Merge pull request #16544 from woocommerce/fix/16537

If auth cannot occur, don't send request.

includes/admin/helper/class-wc-helper-api.php

@@ -28,13 +28,15 @@ class WC_Helper_API {
 	 * @param string $endpoint The endpoint to request.
 	 * @param array $args Additional data for the request. Set authenticated to a truthy value to enable auth.
 	 *
-	 * @return array The response from wp_safe_remote_request()
+	 * @return array|WP_Error The response from wp_safe_remote_request()
 	 */
 	public static function request( $endpoint, $args = array() ) {
 		$url = self::url( $endpoint );
 
 		if ( ! empty( $args['authenticated'] ) ) {
-			self::_authenticate( $url, $args );
+			if ( ! self::_authenticate( $url, $args ) ) {
+				return new WP_Error( 'authentication', 'Authentication failed.' );
+			}
 		}
 
 		/**
@@ -52,15 +54,18 @@ class WC_Helper_API {
 	 *
 	 * @param string $url The request URI.
 	 * @param array $args By-ref, the args that will be passed to wp_remote_request().
+	 * @return bool Were the headers added?
 	 */
 	private static function _authenticate( $url, &$args ) {
 		$auth = WC_Helper_Options::get( 'auth' );
+
 		if ( empty( $auth['access_token'] ) || empty( $auth['access_token_secret'] ) ) {
-			return;
+			return false;
 		}
 
 		$request_uri  = parse_url( $url, PHP_URL_PATH );
 		$query_string = parse_url( $url, PHP_URL_QUERY );
+
 		if ( $query_string ) {
 			$request_uri .= '?' . $query_string;
 		}
@@ -84,6 +89,8 @@ class WC_Helper_API {
 			'Authorization' => 'Bearer ' . $auth['access_token'],
 			'X-Woo-Signature' => $signature,
 		);
+
+		return true;
 	}
 
 	/**