feat: Authorizing URLs implemented and tested. (#745)

* feat: Authorizing URLs implemented and tested.

* feat: More woographql_*_nonce functions implemented.

* chore: linting changes made.

* chore: linting changes made.

* fix: woographql_*_ functions tested.

* chore: WPCS compliance met.

* devops: lint-code script updated to PHP v8.0

* chore: WPCS compliance met

* devops: TransferSessionHandlerTest & QLSessionHandlerTest updated

* devops: codeclimate.yml added.

* chore: Linter compliance met

* devops: Harmonizing WordPress doc written and Settings doc updated.

* chore: Typo fixed in docs.

* fix: General bugfixes and improvements related to Auth URLs

* devops: More docs.

* chore: Linter compliance met

* chore: small change made to docs.

Author: kidunot89

.github/workflows/lint-code.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 7.3
+          php-version: 8.0
           extensions: mbstring, intl
           tools: composer
 

access-functions.php

@@ -229,12 +229,6 @@ function wc_graphql_camel_case_to_underscore( $string ) {
 	}
 }//end if
 
-/**
- * Plugin global functions.
- *
- * @package Axis\Plugin_Distributor
- */
-
 if ( ! function_exists( 'woographql_setting' ) ) :
 	/**
 	 * Get an option value from WooGraphQL settings
@@ -275,6 +269,92 @@ function woographql_setting( string $option_name, $default = '', $section_name =
 	}
 endif;
 
+if ( ! function_exists( 'woographql_get_session_uid' ) ) :
+	/**
+	 * Returns end-user's customer ID.
+	 *
+	 * @return string|int
+	 */
+	function woographql_get_session_uid() {
+		return WC()->session->get_customer_id();
+	}
+endif;
+
+if ( ! function_exists( 'woographql_get_session_token' ) ) :
+	/**
+	 * Returns session user's "client_session_id"
+	 *
+	 * @return string
+	 */
+	function woographql_get_session_token() {
+		return WC()->session->get_client_session_id();
+	}
+endif;
+
+if ( ! function_exists( 'woographql_create_nonce' ) ) :
+	/**
+	 * Creates WooGraphQL session transfer nonces.
+	 *
+	 * @param string $action  Nonce name.
+	 */
+	function woographql_create_nonce( $action = -1 ) {
+		$uid   = woographql_get_session_uid();
+		$token = woographql_get_session_token();
+		$i     = wp_nonce_tick( $action );
+
+		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
+	}
+endif;
+
+if ( ! function_exists( 'woographql_verify_nonce' ) ) :
+	/**
+	 * Validate WooGraphQL session transfer nonces.
+	 *
+	 * @param string         $nonce   Nonce to validated.
+	 * @param integer|string $action  Nonce name.
+	 *
+	 * @return bool
+	 */
+	function woographql_verify_nonce( $nonce, $action = -1 ) {
+		$nonce = (string) $nonce;
+		$uid   = woographql_get_session_uid();
+
+		if ( empty( $nonce ) ) {
+			return false;
+		}
+
+		$token = woographql_get_session_token();
+		$i     = wp_nonce_tick( $action );
+
+		// Nonce generated 0-12 hours ago.
+		$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
+		if ( hash_equals( $expected, $nonce ) ) {
+			return 1;
+		}
+
+		// Nonce generated 12-24 hours ago.
+		$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
+		if ( hash_equals( $expected, $nonce ) ) {
+			return 2;
+		}
+
+		/**
+		 * Fires when nonce verification fails.
+		 *
+		 * @since 4.4.0
+		 *
+		 * @param string     $nonce  The invalid nonce.
+		 * @param string|int $action The nonce action.
+		 * @param WP_User    $user   The current user object.
+		 * @param string     $token  The user's session token.
+		 */
+		do_action( 'graphql_verify_nonce_failed', $nonce, $action, $uid, $token );
+
+		// Invalid nonce.
+		return false;
+	}
+endif;
+
 
 
 

codeception.dist.yml

@@ -57,6 +57,7 @@ modules:
     REST:
       depends: WPBrowser
       url: '%WORDPRESS_URL%'
+      cookies: false
     WPFilesystem:
       wpRootFolder: '%WP_CORE_DIR%'
       plugins: '/wp-content/plugins'

codeclimate.yml

@@ -0,0 +1,5 @@
+plugins:
+  phpcodesniffer:
+    enabled: true
+    config:
+      standard: "phpcs.xml.dist"

composer.json

@@ -25,6 +25,7 @@
         "firebase/php-jwt": "^6.1.0"
     },
     "require-dev": {
+        "automattic/vipwpcs": "^2.3",
         "squizlabs/php_codesniffer": "^3.5",
         "wp-coding-standards/wpcs": "^2.3"
     },
@@ -34,6 +35,7 @@
         "sort-packages": true,
         "allow-plugins": {
             "johnpbloch/wordpress-core-installer": true,
+            "dealerdirect/phpcodesniffer-composer-installer": true,
             "composer/installers": true
         }
     },