Merge pull request #25112 from woocommerce/add/wccom-installer-api-error-code

Improve error codes for plugin installer API authentication
2019-12-02 17:46:31 -03:00 · 2019-12-02 17:46:31 -03:00 · af849fbd8a
parent 00896ffb11 4bc4faf7af
commit af849fbd8a
3 changed files with 178 additions and 3 deletions
--- a/includes/wccom-site/class-wc-wccom-site.php
+++ b/includes/wccom-site/class-wc-wccom-site.php
@ -15,6 +15,8 @@ defined( 'ABSPATH' ) || exit;
 */
 class WC_WCCOM_Site {

+	const AUTH_ERROR_FILTER_NAME = 'wccom_auth_error';
+
 	/**
 	 * Load the WCCOM site class.
 	 *
@ -53,23 +55,78 @@ class WC_WCCOM_Site {

 		$auth_header = self::get_authorization_header();
 		if ( empty( $auth_header ) ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::NO_AUTH_HEADER_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::NO_AUTH_HEADER_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::NO_AUTH_HEADER_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

 		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
 		$request_auth = trim( $auth_header );
 		if ( stripos( $request_auth, 'Bearer ' ) !== 0 ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::INVALID_AUTH_HEADER_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::INVALID_AUTH_HEADER_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::INVALID_AUTH_HEADER_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

 		if ( empty( $_SERVER['HTTP_X_WOO_SIGNATURE'] ) ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::NO_SIGNATURE_HEADER_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::NO_SIGNATURE_HEADER_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::NO_SIGNATURE_HEADER_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

 		require_once WC_ABSPATH . 'includes/admin/helper/class-wc-helper-options.php';
 		$access_token = trim( substr( $request_auth, 7 ) );
 		$site_auth    = WC_Helper_Options::get( 'auth' );
-		if ( empty( $site_auth['access_token'] ) || ! hash_equals( $access_token, $site_auth['access_token'] ) ) {
+
+		if ( empty( $site_auth['access_token'] ) ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::SITE_NOT_CONNECTED_HTTP_CODE )
+					);
+				}
+			);
+			return false;
+		}
+
+		if ( ! hash_equals( $access_token, $site_auth['access_token'] ) ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::INVALID_TOKEN_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::INVALID_TOKEN_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::INVALID_TOKEN_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

@ -77,11 +134,31 @@ class WC_WCCOM_Site {
 		$signature = trim( $_SERVER['HTTP_X_WOO_SIGNATURE'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

 		if ( ! self::verify_wccom_request( $body, $signature, $site_auth['access_token_secret'] ) ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::REQUEST_VERIFICATION_FAILED_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

 		$user = get_user_by( 'id', $site_auth['user_id'] );
 		if ( ! $user ) {
+			add_filter(
+				self::AUTH_ERROR_FILTER_NAME,
+				function() {
+					return new WP_Error(
+						WC_REST_WCCOM_Site_Installer_Errors::USER_NOT_FOUND_CODE,
+						WC_REST_WCCOM_Site_Installer_Errors::USER_NOT_FOUND_MESSAGE,
+						array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::USER_NOT_FOUND_HTTP_CODE )
+					);
+				}
+			);
 			return false;
 		}

@ -166,6 +243,7 @@ class WC_WCCOM_Site {
 	 * @return array Registered namespaces.
 	 */
 	public static function register_rest_namespace( $namespaces ) {
+		require_once WC_ABSPATH . 'includes/wccom-site/rest-api/class-wc-rest-wccom-site-installer-errors.php';
 		require_once WC_ABSPATH . 'includes/wccom-site/rest-api/endpoints/class-wc-rest-wccom-site-installer-controller.php';

