File: //proc/thread-self/cwd/wp-content/plugins/woocommerce-square/includes/Handlers/Connection.php
<?php
/**
* WooCommerce Square
*
* This source file is subject to the GNU General Public License v3.0
* that is bundled with this package in the file license.txt.
* It is also available through the world-wide-web at this URL:
* http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0 or later
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@woocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade WooCommerce Square to newer
* versions in the future. If you wish to customize WooCommerce Square for your
* needs please refer to https://docs.woocommerce.com/document/woocommerce-square/
*
* @author WooCommerce
* @copyright Copyright: (c) 2019, Automattic, Inc.
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0 or later
*/
namespace WooCommerce\Square\Handlers;
use Square\Models\ListCustomersResponse;
use WooCommerce\Square;
defined( 'ABSPATH' ) || exit;
/**
* The admin connection handler.
*
* @since 2.0.0
*/
class Connection {
/** @var string production connect URL */
const CONNECT_URL_PRODUCTION = 'https://api.woocommerce.com/integrations/login/square';
/** @var string sandbox connect URL */
const CONNECT_URL_SANDBOX = 'https://api.woocommerce.com/integrations/login/squaresandbox';
/** @var string production refresh URL */
const REFRESH_URL_PRODUCTION = 'https://api.woocommerce.com/integrations/renew/square';
/** @var string sandbox refresh URL */
const REFRESH_URL_SANDBOX = 'https://api.woocommerce.com/integrations/renew/squaresandbox';
/** @var Square\Plugin plugin instance */
protected $plugin;
/**
* Constructs the class.
*
* @since 2.0.0
*
* @param Square\Plugin $plugin plugin instance
*/
public function __construct( Square\Plugin $plugin ) {
$this->plugin = $plugin;
$this->add_hooks();
}
/**
* Adds the action and filter hooks.
*
* @since 2.0.0
*/
protected function add_hooks() {
add_action( 'admin_action_wc_square_connected', array( $this, 'handle_connected' ) );
add_action( 'admin_action_wc_square_disconnect', array( $this, 'handle_disconnect' ) );
// refresh the connection, triggered by Action Scheduler
add_action( 'wc_square_refresh_connection', array( $this, 'refresh_connection' ) );
// index customers, triggered by Action Scheduler
add_action( 'wc_square_index_customers', array( $this, 'index_customers' ) );
}
/**
* Handles a successful connection.
*
* @internal
*
* @since 2.0.0
*/
public function handle_connected() {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended - Setting variable, nonce checked next line.
$nonce = isset( $_GET['_wpnonce'] ) ? wc_clean( wp_unslash( $_GET['_wpnonce'] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$from = isset( $_GET['from'] ) ? wc_clean( wp_unslash( $_GET['from'] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
// check the user role & nonce
if ( ! current_user_can( 'manage_woocommerce' ) || ! wp_verify_nonce( $nonce, 'wc_square_connected' ) ) {
wp_die( esc_html__( 'Sorry, you do not have permission to manage the Square connection.', 'woocommerce-square' ) );
}
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- Input is sanitized before use, the call to urldecode() first triggers this warning
$access_token = ! empty( $_GET['square_access_token'] ) ? sanitize_text_field( wp_unslash( urldecode( $_GET['square_access_token'] ) ) ) : '';
if ( empty( $access_token ) ) {
$this->get_plugin()->log( 'Error: No access token was received.' );
add_action(
'admin_notices',
function () {
?>
<div class="notice notice-error is-dismissible">
<p><?php esc_html_e( 'Square Error: We could not connect to Square. No access token was given.!', 'woocommerce-square' ); ?></p>
</div>
<?php
}
);
return;
}
$this->get_plugin()->get_settings_handler()->update_access_token( $access_token );
$this->get_plugin()->log( 'Access token successfully received.' );
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- Input is sanitized before use, the call to urldecode() first triggers this warning
$refresh_token = ! empty( $_GET['square_refresh_token'] ) ? sanitize_text_field( wp_unslash( urldecode( $_GET['square_refresh_token'] ) ) ) : '';
if ( empty( $refresh_token ) ) {
$this->get_plugin()->log( 'Failed to receive refresh token from connect server.' );
} else {
$this->get_plugin()->get_settings_handler()->update_refresh_token( $refresh_token );
$this->get_plugin()->log( 'Refresh token successfully received.' );
}
$this->schedule_refresh();
$this->schedule_customer_index();
// on connect after upgrading to v2.0 from v1.0, initiate a catalog sync to refresh the Square item IDs
if ( get_option( 'wc_square_updated_to_2_0_0' ) ) {
// delete any old access token from v1, as it will be invalidated
delete_option( 'woocommerce_square_merchant_access_token' );
if ( $this->get_plugin()->get_settings_handler()->is_system_of_record_square() ) {
$this->get_plugin()->get_sync_handler()->start_manual_sync();
}
}
delete_option( 'wc_square_updated_to_2_0_0' );
if ( wc_square()->get_settings_handler()->is_custom_square_auth_keys_set() ) {
update_option( 'wc_square_auth_key_updated', true );
}
wp_safe_redirect( 'wizard' === $from ? admin_url( 'admin.php?page=woocommerce-square-onboarding' ) : $this->get_plugin()->get_settings_url() );
exit;
}
/**
* Handles disconnection.
