Commit Graph

22 Commits

Author SHA1 Message Date
Claudio Sanches 84c937c011 Improved the woocommerce_api_keys table 2015-05-15 22:52:00 -03:00
Claudio Sanches 20906f2248 Fixed the authentication with the new woocommerce_api_keys table 2015-05-15 21:16:53 -03:00
Max Rice 2d974987dc Check strings using hash_equals
time-constant string comparison to prevent timing attacks
2015-01-19 00:34:09 -05:00
Max Rice 512d77fb4c code standards 2015-01-19 00:33:38 -05:00
shivapoudel e6f6bcf368 Absolute path fix for REST API v2 2014-09-21 01:09:20 +05:45
Mike Jolley 021a889e66 Merge pull request #5277 from maxrice/rest-api-fix-5207
Allow query string fallback for REST API SSL authentication
2014-04-07 10:13:55 +01:00
Max Rice 09451855f2 Allow query string fallback for REST API SSL auth
In some environments, the PHP_AUTH_USER/PW server vars are empty which
prevents SSL authentication from working properly. This commit allows
the use of a query string fallback (e.g.
`?consumer_key=123&consumer_secret=abc`) for providing credentials over
SSL.

Fixes #5207
2014-04-04 14:24:14 -04:00
Max Rice 1dd24501f5 Remove unnecessary OAuth code
The parameters provided to the API endpoints only contain the
parameters specified in the method signature so there’s no need to
strip out the OAuth params.
2014-04-04 14:22:06 -04:00
Max Rice 1c437bdeb8 API: double-encode percent symbols when normalizing parameters 2014-04-03 16:56:26 -04:00
Max Rice 853520d40b API: normalize both key and value before calculating OAuth signature
The OAuth spec indicates that the full query string should be URL
encoded. The array_walk method does not change keys so when used with a
parameter like `filter[period]=week`, the key is not properly encoded.
This fixes that by properly encoding both the key and value.
2014-04-03 16:11:51 -04:00
Max Rice 9f463e4644 code standards 2014-04-03 16:10:08 -04:00
Gerhard 30c1486aa7 REST API OAuth signature issue fix when using filter params 2014-02-14 13:26:31 +02:00
Mike Jolley f504243b56 Update timestamp check Closes #4409 2014-01-08 13:40:06 +00:00
Gerhard 8e2bc1cebc remove harded api reference, use WooCommerce_api_url instead 2013-12-06 16:57:44 +02:00
Gerhard 5b27f37c23 Fix issue where oAuth signature is wrong when running site from a subfolder #4055 2013-12-06 15:07:42 +02:00
Ryan McCue ff6f2e070e Use correct variable for OAuth parameter check 2013-11-26 11:19:00 +10:00
Max Rice 38be2ee7a4 Perform core authentication at 0 priority
Makes it easier for plugins to override the core API authentication

Part of #4055
2013-11-23 13:28:26 -05:00
Max Rice ef22f03275 Add API key-specific permission check
Part of #4055
2013-11-19 03:04:00 -05:00
Max Rice 61fb0f760a Update authentication to use new API key meta names
Part of #4055
2013-11-19 03:03:39 -05:00
Max Rice 00c65b9cc3 Add site timezone to API index 2013-11-10 19:30:59 -05:00
Max Rice c3fa52b0b5 Update API classes to use new WC_API_Server class 2013-11-06 01:54:19 -05:00
Max Rice 45fa450760 Add REST API authentication class 2013-11-03 20:06:28 -05:00