 		$namespaces['wccom-site/v1'] = array(
--- a/includes/wccom-site/rest-api/class-wc-rest-wccom-site-installer-errors.php
+++ b/includes/wccom-site/rest-api/class-wc-rest-wccom-site-installer-errors.php
@ -0,0 +1,80 @@
+<?php
+/**
+ * WCCOM Site Installer Errors Class
+ *
+ * @package WooCommerce\WooCommerce_Site\Rest_Api
+ * @since   3.9.0
+ */
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * WCCOM Site Installer Errors Class
+ *
+ * Stores data for errors, returned by installer API.
+ */
+class WC_REST_WCCOM_Site_Installer_Errors {
+
+	/**
+	 * Not unauthenticated generic error
+	 */
+	const NOT_AUTHENTICATED_CODE      = 'not_authenticated';
+	const NOT_AUTHENTICATED_MESSAGE   = 'Authentication required';
+	const NOT_AUTHENTICATED_HTTP_CODE = 401;
+
+	/**
+	 * No Authorization header
+	 */
+	const NO_AUTH_HEADER_CODE      = 'no_auth_header';
+	const NO_AUTH_HEADER_MESSAGE   = 'No header "Authorization" present';
+	const NO_AUTH_HEADER_HTTP_CODE = 400;
+
+	/**
+	 * Authorization header invalid
+	 */
+	const INVALID_AUTH_HEADER_CODE      = 'no_auth_header';
+	const INVALID_AUTH_HEADER_MESSAGE   = 'Header "Authorization" is invalid';
+	const INVALID_AUTH_HEADER_HTTP_CODE = 400;
+
+	/**
+	 * No Signature header
+	 */
+	const NO_SIGNATURE_HEADER_CODE      = 'no_signature_header';
+	const NO_SIGNATURE_HEADER_MESSAGE   = 'No header "X-Woo-Signature" present';
+	const NO_SIGNATURE_HEADER_HTTP_CODE = 400;
+
+	/**
+	 * Site not connected to WooCommerce.com
+	 */
+	const SITE_NOT_CONNECTED_CODE      = 'site_not_connnected';
+	const SITE_NOT_CONNECTED_MESSAGE   = 'Site not connected to WooCommerce.com';
+	const SITE_NOT_CONNECTED_HTTP_CODE = 401;
+
+	/**
+	* Provided access token is not valid
+	*/
+	const INVALID_TOKEN_CODE      = 'invalid_token';
+	const INVALID_TOKEN_MESSAGE   = 'Invalid access token provided';
+	const INVALID_TOKEN_HTTP_CODE = 401;
+
+	/**
+	 * Request verification by provided signature failed
+	 */
+	const REQUEST_VERIFICATION_FAILED_CODE      = 'request_verification_failed';
+	const REQUEST_VERIFICATION_FAILED_MESSAGE   = 'Request verification by signature failed';
+	const REQUEST_VERIFICATION_FAILED_HTTP_CODE = 400;
+
+	/**
+	 * User doesn't exist
+	 */
+	const USER_NOT_FOUND_CODE      = 'user_not_found';
+	const USER_NOT_FOUND_MESSAGE   = 'Token owning user not found';
+	const USER_NOT_FOUND_HTTP_CODE = 401;
+
+	/**
+	 * No permissions error
+	 */
+	const NO_PERMISSION_CODE      = 'forbidden';
+	const NO_PERMISSION_MESSAGE   = 'You do not have permission to install plugin or theme';
+	const NO_PERMISSION_HTTP_CODE = 403;
+}
--- a/includes/wccom-site/rest-api/endpoints/class-wc-rest-wccom-site-installer-controller.php
+++ b/includes/wccom-site/rest-api/endpoints/class-wc-rest-wccom-site-installer-controller.php
@ -69,8 +69,25 @@ class WC_REST_WCCOM_Site_Installer_Controller extends WC_REST_Controller {
 	 * @return bool|WP_Error
 	 */
 	public function check_permission( $request ) {
-		if ( ! current_user_can( 'install_plugins' ) || ! current_user_can( 'install_themes' ) ) {
-			return new WP_Error( 'woocommerce_rest_cannot_install_product', __( 'You do not have permission to install plugin or theme', 'woocommerce' ), array( 'status' => 401 ) );
+		$current_user = wp_get_current_user();
+
+		if ( empty( $current_user ) || ( $current_user instanceof WP_User && ! $current_user->exists() ) ) {
+			return apply_filters(
+				WC_WCCOM_Site::AUTH_ERROR_FILTER_NAME,
+				new WP_Error(
+					WC_REST_WCCOM_Site_Installer_Errors::NOT_AUTHENTICATED_CODE,
+					WC_REST_WCCOM_Site_Installer_Errors::NOT_AUTHENTICATED_MESSAGE,
+					array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::NOT_AUTHENTICATED_HTTP_CODE )
+				)
+			);
+		}
+
+		if ( ! user_can( $current_user, 'install_plugins' ) || ! user_can( $current_user, 'install_themes' ) ) {
+			return new WP_Error(
+				WC_REST_WCCOM_Site_Installer_Errors::NO_PERMISSION_CODE,
+				WC_REST_WCCOM_Site_Installer_Errors::NO_PERMISSION_MESSAGE,
+				array( 'status' => WC_REST_WCCOM_Site_Installer_Errors::NO_PERMISSION_HTTP_CODE )
+			);
 		}

 		return true;