From 5b680ea80b2737d11a4af24956efa72169a61024 Mon Sep 17 00:00:00 2001 From: Jonny Harris Date: Mon, 18 Jun 2018 16:16:55 +0100 Subject: [PATCH] Change access tokens into a post type. --- admin.php | 23 ++++++------ lib/class-wp-rest-oauth1.php | 71 ++++++++++++++++++++++++++++++------ oauth-server.php | 12 ++++++ 3 files changed, 84 insertions(+), 22 deletions(-) diff --git a/admin.php b/admin.php index 8d1802d..e0f6386 100644 --- a/admin.php +++ b/admin.php @@ -17,19 +17,20 @@ function rest_oauth1_profile_section( $user ) { global $wpdb; - $results = $wpdb->get_col( "SELECT option_value FROM {$wpdb->options} WHERE option_name LIKE 'oauth1_access_%'", 0 ); - $approved = array(); - foreach ( $results as $result ) { - $row = unserialize( $result ); - if ( $row['user'] === $user->ID ) { - $approved[] = $row; - } - } - + $post_list = get_posts( array( + 'author' => $user->ID, + 'post_type' => 'oauth1_access_token', + 'posts_per_page' => 100, + 'suppress_filters' => false, + + ) ); + $approved = array(); $authenticator = new WP_REST_OAuth1(); - + foreach ( $post_list as $result ) { + $approved[] = $authenticator->get_access_token( $result->post_name ); + } ?> - +
diff --git a/lib/class-wp-rest-oauth1.php b/lib/class-wp-rest-oauth1.php index 268001f..c83ee94 100644 --- a/lib/class-wp-rest-oauth1.php +++ b/lib/class-wp-rest-oauth1.php @@ -533,11 +533,36 @@ public function remove_request_token( $key ) { */ public function get_access_token( $oauth_token ) { $data = get_option( 'oauth1_access_' . $oauth_token, null ); - if ( empty( $data ) ) { + if ( ! empty( $data ) ) { + $this->create_access_token( $data['key'], $data['consumer'], $data['user'], $data['secret'] ); + } + + $post = get_page_by_path( $oauth_token, ARRAY_A, 'oauth1_access_token' ); + + if ( ! $post ) { return null; } - return $data; + $map = [ + 'post_name' => 'key', + 'post_content' => 'secret', + 'post_parent' => 'consumer', + 'post_author' => 'user', + 'ID' => 'post_id', + ]; + + + $token = []; + + foreach ( $map as $new_key => $old_key ) { + $token[ $old_key ] = $post[ $new_key ]; + } + $post_meta = get_post_meta( $post->ID ); + foreach ( $post_meta as $meta_key => $meta_value ) { + $token[ $old_key ] = array_shift( $meta_value ); + } + + return $token; } /** @@ -588,14 +613,12 @@ public function generate_access_token( $params ) { // Issue access token $key = apply_filters( 'json_oauth1_access_token_key', wp_generate_password( self::TOKEN_KEY_LENGTH, false ) ); - $data = array( - 'key' => $key, - 'secret' => wp_generate_password( self::TOKEN_SECRET_LENGTH, false ), - 'consumer' => $consumer->ID, - 'user' => $token['user'], - ); - $data = apply_filters( 'json_oauth1_access_token_data', $data ); - add_option( 'oauth1_access_' . $key, $data, null, 'no' ); + + $access_token = $this->create_access_token( $key, $consumer->ID, $token['user'] ); + + if ( is_wp_error( $access_token ) ) { + return $access_token; + } // Delete the request token $this->remove_request_token( $params['oauth_token'] ); @@ -608,6 +631,32 @@ public function generate_access_token( $params ) { return $data; } + /** + * @param $key + * @param $consumer + * @param $user + */ + public function create_access_token( $key, $consumer, $user, $password = false, $meta = [] ) { + $password = ( $password ) ? $password : wp_generate_password( self::TOKEN_SECRET_LENGTH, false ); + $data = [ + 'post_name' => $key, + 'post_content' => $password, + 'post_parent' => $consumer, + 'post_author' => $user, + 'post_type' => 'oauth1_access_token', + ]; + + $post_id = wp_insert_post( $data ); + if ( is_wp_error( $post_id ) ) { + return $post_id; + } + $meta_keys = apply_filters( 'json_oauth1_access_token_data', $meta ); + foreach ( $meta_keys as $meta_key => $meta_value ) { + add_post_meta( $post_id, $meta_key, $meta_value ); + } + return true; + } + /** * Revoke an access token * @@ -620,7 +669,7 @@ public function revoke_access_token( $key ) { return new WP_Error( 'json_oauth1_invalid_token', __( 'Access token does not exist', 'rest_oauth1' ), array( 'status' => 401 ) ); } - delete_option( 'oauth1_access_' . $key ); + wp_delete_post( $data['post_id'], true ); do_action( 'json_oauth1_revoke_token', $data, $key ); return true; diff --git a/oauth-server.php b/oauth-server.php index 7180e3c..85b3569 100644 --- a/oauth-server.php +++ b/oauth-server.php @@ -61,6 +61,18 @@ function rest_oauth1_setup_authentication() { 'delete_with_user' => true, 'query_var' => false, ) ); + + register_post_type( 'oauth1_access_token', array( + 'labels' => array( + 'name' => __( 'Access Token', 'rest_oauth1' ), + 'singular_name' => __( 'Access Tokens', 'rest_oauth1' ), + ), + 'public' => false, + 'hierarchical' => false, + 'rewrite' => false, + 'delete_with_user' => true, + 'query_var' => false, + ) ); } add_action( 'init', 'rest_oauth1_setup_authentication' );