Update API
This commit is contained in:
parent
e7b240ef66
commit
82e5de4919
@ -1,329 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* API Key Table Class
|
||||
*
|
||||
* @package Opalestate
|
||||
* @subpackage Admin/Tools/APIKeys
|
||||
* @copyright Copyright (c) 2019, WordImpress
|
||||
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
||||
* @since 1.1
|
||||
*/
|
||||
|
||||
// Exit if accessed directly
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
// Load WP_List_Table if not loaded
|
||||
if ( ! class_exists( 'WP_List_Table' ) ) {
|
||||
require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
|
||||
}
|
||||
|
||||
/**
|
||||
* Opalestate_API_Keys_Table Class
|
||||
*
|
||||
* Renders the API Keys table
|
||||
*
|
||||
* @since 1.1
|
||||
*/
|
||||
class Opalestate_API_Keys_Table extends WP_List_Table {
|
||||
|
||||
/**
|
||||
* @var int Number of items per page
|
||||
* @since 1.1
|
||||
*/
|
||||
public $per_page = 30;
|
||||
|
||||
/**
|
||||
* @var object Query results
|
||||
* @since 1.1
|
||||
*/
|
||||
private $keys;
|
||||
|
||||
/**
|
||||
* Get things started
|
||||
*
|
||||
* @since 1.1
|
||||
* @see WP_List_Table::__construct()
|
||||
*/
|
||||
public function __construct() {
|
||||
global $status, $page;
|
||||
|
||||
// Set parent defaults
|
||||
parent::__construct( [
|
||||
'singular' => esc_html__( 'API Key', 'opalestate-pro' ), // Singular name of the listed records
|
||||
'plural' => esc_html__( 'API Keys', 'opalestate-pro' ), // Plural name of the listed records
|
||||
'ajax' => false // Does this table support ajax?
|
||||
] );
|
||||
|
||||
$this->query();
|
||||
}
|
||||
|
||||
/**
|
||||
* This function renders most of the columns in the list table.
|
||||
*
|
||||
* @access public
|
||||
* @param array $item Contains all the data of the keys
|
||||
* @param string $column_name The name of the column
|
||||
*
|
||||
* @return string Column Name
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function column_default( $item, $column_name ) {
|
||||
return $item[ $column_name ];
|
||||
}
|
||||
|
||||
/**
|
||||
* Displays the public key rows
|
||||
*
|
||||
* @access public
|
||||
* @param array $item Contains all the data of the keys
|
||||
* @param string $column_name The name of the column
|
||||
*
|
||||
* @return string Column Name
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function column_key( $item ) {
|
||||
return '<input onClick="this.setSelectionRange(0, this.value.length)" readonly="readonly" type="text" class="large-text" value="' . esc_attr( $item['key'] ) . '"/>';
|
||||
}
|
||||
|
||||
/**
|
||||
* Displays the token rows
|
||||
*
|
||||
* @access public
|
||||
* @param array $item Contains all the data of the keys
|
||||
* @param string $column_name The name of the column
|
||||
*
|
||||
* @return string Column Name
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function column_token( $item ) {
|
||||
return '<input onClick="this.setSelectionRange(0, this.value.length)" readonly="readonly" type="text" class="large-text" value="' . esc_attr( $item['token'] ) . '"/>';
|
||||
}
|
||||
|
||||
/**
|
||||
* Displays the secret key rows
|
||||
*
|
||||
* @access public
|
||||
* @param array $item Contains all the data of the keys
|
||||
* @param string $column_name The name of the column
|
||||
*
|
||||
* @return string Column Name
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function column_secret( $item ) {
|
||||
return '<input onClick="this.setSelectionRange(0, this.value.length)" readonly="readonly" type="text" class="large-text" value="' . esc_attr( $item['secret'] ) . '"/>';
|
||||
}
|
||||
|
||||
/**
|
||||
* Renders the column for the user field
