protected function auth_endpoint($route)
{
ob_start();
$consumer_data = array();
try {
if ('yes' !== get_option('woocommerce_api_enabled')) {
throw new Exception(__('API disabled!', 'woocommerce'));
}
$route = strtolower(wc_clean($route));
$this->make_validation();
// Login endpoint
if ('login' == $route && !is_user_logged_in()) {
wc_get_template('auth/form-login.php', array('app_name' => $_REQUEST['app_name'], 'return_url' => add_query_arg(array('success' => 0, 'user_id' => wc_clean($_REQUEST['user_id'])), $this->get_formatted_url($_REQUEST['return_url'])), 'redirect_url' => $this->build_url($_REQUEST, 'authorize')));
exit;
// Redirect with user is logged in
} elseif ('login' == $route && is_user_logged_in()) {
wp_redirect(esc_url_raw($this->build_url($_REQUEST, 'authorize')));
exit;
// Redirect with user is not logged in and trying to access the authorize endpoint
} elseif ('authorize' == $route && !is_user_logged_in()) {
wp_redirect(esc_url_raw($this->build_url($_REQUEST, 'login')));
exit;
// Authorize endpoint
} elseif ('authorize' == $route && current_user_can('manage_woocommerce')) {
wc_get_template('auth/form-grant-access.php', array('app_name' => $_REQUEST['app_name'], 'return_url' => add_query_arg(array('success' => 0, 'user_id' => wc_clean($_REQUEST['user_id'])), $this->get_formatted_url($_REQUEST['return_url'])), 'scope' => $this->get_i18n_scope(wc_clean($_REQUEST['scope'])), 'permissions' => $this->get_permissions_in_scope(wc_clean($_REQUEST['scope'])), 'granted_url' => wp_nonce_url($this->build_url($_REQUEST, 'access_granted'), 'wc_auth_grant_access', 'wc_auth_nonce'), 'logout_url' => wp_logout_url($this->build_url($_REQUEST, 'login')), 'user' => wp_get_current_user()));
exit;
// Granted access endpoint
} elseif ('access_granted' == $route && current_user_can('manage_woocommerce')) {
if (!isset($_GET['wc_auth_nonce']) || !wp_verify_nonce($_GET['wc_auth_nonce'], 'wc_auth_grant_access')) {
throw new Exception(__('Invalid nonce verification', 'woocommerce'));
}
$consumer_data = $this->create_keys($_REQUEST['app_name'], $_REQUEST['user_id'], $_REQUEST['scope']);
$response = $this->post_consumer_data($consumer_data, $this->get_formatted_url($_REQUEST['callback_url']));
if ($response) {
wp_redirect(esc_url_raw(add_query_arg(array('success' => 1, 'user_id' => wc_clean($_REQUEST['user_id'])), $this->get_formatted_url($_REQUEST['return_url']))));
exit;
}
} else {
throw new Exception(__('You do not have permissions to access this page!', 'woocommerce'));
}
} catch (Exception $e) {
$this->maybe_delete_key($consumer_data);
/* translators: %s: error messase */
wp_die(sprintf(__('Error: %s.', 'woocommerce'), $e->getMessage()), __('Access denied', 'woocommerce'), array('response' => 401));
}
}