Skip to content

Commit

Permalink
Merge pull request #2788 from woocommerce/update/implement-token-exch…
Browse files Browse the repository at this point in the history
…ange

Redoing how we fetch access tokens from WooCommerce Connect Server.
  • Loading branch information
rawdreeg authored Aug 21, 2024
2 parents 9ea6079 + 9bf7f6c commit 4a56dd9
Showing 1 changed file with 54 additions and 6 deletions.
60 changes: 54 additions & 6 deletions includes/Handlers/Connection.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ class Connection {
const OAUTH_URL = 'https://facebook.com/dialog/oauth';

/** @var string WooCommerce connection proxy URL */
const PROXY_URL = 'https://api.woocommerce.com/integrations/auth/facebook/';
const PROXY_URL = 'https://api.woocommerce.com/integrations/v2/auth/facebook/';

const PROXY_TOKEN_EXCHANGE_URL = 'https://api.woocommerce.com/integrations/v2/exchange/facebook/';

/** @var string WooCommerce connection for APP Store login URL */
const APP_STORE_LOGIN_URL = 'https://api.woocommerce.com/integrations/app-store-login/facebook/';
Expand All @@ -48,6 +50,8 @@ class Connection {
/** @var string the action callback for the connection */
const ACTION_CONNECT = 'wc_facebook_connect';

const ACTION_EXCHANGE = 'wc_facebook_exchange';

/** @var string the action callback for the disconnection */
const ACTION_DISCONNECT = 'wc_facebook_disconnect';

Expand Down Expand Up @@ -246,14 +250,58 @@ public function handle_connect() {
if ( empty( $_GET['nonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['nonce'] ) ), self::ACTION_CONNECT ) ) {
throw new ApiException( 'Invalid nonce' );
}
$is_error = ! empty( $_GET['err'] ) ? true : false;
$error_code = ! empty( $_GET['err_code'] ) ? stripslashes( wc_clean( wp_unslash( $_GET['err_code'] ) ) ) : '';
$merchant_access_token = ! empty( $_GET['merchant_access_token'] ) ? wc_clean( wp_unslash( $_GET['merchant_access_token'] ) ) : '';
$system_user_access_token = ! empty( $_GET['system_user_access_token'] ) ? wc_clean( wp_unslash( $_GET['system_user_access_token'] ) ) : '';
$system_user_id = ! empty( $_GET['system_user_id'] ) ? wc_clean( wp_unslash( $_GET['system_user_id'] ) ) : '';

$is_error = ! empty( $_GET['err'] );
$error_code = ! empty( $_GET['err_code'] ) ? stripslashes( wc_clean( wp_unslash( $_GET['err_code'] ) ) ) : '';
if ( $is_error && $error_code ) {
throw new ConnectApiException( $error_code );
}

$facebook_auth_code = $_GET['code'] ?? '';
if ( empty( $facebook_auth_code ) ) {
throw new ApiException( 'Facebook auth code is missing.' );
}

$state = $_GET['state'] ?? '';
if ( empty( $state ) ) {
throw new ApiException( 'Missing state query parameter.' );
}

$parameters_string = '?' . http_build_query( array(
'nonce' => wp_create_nonce( self::ACTION_EXCHANGE ),
'code' => $facebook_auth_code,
'external_business_id' => $this->get_external_business_id(),
'type' => self::AUTH_TYPE_STANDARD,
'state' => $state,
) );

$request_url = self::PROXY_TOKEN_EXCHANGE_URL . $parameters_string;
$response = wp_safe_remote_get(
$request_url,
array(
'timeout' => 60,
)
);

if ( is_wp_error( $response ) ) {
throw new ApiException( 'WooCommerce Connect Server token exchange has failed.' );
}

$token_data = json_decode( wp_remote_retrieve_body( $response ), true );

if ( isset( $token_data[ 'status' ] ) && $token_data[ 'status' ] === 500 ) {
throw new ApiException( 'WooCommerce Connect Server token exchange has failed.' );
}

// Check that request was initiated from the server.
if ( ! wp_verify_nonce( $token_data['nonce'] ?? '', self::ACTION_EXCHANGE ) ) {
throw new ApiException( 'Exchange nonce is not valid.' );
}

$merchant_access_token = wc_clean( wp_unslash( $token_data['merchant_access_token'] ?? '' ) ) ;
$system_user_access_token = wc_clean( wp_unslash( $token_data['system_user_access_token'] ?? '' ) ) ;
$system_user_id = wc_clean( wp_unslash( $token_data['system_user_id'] ?? '' ) ) ;

if ( ! $merchant_access_token ) {
throw new ApiException( 'Access token is missing' );
}
Expand Down

0 comments on commit 4a56dd9

Please sign in to comment.