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*/
|
||||
public function column_user( $item ) {
|
||||
|
||||
$actions = [];
|
||||
|
||||
if ( apply_filters( 'opalestate_api_log_requests', true ) ) {
|
||||
$actions['view'] = sprintf(
|
||||
'<a href="%s">%s</a>',
|
||||
esc_url( add_query_arg( [
|
||||
'view' => 'api_requests',
|
||||
'post_type' => 'opalestate_forms',
|
||||
'page' => 'opalestate-reports',
|
||||
'tab' => 'logs',
|
||||
's' => $item['email'],
|
||||
], 'edit.php' ) ),
|
||||
esc_html__( 'View API Log', 'opalestate-pro' )
|
||||
);
|
||||
}
|
||||
|
||||
$actions['reissue'] = sprintf(
|
||||
'<a href="%s" class="opalestate-regenerate-api-key">%s</a>',
|
||||
esc_url( wp_nonce_url( add_query_arg( [
|
||||
'user_id' => $item['id'],
|
||||
'opalestate_action' => 'process_api_key',
|
||||
'opalestate_api_process' => 'regenerate',
|
||||
] ), 'opalestate-api-nonce' ) ),
|
||||
esc_html__( 'Reissue', 'opalestate-pro' )
|
||||
);
|
||||
$actions['revoke'] = sprintf(
|
||||
'<a href="%s" class="opalestate-revoke-api-key opalestate-delete">%s</a>',
|
||||
esc_url( wp_nonce_url( add_query_arg( [
|
||||
'user_id' => $item['id'],
|
||||
'opalestate_action' => 'process_api_key',
|
||||
'opalestate_api_process' => 'revoke',
|
||||
] ), 'opalestate-api-nonce' ) ),
|
||||
esc_html__( 'Revoke', 'opalestate-pro' )
|
||||
);
|
||||
|
||||
$actions = apply_filters( 'opalestate_api_row_actions', array_filter( $actions ) );
|
||||
|
||||
return sprintf( '%1$s %2$s', $item['user'], $this->row_actions( $actions ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the table columns
|
||||
*
|
||||
* @access public
|
||||
* @return array $columns Array of all the list table columns
|
||||
* @since 1.1
|
||||
*/
|
||||
public function get_columns() {
|
||||
$columns = [
|
||||
'user' => esc_html__( 'Username', 'opalestate-pro' ),
|
||||
'key' => esc_html__( 'Public Key', 'opalestate-pro' ),
|
||||
'token' => esc_html__( 'Token', 'opalestate-pro' ),
|
||||
'secret' => esc_html__( 'Secret Key', 'opalestate-pro' ),
|
||||
];
|
||||
|
||||
return $columns;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate the table navigation above or below the table
|
||||
*
|
||||
* @param string $which
|
||||
* @since 3.1.0
|
||||
* @access protected
|
||||
*/
|
||||
protected function display_tablenav( $which ) {
|
||||
if ( 'top' === $which ) {
|
||||
wp_nonce_field( 'bulk-' . $this->_args['plural'] );
|
||||
}
|
||||
?>
|
||||
<div class="tablenav <?php echo esc_attr( $which ); ?>">
|
||||
|
||||
<div class="alignleft actions bulkactions">
|
||||
<?php $this->bulk_actions( $which ); ?>
|
||||
</div>
|
||||
<?php
|
||||
$this->extra_tablenav( $which );
|
||||
$this->pagination( $which );
|
||||
?>
|
||||
|
||||
<br class="clear"/>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the key generation form
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*/
|
||||
public function bulk_actions( $which = '' ) {
|
||||
// These aren't really bulk actions but this outputs the markup in the right place
|
||||
static $opalestate_api_is_bottom;
|
||||
|
||||
if ( $opalestate_api_is_bottom ) {
|
||||
return;
|
||||
}
|
||||
?>
|
||||
<input type="hidden" name="opalestate_action" value="process_api_key"/>
|
||||
<input type="hidden" name="opalestate_api_process" value="generate"/>
|
||||
<?php wp_nonce_field( 'opalestate-api-nonce' ); ?>
|
||||
<?php echo OpalEstate()->html->ajax_user_search( [
|
||||
'name' => esc_html__( 'User', 'opalestate-pro' ),
|
||||
] ); ?>
|
||||
<?php submit_button( esc_html__( 'Generate New API Keys', 'opalestate-pro' ), 'secondary', 'submit', false ); ?>
|
||||
<?php
|
||||
$opalestate_api_is_bottom = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the current page number
|
||||
*
|
