook.com/dialog/oauth';

/** @var string WooCommerce connection proxy URL */
const PROXY_URL = 'https://api.woocommerce.com/integrations/auth/facebook/';
const PROXY_URL = 'https://api.woocommerce.com/integrations/v2/auth/facebook/';

const PROXY_TOKEN_EXCHANGE_URL = 'https://api.woocommerce.com/integrations/v2/exchange/facebook/';

/** @var string WooCommerce connection for APP Store login URL */
const APP_STORE_LOGIN_URL = 'https://api.woocommerce.com/integrations/app-store-login/facebook/';
Expand All @@ -48,6 +50,8 @@ class Connection {
/** @var string the action callback for the connection */
const ACTION_CONNECT = 'wc_facebook_connect';

const ACTION_EXCHANGE = 'wc_facebook_exchange';

/** @var string the action callback for the disconnection */
const ACTION_DISCONNECT = 'wc_facebook_disconnect';

Expand Down Expand Up @@ -246,14 +250,58 @@ public function handle_connect() {
if ( empty( $_GET['nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['nonce'] ) ), self::ACTION_CONNECT ) ) {
throw new ApiException( 'Invalid nonce' );
}
$is_error = ! empty( $_GET['err'] ) ? true : false;
$error_code = ! empty( $_GET['err_code'] ) ? stripslashes( wc_clean( wp_unslash( $_GET['err_code'] ) ) ) : '';
$merchant_access_token = ! empty( $_GET['merchant_access_token'] ) ? wc_clean( wp_unslash( $_GET['merchant_access_token'] ) ) : '';
$system_user_access_token = ! empty( $_GET['system_user_access_token'] ) ? wc_clean( wp_unslash( $_GET['system_user_access_token'] ) ) : '';
$system_user_id = ! empty( $_GET['system_user_id'] ) ? wc_clean( wp_unslash( $_GET['system_user_id'] ) ) : '';

$is_error = ! empty( $_GET['err'] );
$error_code = ! empty( $_GET['err_code'] ) ? stripslashes( wc_clean( wp_unslash( $_GET['err_code'] ) ) ) : '';
if ( $is_error && $error_code ) {
throw new ConnectApiException( $error_code );
}

$facebook_auth_code = $_GET['code'] ?? '';
if ( empty( $facebook_auth_code ) ) {
throw new ApiException( 'Facebook auth code is missing.' );
}

$state = $_GET['state'] ?? '';
if ( empty( $state ) ) {
throw new ApiException( 'Missing state query parameter.' );
}

$parameters_string = '?' . http_build_query( array(
'nonce' => wp_create_nonce( self::ACTION_EXCHANGE ),
'code' => $facebook_auth_code,
'external_business_id' => $this->get_external_business_id(),
'type' => self::AUTH_TYPE_STANDARD,
'state' => $state,
) );

$request_url = self::PROXY_TOKEN_EXCHANGE_URL . $parameters_string;
$response = wp_safe_remote_get(
$request_url,
array(
'timeout' => 60,
)
);

if ( is_wp_error( $response ) ) {
throw new ApiException( 'WooCommerce Connect Server token exchange has failed.' );
}

$token_data = json_decode( wp_remote_retrieve_body( $response ), true );

if ( isset( $token_data[ 'status' ] ) && $token_data[ 'status' ] === 500 ) {
throw new ApiException( 'WooCommerce Connect Server token exchange has failed.' );
}

// Check that request was initiated from the server.
if ( ! wp_verify_nonce( $token_data['nonce'] ?? '', self::ACTION_EXCHANGE ) ) {
throw new ApiException( 'Exchange nonce is not valid.' );
}

$merchant_access_token = wc_clean( wp_unslash( $token_data['merchant_access_token'] ?? '' ) ) ;
$system_user_access_token = wc_clean( wp_unslash( $token_data['system_user_access_token'] ?? '' ) ) ;
$system_user_id = wc_clean( wp_unslash( $token_data['system_user_id'] ?? '' ) ) ;

if ( ! $merchant_access_token ) {
throw new ApiException( 'Access token is missing' );
}
Expand Down
Loading