-
Notifications
You must be signed in to change notification settings - Fork 156
Expand file tree
/
Copy pathcallbacks.php
More file actions
90 lines (74 loc) · 2.4 KB
/
callbacks.php
File metadata and controls
90 lines (74 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
/**
* Redirect related callbacks.
*
* @package FaustWP
*/
namespace WPE\FaustWP\Auth;
use function WPE\FaustWP\Settings\faustwp_get_setting;
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
add_action( 'parse_request', __NAMESPACE__ . '\\handle_generate_endpoint' );
/**
* Callback for WordPress 'parse_request' action.
*
* Generate an authorization code and redirect to the requested url.
*
* @return void
*/
function handle_generate_endpoint() {
$search_pattern = ':^' . site_url( '/generate', 'relative' ) . ':';
/**
* Filter the search pattern used to match the generate endpoint.
*
* Useful for non-standard WordPress installations (e.g. Bedrock) where
* site_url() includes a subdirectory that does not appear in REQUEST_URI.
*
* @since 1.8.7
*
* @param string $search_pattern The regex pattern used to match the generate endpoint.
*/
$search_pattern = apply_filters( 'faustwp_generate_endpoint_search_pattern', $search_pattern );
if ( ! preg_match( $search_pattern, $_SERVER['REQUEST_URI'] ) ) { // phpcs:ignore WordPress.Security
return;
}
if ( empty( $_GET['redirect_uri'] ) ) { // phpcs:ignore WordPress.Security
return;
}
$redirect_uri = wp_unslash( $_GET['redirect_uri'] ); // phpcs:ignore WordPress.Security
if ( ! is_user_logged_in() ) {
wp_safe_redirect(
wp_login_url( '/generate/?redirect_uri=' . rawurlencode( $redirect_uri ) )
);
exit;
}
$auth_code = generate_authorization_code(
wp_get_current_user(),
MINUTE_IN_SECONDS * 1
);
$redirect_uri = add_query_arg( 'code', rawurlencode( $auth_code ), $redirect_uri );
wp_safe_redirect( $redirect_uri );
exit;
}
add_filter( 'allowed_redirect_hosts', __NAMESPACE__ . '\\allowed_redirect_hosts', 10, 2 );
/**
* Callback for WordPress 'allowed_redirect_hosts' filter.
*
* Add frontend_uri host and development domains to allowed redirects.
*
* @link https://developer.wordpress.org/reference/hooks/allowed_redirect_hosts/
*
* @param string[] $hosts An array of allowed host names.
* @param string $host The host name of the redirect destination; empty string if not set.
*
* @return string[] An array of allowed host names.
*/
function allowed_redirect_hosts( $hosts, $host ) {
$hosts = wp_parse_args( $hosts, array( 'localhost', '0.0.0.0' ) );
$frontend_host = wp_parse_url( faustwp_get_setting( 'frontend_uri' ), PHP_URL_HOST );
if ( $frontend_host ) {
$hosts[] = $frontend_host;
}
return $hosts;
}