||||
* @access public
|
||||
* @return int Current page number
|
||||
* @since 1.1
|
||||
*/
|
||||
public function get_paged() {
|
||||
return isset( $_GET['paged'] ) ? absint( $_GET['paged'] ) : 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs the key query
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
* @since 1.1
|
||||
*/
|
||||
public function query() {
|
||||
$users = get_users( [
|
||||
'meta_value' => 'opalestate_user_secret_key',
|
||||
'number' => $this->per_page,
|
||||
'offset' => $this->per_page * ( $this->get_paged() - 1 ),
|
||||
] );
|
||||
|
||||
$keys = [];
|
||||
|
||||
foreach ( $users as $user ) {
|
||||
$keys[ $user->ID ]['id'] = $user->ID;
|
||||
$keys[ $user->ID ]['email'] = $user->user_email;
|
||||
$keys[ $user->ID ]['user'] = '<a href="' . add_query_arg( 'user_id', $user->ID, 'user-edit.php' ) . '"><strong>' . $user->user_login . '</strong></a>';
|
||||
$keys[ $user->ID ]['key'] = OpalEstate()->api_admin->get_user_public_key( $user->ID );
|
||||
$keys[ $user->ID ]['secret'] = OpalEstate()->api_admin->get_user_secret_key( $user->ID );
|
||||
$keys[ $user->ID ]['token'] = OpalEstate()->api_admin->get_token( $user->ID );
|
||||
}
|
||||
|
||||
return $keys;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Retrieve count of total users with keys
|
||||
*
|
||||
* @access public
|
||||
* @return int
|
||||
* @since 1.1
|
||||
*/
|
||||
public function total_items() {
|
||||
global $wpdb;
|
||||
|
||||
if ( ! get_transient( 'opalestate_total_api_keys' ) ) {
|
||||
$total_items = $wpdb->get_var( "SELECT count(user_id) FROM $wpdb->usermeta WHERE meta_value='opalestate_user_secret_key'" );
|
||||
|
||||
set_transient( 'opalestate_total_api_keys', $total_items, 60 * 60 );
|
||||
}
|
||||
|
||||
return get_transient( 'opalestate_total_api_keys' );
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup the final data for the table
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*/
|
||||
public function prepare_items() {
|
||||
$columns = $this->get_columns();
|
||||
|
||||
$hidden = []; // No hidden columns
|
||||
$sortable = []; // Not sortable... for now
|
||||
|
||||
$this->_column_headers = [ $columns, $hidden, $sortable, 'id' ];
|
||||
|
||||
$data = $this->query();
|
||||
|
||||
$total_items = $this->total_items();
|
||||
|
||||
$this->items = $data;
|
||||
|
||||
$this->set_pagination_args( [
|
||||
'total_items' => $total_items,
|
||||
'per_page' => $this->per_page,
|
||||
'total_pages' => ceil( $total_items / $this->per_page ),
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
@ -360,14 +360,14 @@ function opalestate_update_api_key() {
|
||||
$response['consumer_secret'] = '';
|
||||
$response['message'] = __( 'API Key updated successfully.', 'opalestate-pro' );
|
||||
} else {
|
||||
$consumer_key = 'ck_' . wc_rand_hash();
|
||||
$consumer_secret = 'cs_' . wc_rand_hash();
|
||||
$consumer_key = 'ck_' . opalestate_rand_hash();
|
||||
$consumer_secret = 'cs_' . opalestate_rand_hash();
|
||||
|
||||
$data = [
|
||||
'user_id' => $user_id,
|
||||
'description' => $description,
|
||||
'permissions' => $permissions,
|
||||
'consumer_key' => wc_api_hash( $consumer_key ),
|
||||
'consumer_key' => opalestate_api_hash( $consumer_key ),
|
||||
'consumer_secret' => $consumer_secret,
|
||||
'truncated_key' => substr( $consumer_key, -7 ),
|
||||
];
|
||||
|
@ -1,547 +0,0 @@
|
||||
<?php
|
||||
// Exit if accessed directly.
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* Opaljob_API Class
|
||||
*
|
||||
* Renders API returns as a JSON/XML array
|
||||
*
|
||||
* @since 1.1
|
||||
*/
|
||||
class Opalestate_API_Admin {
|
||||
/**
|
||||
* Latest API Version
|
||||
*/
|
||||
const VERSION = 1;
|
||||
/**
|
||||
* Pretty Print?
