/** * Handle redirecting the user after authorization * * @param string $verifier Verification code * @return null|WP_Error Null on success, error otherwise */ public function handle_callback_redirect($verifier) { if (!empty($this->token['callback']) && $this->token['callback'] === 'oob') { return apply_filters('json_oauth1_handle_callback', null, $this->token); } if (empty($this->token['callback'])) { // No callback registered, display verification code to the user login_header(__('Access Token', 'rest_oauth1')); echo '<p>' . sprintf(__('Your verification token is <code>%s</code>', 'rest_oauth1'), $verifier) . '</p>'; login_footer(); return null; } $callback = $this->token['callback']; // Ensure the URL is safe to access $authenticator = new WP_REST_OAuth1(); if (!$authenticator->check_callback($callback, $this->token['consumer'])) { return new WP_Error('json_oauth1_invalid_callback', __('The callback URL is invalid', 'rest_oauth1'), array('status' => 400)); } $args = array('oauth_token' => $this->token['key'], 'oauth_verifier' => $verifier, 'wp_scope' => '*'); $args = apply_filters('json_oauth1_callback_args', $args, $this->token); $args = urlencode_deep($args); $callback = add_query_arg($args, $callback); // Offsite, so skip safety check wp_redirect($callback); return null; }
/** * Load the JSON API */ function rest_oauth1_loaded() { if (empty($GLOBALS['wp']->query_vars['rest_oauth1'])) { return; } $authenticator = new WP_REST_OAuth1(); $response = $authenticator->dispatch($GLOBALS['wp']->query_vars['rest_oauth1']); if (is_wp_error($response)) { $error_data = $response->get_error_data(); if (is_array($error_data) && isset($error_data['status'])) { $status = $error_data['status']; } else { $status = 500; } status_header($status); echo $response->get_error_message(); die; } header('Content-Type: application/x-www-form-urlencoded; charset=utf-8'); $response = http_build_query($response, '', '&'); echo $response; // Finish off our request die; }
function rest_oauth1_profile_save($user_id) { if (empty($_POST['rest_oauth1_revoke'])) { return; } $key = wp_unslash($_POST['rest_oauth1_revoke']); $authenticator = new WP_REST_OAuth1(); $result = $authenticator->revoke_access_token($key); if (is_wp_error($result)) { $redirect = add_query_arg('rest_oauth1_revocation_failed', true, get_edit_user_link($user_id)); } else { $redirect = add_query_arg('rest_oauth1_revoked', $key, get_edit_user_link($user_id)); } wp_redirect($redirect); exit; }