Skip to content

Commit

Permalink
Authenticate Hiive REST API calls
Browse files Browse the repository at this point in the history
  • Loading branch information
wpscholar committed Jun 20, 2022
1 parent a92c188 commit 3a9c710
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 8 deletions.
8 changes: 8 additions & 0 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,13 @@
"scripts-descriptions": {
"fix": "Automatically fix coding standards issues where possible.",
"lint": "Check files against coding standards."
},
"require": {
"wpscholar/url": "^1.2"
},
"config": {
"allow-plugins": {
"dealerdirect/phpcodesniffer-composer-installer": true
}
}
}
55 changes: 47 additions & 8 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

69 changes: 69 additions & 0 deletions src/Data.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

namespace NewfoldLabs\WP\Module\Data;

use wpscholar\Url;

/**
* Main class for the data plugin module
*/
Expand Down Expand Up @@ -39,6 +41,7 @@ public function start() {

// Delays our primary module setup until init
add_action( 'init', array( $this, 'init' ) );
add_action( 'rest_authentication_errors', array( $this, 'authenticate' ) );

}

Expand Down Expand Up @@ -80,4 +83,70 @@ public function init() {

}

/**
* Authenticate incoming REST API requests.
*
* @param bool|null|\WP_Error $status
*
* @return bool|null|\WP_Error
*/
public function authenticate( $status ) {

// Make sure there wasn't a different authentication method used before this
if ( ! is_null( $status ) ) {
return $status;
}

// Make sure this is a REST API request
if ( ! defined( 'REST_REQUEST' ) || ! REST_REQUEST ) {
return $status;
}

// If no auth header included, bail to allow a different auth method
if ( empty( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
return null;
}

$token = str_replace( 'Bearer ', '', $_SERVER['HTTP_AUTHORIZATION'] );

$data = [
'method' => $_SERVER['REQUEST_METHOD'],
'url' => Url::getCurrentUrl(),
'body' => file_get_contents( 'php://input' ),
'timestamp' => data_get( getallheaders(), 'X-Timestamp' ),
];

$hash = hash( 'sha256', wp_json_encode( $data ) );
$salt = hash( 'sha256', strrev( HiiveConnection::get_auth_token() ) );

$is_valid = hash( 'sha256', $hash . $salt ) === $token;

// Allow access if token is valid
if ( $is_valid ) {

if ( isset( $_GET['user_id'] ) ) {

// If a user ID is provided, use it to find the desired user.
$user = get_user_by( 'id', filter_input( INPUT_GET, 'user_id', FILTER_SANITIZE_NUMBER_INT ) );

} else {

// If no user ID is provided, find the first admin user.
$admins = get_users( array( 'role' => 'administrator' ) );
$user = array_shift( $admins );

}

if ( ! empty( $user ) && is_a( $user, \WP_User::class ) ) {
wp_set_current_user( $user->id );

return true;
}
}

// Don't return false, since we could be interfering with a basic auth implementation.
return null;

}

}

0 comments on commit 3a9c710

Please sign in to comment.