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
* @since 1.1
|
||||
*/
|
||||
private $pretty_print = false;
|
||||
/**
|
||||
* Log API requests?
|
||||
*
|
||||
* @var bool
|
||||
* @access public
|
||||
* @since 1.1
|
||||
*/
|
||||
public $log_requests = true;
|
||||
/**
|
||||
* Is this a valid request?
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
* @since 1.1
|
||||
*/
|
||||
private $is_valid_request = false;
|
||||
/**
|
||||
* User ID Perpropertying the API Request
|
||||
*
|
||||
* @var int
|
||||
* @access public
|
||||
* @since 1.1
|
||||
*/
|
||||
public $user_id = 0;
|
||||
/**
|
||||
* Instance of Opalestate Stats class
|
||||
*
|
||||
* @var object
|
||||
* @access private
|
||||
* @since 1.1
|
||||
*/
|
||||
private $stats;
|
||||
/**
|
||||
* Response data to return
|
||||
*
|
||||
* @var array
|
||||
* @access private
|
||||
* @since 1.1
|
||||
*/
|
||||
private $data = [];
|
||||
/**
|
||||
*
|
||||
* @var bool
|
||||
* @access public
|
||||
* @since 1.1
|
||||
*/
|
||||
public $override = true;
|
||||
|
||||
/**
|
||||
* Render Sidebar
|
||||
*
|
||||
* Display Sidebar on left side and next is main content
|
||||
*
|
||||
* @return string
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public static function get_instance() {
|
||||
|
||||
static $_instance;
|
||||
if ( ! $_instance ) {
|
||||
$_instance = new Opalestate_API_Admin();
|
||||
}
|
||||
|
||||
return $_instance;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup the Opalestate API
|
||||
*
|
||||
* @since 1.1
|
||||
* @access public
|
||||
*/
|
||||
public function __construct() {
|
||||
if ( is_admin() ) {
|
||||
$this->register_actions();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Registers query vars for API access
|
||||
*
|
||||
* @access public
|
||||
* @param array $vars Query vars
|
||||
*
|
||||
* @return string[] $vars New query vars
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function register_actions() {
|
||||
add_action( 'admin_init', [ $this, 'process_action' ] );
|
||||
add_action( 'show_user_profile', [ $this, 'user_key_field' ] );
|
||||
add_action( 'edit_user_profile', [ $this, 'user_key_field' ] );
|
||||
add_action( 'personal_options_update', [ $this, 'update_key' ] );
|
||||
add_action( 'edit_user_profile_update', [ $this, 'update_key' ] );
|
||||
add_action( 'opalestate_action', [ $this, 'process_api_key' ] );
|
||||
|
||||
// Setup a backwards compatibility check for user API Keys
|
||||
add_filter( 'get_user_metadata', [ $this, 'api_key_backwards_compat' ], 10, 4 );
|
||||
// Determine if JSON_PRETTY_PRINT is available
|
||||
$this->pretty_print = defined( 'JSON_PRETTY_PRINT' ) ? JSON_PRETTY_PRINT : null;
|
||||
// Allow API request logging to be turned off
|
||||
$this->log_requests = apply_filters( 'opalestate_api_log_requests', $this->log_requests );
|
||||
}
|
||||
|
||||
/**
|
||||
* Registers query vars for API access
|
||||
*
|
||||
* @access public
|
||||
* @param array $vars Query vars
|
||||
*
|
||||
* @return string[] $vars New query vars
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function process_action() {
|
||||
if ( isset( $_REQUEST['opalestate_action'] ) ) {
|
||||
$args = [
|
||||
'user_id' => isset( $_REQUEST['user_id'] ) ? sanitize_text_field( $_REQUEST['user_id'] ) : 0,
|
||||
'key_permissions' => isset( $_REQUEST['key_permissions'] ) ? sanitize_text_field( $_REQUEST['key_permissions'] ) : 'read',
|
||||
'description' => isset( $_REQUEST['description'] ) ? sanitize_text_field( $_REQUEST['description'] ) : '',
|
||||
'opalestate_api_process' => isset( $_REQUEST['opalestate_api_process'] ) ? sanitize_text_field( $_REQUEST['opalestate_api_process'] ) : '',
|
||||
];
|
||||
|
||||
do_action( 'opalestate_action', $args );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the user ID based on the public key provided
|
||||
*
|
||||
* @access public
|
||||
* @param string $key Public Key