*
* @internal
*
* @since 2.0.0
*/
public function handle_disconnect() {
// remove the refresh fail flag if previously set
delete_option( 'wc_square_refresh_failed' );
$nonce = isset( $_GET['_wpnonce'] ) ? wc_clean( wp_unslash( $_GET['_wpnonce'] ) ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
// check the user role & nonce
if ( ! current_user_can( 'manage_woocommerce' ) || ! wp_verify_nonce( $nonce, 'wc_square_disconnect' ) ) {
wp_die( esc_html__( 'Sorry, you do not have permission to manage the Square connection.', 'woocommerce-square' ) );
}
// disconnect by clearing tokens, unscheduling syncs, etc...
$this->disconnect();
$this->get_plugin()->log( 'Manually disconnected' );
$this->get_plugin()->get_message_handler()->add_message( __( 'Disconnected successfully', 'woocommerce-square' ) );
wp_safe_redirect( $this->get_plugin()->get_settings_url() );
exit;
}
/**
* Disconnects the plugin.
*
* @since 2.0.0
*/
public function disconnect() {
// don't try to refresh anymore
$this->unschedule_refresh();
// unschedule the interval sync
$this->get_plugin()->get_sync_handler()->unschedule_sync();
// fully clear the access token
$this->get_plugin()->get_settings_handler()->clear_access_tokens();
$this->get_plugin()->get_settings_handler()->clear_refresh_tokens();
// clear all background jobs so further API requests aren't attempted
$this->get_plugin()->get_background_job_handler()->clear_all_jobs();
}
/** Refresh methods ***********************************************************************************************/
/**
* Schedules the connection refresh.
*
* @since 2.0.0
*/
public function schedule_refresh() {
if ( ! $this->get_plugin()->get_settings_handler()->is_connected() ) {
return;
}
/**
* Filters the frequency with which the OAuth connection should be refreshed.
*
* @since 2.0.0
*
* @param int $interval refresh interval
*/
$interval = apply_filters( 'wc_square_connection_refresh_interval', WEEK_IN_SECONDS );
// Make sure that all refresh actions are cancelled before scheduling it.
$this->unschedule_refresh();
as_schedule_single_action( time() + $interval, 'wc_square_refresh_connection', array(), 'square' );
}
/**
* Refreshes the access token via the Woo proxy.
*
* @since 2.0.0
*/
public function refresh_connection() {
if ( $this->get_plugin()->get_settings_handler()->is_sandbox() ) {
return;
}
try {
if ( $this->get_plugin()->get_settings_handler()->is_debug_enabled() ) {
$this->get_plugin()->log( 'Refreshing connection...' );
}
$refresh_token = $this->get_plugin()->get_settings_handler()->get_refresh_token();
if ( ! $refresh_token ) {
$this->get_plugin()->log( 'No refresh token stored, cannot refresh connection.' );
update_option( 'wc_square_refresh_failed', 'yes' );
wc_square()->get_email_handler()->get_access_token_email()->trigger();
return;
}
$request = array(
'body' => array(
'token' => $this->get_plugin()->get_settings_handler()->get_refresh_token(),
),
'timeout' => 45,
);
// make the request
$response = wp_remote_post( $this->get_refresh_url(), $request );
// handle HTTP errors
if ( is_wp_error( $response ) ) {
throw new \Exception( $response->get_error_message() );
}
$response = new Square\API\Responses\Connection_Refresh_Response( wp_remote_retrieve_body( $response ) );
// check for errors in the response
if ( $response->has_error() ) {
throw new \Exception( $response->get_error_message() );
}
// ensure an access token, just in case
if ( ! $response->get_token() ) {
throw new \Exception( 'Access token missing from the response' );
}
// store the new token
$this->get_plugin()->get_settings_handler()->update_access_token( $response->get_token() );
// In case square updates the refresh token.
if ( $response->get_refresh_token() ) {
$this->get_plugin()->get_settings_handler()->update_refresh_token( $response->get_refresh_token() );
$this->get_plugin()->log( 'Connection successfully refreshed.' );
}
// in case this option was set
delete_option( 'wc_square_refresh_failed' );
} catch ( \Exception $exception ) {
$this->get_plugin()->log( 'Unable to refresh connection: ' . $exception->getMessage() );
update_option( 'wc_square_refresh_failed', 'yes' );
wc_square()->get_email_handler()->get_access_token_email()->trigger();
}
$this->schedule_refresh();
}
/**
* Unschedules the connection refresh.
