/**
* Synchronize connected user role changes
*/
static function user_role_change($user_id)
{
if (Jetpack::is_active() && Jetpack::is_user_connected($user_id)) {
$current_user_id = get_current_user_id();
wp_set_current_user($user_id);
$role = Jetpack::translate_current_user_to_role();
$signed_role = Jetpack::sign_role($role);
wp_set_current_user($current_user_id);
$master_token = Jetpack_Data::get_access_token(JETPACK_MASTER_USER);
$master_user_id = absint($master_token->external_user_id);
if (!$master_user_id) {
return;
}
// this shouldn't happen
Jetpack::xmlrpc_async_call('jetpack.updateRole', $user_id, $signed_role);
//@todo retry on failure
//try to choose a new master if we're demoting the current one
if ($user_id == $master_user_id && 'administrator' != $role) {
$query = new WP_User_Query(array('fields' => array('id'), 'role' => 'administrator', 'orderby' => 'id', 'exclude' => array($master_user_id)));
$new_master = false;
foreach ($query->results as $result) {
$uid = absint($result->id);
if ($uid && Jetpack::is_user_connected($uid)) {
$new_master = $uid;
break;
}
}
if ($new_master) {
Jetpack_Options::update_option('master_user', $new_master);
}
// else disconnect..?
}
}
}
/**
* @return object|WP_Error
*/
function get_token($data)
{
$role = Jetpack::translate_current_user_to_role();
if (!$role) {
return new Jetpack_Error('role', __('An administrator for this blog must set up the Jetpack connection.', 'jetpack'));
}
$client_secret = Jetpack_Data::get_access_token();
if (!$client_secret) {
return new Jetpack_Error('client_secret', __('You need to register your Jetpack before connecting it.', 'jetpack'));
}
$redirect = isset($data['redirect']) ? esc_url_raw((string) $data['redirect']) : '';
$redirect_uri = 'calypso' === $data['auth_type'] ? $data['redirect_uri'] : add_query_arg(array('action' => 'authorize', '_wpnonce' => wp_create_nonce("jetpack-authorize_{$role}_{$redirect}"), 'redirect' => $redirect ? urlencode($redirect) : false), menu_page_url('jetpack', false));
$body = array('client_id' => Jetpack_Options::get_option('id'), 'client_secret' => $client_secret->secret, 'grant_type' => 'authorization_code', 'code' => $data['code'], 'redirect_uri' => $redirect_uri);
$args = array('method' => 'POST', 'body' => $body, 'headers' => array('Accept' => 'application/json'));
$response = Jetpack_Client::_wp_remote_request(Jetpack::fix_url_for_bad_hosts(Jetpack::api_url('token')), $args);
if (is_wp_error($response)) {
return new Jetpack_Error('token_http_request_failed', $response->get_error_message());
}
$code = wp_remote_retrieve_response_code($response);
$entity = wp_remote_retrieve_body($response);
if ($entity) {
$json = json_decode($entity);
} else {
$json = false;
}
if (200 != $code || !empty($json->error)) {
if (empty($json->error)) {
return new Jetpack_Error('unknown', '', $code);
}
$error_description = isset($json->error_description) ? sprintf(__('Error Details: %s', 'jetpack'), (string) $json->error_description) : '';
return new Jetpack_Error((string) $json->error, $error_description, $code);
}
if (empty($json->access_token) || !is_scalar($json->access_token)) {
return new Jetpack_Error('access_token', '', $code);
}
if (empty($json->token_type) || 'X_JETPACK' != strtoupper($json->token_type)) {
return new Jetpack_Error('token_type', '', $code);
}
if (empty($json->scope)) {
return new Jetpack_Error('scope', 'No Scope', $code);
}
@(list($role, $hmac) = explode(':', $json->scope));
if (empty($role) || empty($hmac)) {
return new Jetpack_Error('scope', 'Malformed Scope', $code);
}
if (Jetpack::sign_role($role) !== $json->scope) {
return new Jetpack_Error('scope', 'Invalid Scope', $code);
}
if (!($cap = Jetpack::translate_role_to_cap($role))) {
return new Jetpack_Error('scope', 'No Cap', $code);
}
if (!current_user_can($cap)) {
return new Jetpack_Error('scope', 'current_user_cannot', $code);
}
/**
* Fires after user has successfully received an auth token.
*
* @since 3.9.0
*/
do_action('jetpack_user_authorized');
return (string) $json->access_token;
}
static function get_signed_role($user_id)
{
return Jetpack::sign_role(self::get_role($user_id));
}