|
||||
*
|
||||
* @return bool if user ID is found, false otherwise
|
||||
* @since 1.1
|
||||
* @global WPDB $wpdb Used to query the database using the WordPress
|
||||
* Database API
|
||||
*
|
||||
*/
|
||||
public function get_user( $key = '' ) {
|
||||
global $wpdb, $wp_query;
|
||||
|
||||
if ( empty( $key ) ) {
|
||||
$key = urldecode( $wp_query->query_vars['key'] );
|
||||
}
|
||||
|
||||
if ( empty( $key ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = get_transient( md5( 'opalestate_api_user_' . $key ) );
|
||||
|
||||
if ( false === $user ) {
|
||||
$user = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s LIMIT 1", $key ) );
|
||||
set_transient( md5( 'opalestate_api_user_' . $key ), $user, DAY_IN_SECONDS );
|
||||
}
|
||||
|
||||
if ( $user != null ) {
|
||||
$this->user_id = $user;
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function get_user_public_key( $user_id = 0 ) {
|
||||
global $wpdb;
|
||||
|
||||
if ( empty( $user_id ) ) {
|
||||
return '';
|
||||
}
|
||||
$cache_key = md5( 'opalestate_api_user_public_key' . $user_id );
|
||||
$user_public_key = get_transient( $cache_key );
|
||||
|
||||
if ( empty( $user_public_key ) ) {
|
||||
$user_public_key = $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->usermeta WHERE meta_value = 'opalestate_user_public_key' AND user_id = %d", $user_id ) );
|
||||
set_transient( $cache_key, $user_public_key, HOUR_IN_SECONDS );
|
||||
}
|
||||
|
||||
return $user_public_key;
|
||||
}
|
||||
|
||||
public function get_user_secret_key( $user_id = 0 ) {
|
||||
global $wpdb;
|
||||
if ( empty( $user_id ) ) {
|
||||
return '';
|
||||
}
|
||||
$cache_key = md5( 'opalestate_api_user_secret_key' . $user_id );
|
||||
$user_secret_key = get_transient( $cache_key );
|
||||
if ( empty( $user_secret_key ) ) {
|
||||
$user_secret_key = $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->usermeta WHERE meta_value = 'opalestate_user_secret_key' AND user_id = %d", $user_id ) );
|
||||
set_transient( $cache_key, $user_secret_key, HOUR_IN_SECONDS );
|
||||
}
|
||||
|
||||
return $user_secret_key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Modify User Profile
|
||||
*
|
||||
* Modifies the output of profile.php to add key generation/revocation
|
||||
*
|
||||
* @access public
|
||||
* @param object $user Current user info
|
||||
*
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function user_key_field( $user ) {
|
||||
if ( ( opalestate_get_option( 'api_allow_user_keys', false ) || current_user_can( 'manage_opalestate_settings' ) ) && current_user_can( 'edit_user', $user->ID ) ) {
|
||||
$user = get_userdata( $user->ID );
|
||||
?>
|
||||
<hr class="clearfix clear">
|
||||
<table class="property-table">
|
||||
<tbody>
|
||||
<tr>
|
||||
<th>
|
||||
<?php esc_html_e( 'Opalestate API Keys', 'opalestate-pro' ); ?>
|
||||
</th>
|
||||
<td>
|
||||
<?php
|
||||
$public_key = $this->get_user_public_key( $user->ID );
|
||||
$secret_key = $this->get_user_secret_key( $user->ID );
|
||||
?>
|
||||
<?php if ( empty( $user->opalestate_user_public_key ) ) { ?>
|
||||
<input name="opalestate_set_api_key" type="checkbox" id="opalestate_set_api_key" value="0"/>
|
||||
<span class="description"><?php esc_html_e( 'Generate API Key', 'opalestate-pro' ); ?></span>
|
||||
<?php } else { ?>
|
||||
<strong style="display:inline-block; width: 125px;"><?php esc_html_e( 'Public key:', 'opalestate-pro' ); ?> </strong>
|
||||
<input type="text" disabled="disabled" class="regular-text" id="publickey" value="<?php echo esc_attr( $public_key ); ?>"/>
|
||||
<br/>
|
||||
<strong style="display:inline-block; width: 125px;"><?php esc_html_e( 'Secret key:', 'opalestate-pro' ); ?> </strong>
|
||||
<input type="text" disabled="disabled" class="regular-text" id="privatekey" value="<?php echo esc_attr( $secret_key ); ?>"/>
|
||||
<br/>
|
||||
<strong style="display:inline-block; width: 125px;"><?php esc_html_e( 'Token:', 'opalestate-pro' ); ?> </strong>