*
* @since 2.0.0
*/
protected function unschedule_refresh() {
as_unschedule_all_actions( 'wc_square_refresh_connection', array(), 'square' );
}
/** Customer index methods ****************************************************************************************/
/**
* Index existing Square customers.
*
* @since 2.0.0
*
* @param string $cursor pagination cursor
*/
public function index_customers( $cursor = '' ) {
try {
$response = $this->get_plugin()->get_api()->get_customers( $cursor );
if ( $response->get_data() instanceof ListCustomersResponse && is_array( $response->get_data()->getCustomers() ) ) {
Square\Gateway\Customer_Helper::add_customers( $response->get_data()->getCustomers() );
// if there are more customers to query, schedule a followup action to index the next batch of customers
if ( $response->get_data()->getCursor() ) {
$this->schedule_customer_index( $response->get_data()->getCursor() );
}
}
} catch ( \Exception $exception ) {
}
}
/**
* Schedules the customer index action.
*
* @since 2.0.0
*
* @param string $cursor pagination cursor
*/
protected function schedule_customer_index( $cursor = '' ) {
if ( false === as_next_scheduled_action( 'wc_square_index_customers', array( $cursor ), 'square' ) ) {
as_schedule_single_action( time(), 'wc_square_index_customers', array( $cursor ), 'square' );
}
}
/** Getter methods ************************************************************************************************/
/**
* Gets the Connect button HTML.
*
* @since 2.0.0
*
* @param bool $is_sandbox whether to point the button to production or sandbox
* @return string
*/
public function get_connect_button_html( $is_sandbox = false ) {
ob_start();
?>
<a href="<?php echo esc_url( $this->get_connect_url( $is_sandbox ) ); ?>" class="button-primary">
<?php esc_html_e( 'Connect with Square', 'woocommerce-square' ); ?>
</a>
<?php
return ob_get_clean();
}
/**
* Gets the disconnect button HTML.
*
* @since 2.0.0
*
* @return string
*/
public function get_disconnect_button_html() {
ob_start();
?>
<a href="<?php echo esc_url( $this->get_disconnect_url() ); ?>" class='button-primary'>
<?php echo esc_html__( 'Disconnect from Square', 'woocommerce-square' ); ?>
</a>
<?php
return ob_get_clean();
}
/**
* Gets the connection URL.
*
* @since 2.0.0
*
* @param bool $is_sandbox whether to point to production or sandbox
* @param array $args additional query args
*
* @return string
*/
public function get_connect_url( $is_sandbox = false, $args = array() ) {
if ( $is_sandbox ) {
$raw_url = self::CONNECT_URL_SANDBOX;
} else {
$raw_url = self::CONNECT_URL_PRODUCTION;
}
/**
* Filters the connection URL.
*
* @since 2.0.0
*
* @param string $raw_url API URL
*/
$url = (string) apply_filters( 'wc_square_api_url', $raw_url );
$action = 'wc_square_connected';
$redirect_url = wp_nonce_url( add_query_arg( 'action', $action, admin_url() ), $action );
// Append all args.
foreach ( $args as $key => $value ) {
$redirect_url = add_query_arg( $key, $value, $redirect_url );
}
$args = array(
'redirect' => rawurlencode( $redirect_url ),
'scopes' => implode( ',', $this->get_scopes() ),
);
return add_query_arg( $args, $url ); // nosemgrep:audit.php.wp.security.xss.query-arg -- This URL is escaped on output in get_connect_button_html().
}
/**
* Gets the disconnect URL.
*
* @since 2.0.0
*
* @return string
*/
protected function get_disconnect_url() {
$action = 'wc_square_disconnect';
$url = add_query_arg( 'action', $action, admin_url() );
return wp_nonce_url( $url, $action );
}
/**
* Gets the token refresh URL.
*
* @since 2.0.0
*
* @return string
*/
protected function get_refresh_url() {
return $this->get_plugin()->get_settings_handler()->is_sandbox() ? self::REFRESH_URL_SANDBOX : self::REFRESH_URL_PRODUCTION;
}
/**
* Gets the connection scopes.
*
* @since 2.0.0
*
* @return string[]
*/
protected function get_scopes() {
$scopes = array(
'MERCHANT_PROFILE_READ',
'PAYMENTS_READ',
'PAYMENTS_WRITE',
'ORDERS_READ',
'ORDERS_WRITE',
'CUSTOMERS_READ',
'CUSTOMERS_WRITE',
'SETTLEMENTS_READ',
'ITEMS_READ',
'ITEMS_WRITE',
'INVENTORY_READ',
'INVENTORY_WRITE',
'GIFTCARDS_READ',
'GIFTCARDS_WRITE',
'PAYMENTS_WRITE',
'ORDERS_WRITE',
);
/**
* Hook to filter scopes.
*
* @since 2.0.0
*/
return (array) apply_filters( 'wc_square_connection_scopes', $scopes );
}
/**
* Gets the plugin instance.
*
* @since 2.0.0
*
* @return Square\Plugin
*/
public function get_plugin() {
return $this->plugin;
}
}