/** * @return object|WP_Error */ function get_token($data) { $role = Jetpack::translate_current_user_to_role(); if (!$role) { return new Jetpack_Error('role', __('An administrator for this blog must set up the Jetpack connection.', 'jetpack')); } $client_secret = Jetpack_Data::get_access_token(); if (!$client_secret) { return new Jetpack_Error('client_secret', __('You need to register your Jetpack before connecting it.', 'jetpack')); } $redirect = isset($data['redirect']) ? esc_url_raw((string) $data['redirect']) : ''; $redirect_uri = 'calypso' === $data['auth_type'] ? $data['redirect_uri'] : add_query_arg(array('action' => 'authorize', '_wpnonce' => wp_create_nonce("jetpack-authorize_{$role}_{$redirect}"), 'redirect' => $redirect ? urlencode($redirect) : false), menu_page_url('jetpack', false)); $body = array('client_id' => Jetpack_Options::get_option('id'), 'client_secret' => $client_secret->secret, 'grant_type' => 'authorization_code', 'code' => $data['code'], 'redirect_uri' => $redirect_uri); $args = array('method' => 'POST', 'body' => $body, 'headers' => array('Accept' => 'application/json')); $response = Jetpack_Client::_wp_remote_request(Jetpack::fix_url_for_bad_hosts(Jetpack::api_url('token')), $args); if (is_wp_error($response)) { return new Jetpack_Error('token_http_request_failed', $response->get_error_message()); } $code = wp_remote_retrieve_response_code($response); $entity = wp_remote_retrieve_body($response); if ($entity) { $json = json_decode($entity); } else { $json = false; } if (200 != $code || !empty($json->error)) { if (empty($json->error)) { return new Jetpack_Error('unknown', '', $code); } $error_description = isset($json->error_description) ? sprintf(__('Error Details: %s', 'jetpack'), (string) $json->error_description) : ''; return new Jetpack_Error((string) $json->error, $error_description, $code); } if (empty($json->access_token) || !is_scalar($json->access_token)) { return new Jetpack_Error('access_token', '', $code); } if (empty($json->token_type) || 'X_JETPACK' != strtoupper($json->token_type)) { return new Jetpack_Error('token_type', '', $code); } if (empty($json->scope)) { return new Jetpack_Error('scope', 'No Scope', $code); } @(list($role, $hmac) = explode(':', $json->scope)); if (empty($role) || empty($hmac)) { return new Jetpack_Error('scope', 'Malformed Scope', $code); } if (Jetpack::sign_role($role) !== $json->scope) { return new Jetpack_Error('scope', 'Invalid Scope', $code); } if (!($cap = Jetpack::translate_role_to_cap($role))) { return new Jetpack_Error('scope', 'No Cap', $code); } if (!current_user_can($cap)) { return new Jetpack_Error('scope', 'current_user_cannot', $code); } /** * Fires after user has successfully received an auth token. * * @since 3.9.0 */ do_action('jetpack_user_authorized'); return (string) $json->access_token; }