|
||||
<input type="text" disabled="disabled" class="regular-text" id="token" value="<?php echo esc_attr( $this->get_token( $user->ID ) ); ?>"/>
|
||||
<br/>
|
||||
<input name="opalestate_set_api_key" type="checkbox" id="opalestate_set_api_key" value="0"/>
|
||||
<span class="description"><label for="opalestate_set_api_key"><?php esc_html_e( 'Revoke API Keys', 'opalestate-pro' ); ?></label></span>
|
||||
<?php } ?>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php }
|
||||
}
|
||||
|
||||
/**
|
||||
* Process an API key generation/revocation
|
||||
*
|
||||
* @access public
|
||||
* @param array $args
|
||||
*
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function process_api_key( $args ) {
|
||||
if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'opalestate-api-nonce' ) ) {
|
||||
wp_die( esc_html__( 'Nonce verification failed.', 'opalestate-pro' ), esc_html__( 'Error', 'opalestate-pro' ), [ 'response' => 403 ] );
|
||||
}
|
||||
if ( empty( $args['user_id'] ) ) {
|
||||
wp_die( esc_html__( 'User ID Required.', 'opalestate-pro' ), esc_html__( 'Error', 'opalestate-pro' ), [ 'response' => 401 ] );
|
||||
}
|
||||
|
||||
if ( is_numeric( $args['user_id'] ) ) {
|
||||
$user_id = isset( $args['user_id'] ) ? absint( $args['user_id'] ) : get_current_user_id();
|
||||
} else {
|
||||
$userdata = get_user_by( 'login', $args['user_id'] );
|
||||
$user_id = $userdata->ID;
|
||||
}
|
||||
$process = isset( $args['opalestate_api_process'] ) ? strtolower( $args['opalestate_api_process'] ) : false;
|
||||
|
||||
if ( $user_id == get_current_user_id() && ! opalestate_options( 'allow_user_api_keys' ) && ! current_user_can( 'manage_opalestate_settings' ) ) {
|
||||
wp_die(
|
||||
sprintf(
|
||||
/* translators: %s: process */
|
||||
esc_html__( 'You do not have permission to %s API keys for this user.', 'opalestate-pro' ),
|
||||
$process
|
||||
),
|
||||
esc_html__( 'Error', 'opalestate-pro' ),
|
||||
[ 'response' => 403 ]
|
||||
);
|
||||
} elseif ( ! current_user_can( 'manage_opalestate_settings' ) ) {
|
||||
wp_die(
|
||||
sprintf(
|
||||
/* translators: %s: process */
|
||||
esc_html__( 'You do not have permission to %s API keys for this user.', 'opalestate-pro' ),
|
||||
$process
|
||||
),
|
||||
esc_html__( 'Error', 'opalestate-pro' ),
|
||||
[ 'response' => 403 ]
|
||||
);
|
||||
}
|
||||
|
||||
switch ( $process ) {
|
||||
case 'generate':
|
||||
if ( $this->generate_api_key( $user_id ) ) {
|
||||
delete_transient( 'opalestate_total_api_keys' );
|
||||
wp_redirect( add_query_arg( 'opalestate-message', 'api-key-generated', 'edit.php?post_type=opalestate_property&page=opalestate-settings&tab=api_keys' ) );
|
||||
exit();
|
||||
} else {
|
||||
wp_redirect( add_query_arg( 'opalestate-message', 'api-key-failed', 'edit.php?post_type=opalestate_property&page=opalestate-settings&tab=api_keys' ) );
|
||||
exit();
|
||||
}
|
||||
break;
|
||||
case 'regenerate':
|
||||
$this->generate_api_key( $user_id, true );
|
||||
delete_transient( 'opalestate_total_api_keys' );
|
||||
wp_redirect( add_query_arg( 'opalestate-message', 'api-key-regenerated', 'edit.php?post_type=opalestate_property&page=opalestate-settings&tab=api_keys' ) );
|
||||
exit();
|
||||
break;
|
||||
case 'revoke':
|
||||
$this->revoke_api_key( $user_id );
|
||||
delete_transient( 'opalestate_total_api_keys' );
|
||||
wp_redirect( add_query_arg( 'opalestate-message', 'api-key-revoked', 'edit.php?post_type=opalestate_property&page=opalestate-settings&tab=api_keys' ) );
|
||||
exit();
|
||||
break;
|
||||
default;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate new API keys for a user
|
||||
*
|
||||
* @access public
|
||||
* @param int $user_id User ID the key is being generated for
|
||||
* @param boolean $regenerate Regenerate the key for the user
|
||||
*
|
||||
* @return boolean True if (re)generated succesfully, false otherwise.
