diff --git a/includes/class-wc-auth.php b/includes/class-wc-auth.php index 40844d3b46b..1d9dff8dc31 100644 --- a/includes/class-wc-auth.php +++ b/includes/class-wc-auth.php @@ -45,6 +45,20 @@ class WC_Auth { add_rewrite_endpoint( 'wc-auth', EP_ROOT ); } + /** + * [build_url description] + * @param [type] $data [description] + * @param [type] $url [description] + * @return [type] [description] + */ + protected function build_url( $data, $url ) { + return add_query_arg( array( + 'app_name' => wc_clean( $data['app_name'] ), + 'return_url' => urlencode( $data['return_url'] ), + 'permission_type' => absint( $data['permission_type'] ), + ), $url ); + } + /** * Handle auth requests * @@ -61,23 +75,46 @@ class WC_Auth { if ( ! empty( $wp->query_vars['wc-auth'] ) ) { ob_start(); - $method = strtolower( wc_clean( $wp->query_vars['wc-auth'] ) ); + try { + $method = strtolower( wc_clean( $wp->query_vars['wc-auth'] ) ); - if ( is_user_logged_in() ) { - $method = 'grant_access'; + if ( empty( $_REQUEST['app_name'] ) ) { + throw new Exception( sprintf( __( 'Missing parameter %s', 'woocommerce' ), 'app_name' ) ); + } + + if ( empty( $_REQUEST['return_url'] ) ) { + throw new Exception( sprintf( __( 'Missing parameter %s', 'woocommerce' ), 'return_url' ) ); + } + + if ( empty( $_REQUEST['permission_type'] ) ) { + throw new Exception( sprintf( __( 'Missing parameter %s', 'woocommerce' ), 'permission_type' ) ); + } + + if ( is_user_logged_in() ) { + $method = 'grant_access'; + } + + $params = array( + 'app_name' => $_REQUEST['app_name'], + 'return_url' => $_REQUEST['return_url'], + 'permission_type' => $_REQUEST['permission_type'], + 'redirect' => $this->build_url( $_REQUEST, wc_get_endpoint_url( 'wc-auth', 'login', get_home_url( '/' ) ) ) + ); + + if ( 'login' == $method && ! is_user_logged_in() ) { // Login endpoint + wc_get_template( 'auth/form-login.php', $params ); + + exit; + } else if ( 'grant_access' == $method && current_user_can( 'manage_woocommerce' ) ) { + wc_get_template( 'auth/form-grant-access.php', $params ); + + exit; + } + + wp_die( __( 'You do not have permissions to access this page!' ), __( 'Access Denied', 'woocommerce' ), array( 'response' => 401 ) ); + } catch ( Exception $e ) { + wp_die( sprintf( __( 'Error: %s', 'woocommerce' ), $e->getMessage() ), __( 'Access Denied', 'woocommerce' ), array( 'response' => 401 ) ); } - - if ( 'login' == $method && ! is_user_logged_in() ) { // Login endpoint - wc_get_template( 'auth/form-login.php' ); - - exit; - } else if ( 'grant_access' == $method && current_user_can( 'manage_woocommerce' ) ) { - wc_get_template( 'auth/form-login.php' ); - - exit; - } - - wp_die( __( 'You do not have permissions to access this page!' ), __( 'Access Denied', 'woocommerce' ), array( 'response' => 401 ) ); } } } diff --git a/templates/auth/form-grant-access.php b/templates/auth/form-grant-access.php index d15208252a6..721d6217c5e 100644 --- a/templates/auth/form-grant-access.php +++ b/templates/auth/form-grant-access.php @@ -17,8 +17,13 @@ if ( ! defined( 'ABSPATH' ) ) {

+ +
+
+ + diff --git a/templates/auth/form-login.php b/templates/auth/form-login.php index d5cb84fc34b..8c3e1009e91 100644 --- a/templates/auth/form-login.php +++ b/templates/auth/form-login.php @@ -17,11 +17,13 @@ if ( ! defined( 'ABSPATH' ) ) {

+ +

- +

@@ -32,6 +34,9 @@ if ( ! defined( 'ABSPATH' ) ) {

+
+ +