-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow WooPay to request session data from merchant (#8268)
- Loading branch information
Showing
8 changed files
with
303 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Significance: minor | ||
Type: update | ||
|
||
Allow WooPay to request full session data from store. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
96 changes: 96 additions & 0 deletions
96
includes/admin/class-wc-rest-woopay-session-controller.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
<?php | ||
/** | ||
* Class WC_REST_WooPay_Session_Controller | ||
* | ||
* @package WooCommerce\Payments\Admin | ||
*/ | ||
|
||
defined( 'ABSPATH' ) || exit; | ||
|
||
use WCPay\WooPay\WooPay_Session; | ||
use Automattic\Jetpack\Connection\Rest_Authentication; | ||
|
||
/** | ||
* REST controller to check get WooPay extension data for user. | ||
*/ | ||
class WC_REST_WooPay_Session_Controller extends WP_REST_Controller { | ||
|
||
/** | ||
* Endpoint namespace. | ||
* | ||
* @var string | ||
*/ | ||
protected $namespace = 'wc/v3'; | ||
|
||
/** | ||
* Endpoint path. | ||
* | ||
* @var string | ||
*/ | ||
protected $rest_base = 'woopay/session'; | ||
|
||
/** | ||
* Configure REST API routes. | ||
*/ | ||
public function register_routes() { | ||
register_rest_route( | ||
$this->namespace, | ||
'/' . $this->rest_base, | ||
[ | ||
'methods' => WP_REST_Server::READABLE, | ||
'callback' => [ $this, 'get_session_data' ], | ||
'permission_callback' => [ $this, 'check_permission' ], | ||
] | ||
); | ||
} | ||
|
||
/** | ||
* Retrieve WooPay session data. | ||
* | ||
* @param WP_REST_Request $request Full details about the request. | ||
* | ||
* @return WP_Error|WP_REST_Response | ||
*/ | ||
public function get_session_data( WP_REST_Request $request ): WP_REST_Response { | ||
// phpcs:ignore | ||
/** | ||
* @psalm-suppress UndefinedClass | ||
*/ | ||
$response = WooPay_Session::get_init_session_request(); | ||
// This was needed as the preloaded requests were not honoring the cart token and so were empty carts. | ||
// It would be ideal to get this to successfully preload the cart data so WooPay doesn't need to make | ||
// a separate request to get the cart data. | ||
unset( $response['preloaded_requests'] ); | ||
|
||
return rest_ensure_response( $response ); | ||
} | ||
|
||
/** | ||
* Check permission confirms that the request is from WooPay. | ||
* | ||
* @return bool True if request is from WooPay and has a valid signature. | ||
*/ | ||
public function check_permission() { | ||
return $this->is_request_from_woopay() && $this->has_valid_request_signature(); | ||
} | ||
|
||
/** | ||
* Returns true if the request that's currently being processed is signed with the blog token. | ||
* | ||
* @return bool True if the request signature is valid. | ||
*/ | ||
private function has_valid_request_signature() { | ||
return apply_filters( 'wcpay_woopay_is_signed_with_blog_token', Rest_Authentication::is_signed_with_blog_token() ); | ||
} | ||
|
||
/** | ||
* Returns true if the request that's currently being processed is from WooPay, false | ||
* otherwise. | ||
* | ||
* @return bool True if request is from WooPay. | ||
*/ | ||
private function is_request_from_woopay(): bool { | ||
return isset( $_SERVER['HTTP_USER_AGENT'] ) && 'WooPay' === $_SERVER['HTTP_USER_AGENT']; | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.