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function generate_api_key( $user_id = 0, $regenerate = false ) {
|
||||
if ( empty( $user_id ) ) {
|
||||
return false;
|
||||
}
|
||||
$user = get_userdata( $user_id );
|
||||
if ( ! $user ) {
|
||||
return false;
|
||||
}
|
||||
$public_key = $this->get_user_public_key( $user_id );
|
||||
$secret_key = $this->get_user_secret_key( $user_id );
|
||||
|
||||
if ( empty( $public_key ) || $regenerate == true ) {
|
||||
$new_public_key = $this->generate_public_key( $user->user_email );
|
||||
$new_secret_key = $this->generate_private_key( $user->ID );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( $regenerate == true ) {
|
||||
$this->revoke_api_key( $user->ID );
|
||||
}
|
||||
|
||||
update_user_meta( $user_id, $new_public_key, 'opalestate_user_public_key' );
|
||||
update_user_meta( $user_id, $new_secret_key, 'opalestate_user_secret_key' );
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Revoke a users API keys
|
||||
*
|
||||
* @access public
|
||||
* @param int $user_id User ID of user to revoke key for
|
||||
*
|
||||
* @return string
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function revoke_api_key( $user_id = 0 ) {
|
||||
if ( empty( $user_id ) ) {
|
||||
return false;
|
||||
}
|
||||
$user = get_userdata( $user_id );
|
||||
if ( ! $user ) {
|
||||
return false;
|
||||
}
|
||||
$public_key = $this->get_user_public_key( $user_id );
|
||||
$secret_key = $this->get_user_secret_key( $user_id );
|
||||
|
||||
if ( ! empty( $public_key ) ) {
|
||||
delete_transient( md5( 'opalestate_api_user_' . $public_key ) );
|
||||
delete_transient( md5( 'opalestate_api_user_public_key' . $user_id ) );
|
||||
delete_transient( md5( 'opalestate_api_user_secret_key' . $user_id ) );
|
||||
delete_user_meta( $user_id, $public_key );
|
||||
delete_user_meta( $user_id, $secret_key );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get version.
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function get_version() {
|
||||
return self::VERSION;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate and Save API key
|
||||
*
|
||||
* Generates the key requested by user_key_field and stores it in the database
|
||||
*
|
||||
* @access public
|
||||
* @param int $user_id
|
||||
*
|
||||
* @return void
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function update_key( $user_id ) {
|
||||
if ( current_user_can( 'edit_user', $user_id ) && isset( $_POST['opalestate_set_api_key'] ) ) {
|
||||
$user = get_userdata( $user_id );
|
||||
$public_key = $this->get_user_public_key( $user_id );
|
||||
$secret_key = $this->get_user_secret_key( $user_id );
|
||||
if ( empty( $public_key ) ) {
|
||||
$new_public_key = $this->generate_public_key( $user->user_email );
|
||||
$new_secret_key = $this->generate_private_key( $user->ID );
|
||||
update_user_meta( $user_id, $new_public_key, 'opalestate_user_public_key' );
|
||||
update_user_meta( $user_id, $new_secret_key, 'opalestate_user_secret_key' );
|
||||
} else {
|
||||
$this->revoke_api_key( $user_id );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate the public key for a user
|
||||
*
|
||||
* @access private
|
||||
* @param string $user_email
|
||||
*
|
||||
* @return string
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
private function generate_public_key( $user_email = '' ) {
|
||||
$auth_key = defined( 'AUTH_KEY' ) ? AUTH_KEY : '';
|
||||
$public = hash( 'md5', $user_email . $auth_key . date( 'U' ) );
|
||||
|
||||
return $public;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate the secret key for a user
|
||||
*
|
||||
* @access private
|
||||
* @param int $user_id
|
||||
*
|
||||
* @return string
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
private function generate_private_key( $user_id = 0 ) {
|
||||
$auth_key = defined( 'AUTH_KEY' ) ? AUTH_KEY : '';
|
||||
$secret = hash( 'md5', $user_id . $auth_key . date( 'U' ) );
|
||||
|
||||
return $secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the user's token
|
||||
*
|
||||
* @access private
|
||||
* @param int $user_id
|
||||
*
|
||||
* @return string
|
||||
* @since 1.1
|
||||
*
|
||||
*/
|
||||
public function get_token( $user_id = 0 ) {
|
||||
return hash( 'md5', $this->get_user_secret_key( $user_id ) . $this->get_user_public_key( $user_id ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* API Key Backwards Compatibility
|
||||
*
|
||||
* A Backwards Compatibility call for the change of meta_key/value for users API Keys
|
||||
*
|
||||
* @param string $check Whether to check the cache or not
|
||||
* @param int $object_id The User ID being passed
|
||||
* @param string $meta_key The user meta key
|
||||
* @param bool $single If it should return a single value or array
|
||||
*
|
||||
* @return string The API key/secret for the user supplied
|
||||
* @since 1.3.6
|
||||
*
|
||||
*/
|
||||
public function api_key_backwards_compat( $check, $object_id, $meta_key, $single ) {
|
||||
if ( $meta_key !== 'opalestate_user_public_key' && $meta_key !== 'opalestate_user_secret_key' ) {
|
||||
return $check;
|
||||
}
|
||||
|
||||
$return = $check;
|
||||
|
||||
switch ( $meta_key ) {
|
||||
case 'opalestate_user_public_key':
|
||||
$return = $this->get_user_public_key( $object_id );
|
||||
break;
|
||||
case 'opalestate_user_secret_key':
|
||||
$return = $this->get_user_secret_key( $object_id );
|
||||
break;
|
||||
}
|
||||
|
||||
if ( ! $single ) {
|
||||
$return = [ $return ];
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
}
|
@ -23,10 +23,6 @@ class Opalestate_API {
|
||||
|
||||
public function __construct() {
|
||||
$this->init();
|
||||
|
||||
if ( is_admin() ) {
|
||||
new Opalestate_API_Admin();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -42,7 +38,6 @@ class Opalestate_API {
|
||||
$this->includes( [
|
||||
'class-opalestate-admin-api-keys.php',
|
||||
'class-opalestate-admin-api-keys-table-list.php',
|
||||
'class-opalestate-api-admin.php',
|
||||
'class-opalestate-base-api.php',
|
||||
'v1/property.php',
|
||||
'v1/agent.php',
|
||||
|
@ -95,3 +95,26 @@ function opalestate_api_get_property_data( $property_info ) {
|
||||
|
||||
return apply_filters( 'opalestate_api_properties_property', $property );
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a rand hash.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function opalestate_rand_hash() {
|
||||
if ( ! function_exists( 'openssl_random_pseudo_bytes' ) ) {
|
||||
return sha1( wp_rand() );
|
||||
}
|
||||
|
||||
return bin2hex( openssl_random_pseudo_bytes( 20 ) ); // @codingStandardsIgnoreLine
|
||||
}
|
||||
|
||||
/**
|
||||
* Opalestate API - Hash.
|
||||
*
|
||||
* @param string $data Message to be hashed.
|
||||
* @return string
|
||||
*/
|
||||
function opalestate_api_hash( $data ) {
|
||||
return hash_hmac( 'sha256', $data, 'opalestate-api' );
|
||||
}
|
||||
|
@ -128,7 +128,6 @@ if ( ! class_exists( 'OpalEstate' ) ) {
|
||||
self::$instance->roles = new Opalestate_Roles();
|
||||
self::$instance->html = new Opalestate_HTML_Elements();
|
||||
self::$instance->api = new Opalestate_API();
|
||||
self::$instance->api_admin = new Opalestate_API_Admin();
|
||||
self::$instance->session = new Opalestate_Session();
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user