Jetpack_Data::get_access_token() - Code Metrics - Inspection of "Adds `is_active` to Connection Manager package" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/is-active-to-connection-pa... ( 30e22c )

unknown

created 2019-06-03 20:00 UTC

Jetpack_Data::get_access_token() A

↳ Parent: Jetpack_Data

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
nc	1
nop	2
dl	0
loc	5
rs	10
c	0
b	0
f	0

<?php

class Jetpack_Data {
	/*
	 * Used internally when we want to look for the Normal Blog Token
	 * without knowing its token key ahead of time.
	 */
	const MAGIC_NORMAL_TOKEN_KEY = ';normal;';

	/**
	 * Gets the requested token.
	 *
	 * Tokens are one of two types:
	 * 1. Blog Tokens: These are the "main" tokens. Each site typically has one Blog Token,
	 *    though some sites can have multiple "Special" Blog Tokens (see below). These tokens
	 *    are not associated with a user account. They represent the site's connection with
	 *    the Jetpack servers.
	 * 2. User Tokens: These are "sub-"tokens. Each connected user account has one User Token.
	 *
	 * All tokens look like "{$token_key}.{$private}". $token_key is a public ID for the
	 * token, and $private is a secret that should never be displayed anywhere or sent
	 * over the network; it's used only for signing things.
	 *
	 * Blog Tokens can be "Normal" or "Special".
	 * * Normal: The result of a normal connection flow. They look like
	 *   "{$random_string_1}.{$random_string_2}"
	 *   That is, $token_key and $private are both random strings.
	 *   Sites only have one Normal Blog Token. Normal Tokens are found in either
	 *   Jetpack_Options::get_option( 'blog_token' ) (usual) or the JETPACK_BLOG_TOKEN
	 *   constant (rare).
	 * * Special: A connection token for sites that have gone through an alternative
	 *   connection flow. They look like:
	 *   ";{$special_id}{$special_version};{$wpcom_blog_id};.{$random_string}"
	 *   That is, $private is a random string and $token_key has a special structure with
	 *   lots of semicolons.
	 *   Most sites have zero Special Blog Tokens. Special tokens are only found in the
	 *   JETPACK_BLOG_TOKEN constant.
	 *
	 * In particular, note that Normal Blog Tokens never start with ";" and that
	 * Special Blog Tokens always do.
	 *
	 * When searching for a matching Blog Tokens, Blog Tokens are examined in the following
	 * order:
	 * 1. Defined Special Blog Tokens (via the JETPACK_BLOG_TOKEN constant)
	 * 2. Stored Normal Tokens (via Jetpack_Options::get_option( 'blog_token' ))
	 * 3. Defined Normal Tokens (via the JETPACK_BLOG_TOKEN constant)
	 *
	 * @deprecated 7.5 Use Connection_Manager instead
	 *
	 * @param int|false    $user_id   false: Return the Blog Token. int: Return that user's User Token.
	 * @param string|false $token_key If provided, check that the token matches the provided input.
	 *                                false                                : Use first token. Default.
	 *                                Jetpack_Data::MAGIC_NORMAL_TOKEN_KEY : Use first Normal Token.
	 *                                non-empty string                     : Use matching token
	 * @return object|false
	 */
	public static function get_access_token( $user_id = false, $token_key = false ) {
		_deprecated_function( __METHOD__, '7.5', 'Connection_Manager' );
		$connection_manager = new Connection_Manager();
		return $connection_manager->get_access_token( $user_id, $token_key );
	}

	/**
	 * This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
	 *
	 * @param $domain
	 * @param array $extra
	 *
	 * @deprecated
	 *
	 * @return bool|WP_Error
	 */
	public static function is_usable_domain( $domain, $extra = array() ) {

		// If it's empty, just fail out.
		if ( ! $domain ) {
			return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
		}

		/**
		 * Skips the usuable domain check when connecting a site.
		 *
		 * Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
		 *
		 * @since 4.1.0
		 *
		 * @param bool If the check should be skipped. Default false.
		 */
		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
			return true;
		}

		// None of the explicit localhosts.
		$forbidden_domains = array(
			'wordpress.com',
			'localhost',
			'localhost.localdomain',
			'127.0.0.1',
			'local.wordpress.test',         // VVV
			'local.wordpress-trunk.test',   // VVV
			'src.wordpress-develop.test',   // VVV
			'build.wordpress-develop.test', // VVV
		);
		if ( in_array( $domain, $forbidden_domains ) ) {
			return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
		}

		// No .test or .local domains
		if ( preg_match( '#\.(test|local)$#i', $domain ) ) {
			return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
		}

		// No WPCOM subdomains
		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
			return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
		}

		// If PHP was compiled without support for the Filter module (very edge case)
		if ( ! function_exists( 'filter_var' ) ) {
			// Just pass back true for now, and let wpcom sort it out.
			return true;
		}

		return true;
	}
}


1		<?php
2
3		class Jetpack_Data {
4		/*
5		* Used internally when we want to look for the Normal Blog Token
6		* without knowing its token key ahead of time.
7		*/
8		const MAGIC_NORMAL_TOKEN_KEY = ';normal;';
9
10		/**
11		* Gets the requested token.
12		*
13		* Tokens are one of two types:
14		* 1. Blog Tokens: These are the "main" tokens. Each site typically has one Blog Token,
15		* though some sites can have multiple "Special" Blog Tokens (see below). These tokens
16		* are not associated with a user account. They represent the site's connection with
17		* the Jetpack servers.
18		* 2. User Tokens: These are "sub-"tokens. Each connected user account has one User Token.
19		*
20		* All tokens look like "{$token_key}.{$private}". $token_key is a public ID for the
21		* token, and $private is a secret that should never be displayed anywhere or sent
22		* over the network; it's used only for signing things.
23		*
24		* Blog Tokens can be "Normal" or "Special".
25		* * Normal: The result of a normal connection flow. They look like
26		* "{$random_string_1}.{$random_string_2}"
27		* That is, $token_key and $private are both random strings.
28		* Sites only have one Normal Blog Token. Normal Tokens are found in either
29		* Jetpack_Options::get_option( 'blog_token' ) (usual) or the JETPACK_BLOG_TOKEN
30		* constant (rare).
31		* * Special: A connection token for sites that have gone through an alternative
32		* connection flow. They look like:
33		* ";{$special_id}{$special_version};{$wpcom_blog_id};.{$random_string}"
34		* That is, $private is a random string and $token_key has a special structure with
35		* lots of semicolons.
36		* Most sites have zero Special Blog Tokens. Special tokens are only found in the
37		* JETPACK_BLOG_TOKEN constant.
38		*
39		* In particular, note that Normal Blog Tokens never start with ";" and that
40		* Special Blog Tokens always do.
41		*
42		* When searching for a matching Blog Tokens, Blog Tokens are examined in the following
43		* order:
44		* 1. Defined Special Blog Tokens (via the JETPACK_BLOG_TOKEN constant)
45		* 2. Stored Normal Tokens (via Jetpack_Options::get_option( 'blog_token' ))
46		* 3. Defined Normal Tokens (via the JETPACK_BLOG_TOKEN constant)
47		*
48		* @deprecated 7.5 Use Connection_Manager instead
49		*
50		* @param int\|false $user_id false: Return the Blog Token. int: Return that user's User Token.
51		* @param string\|false $token_key If provided, check that the token matches the provided input.
52		* false : Use first token. Default.
53		* Jetpack_Data::MAGIC_NORMAL_TOKEN_KEY : Use first Normal Token.
54		* non-empty string : Use matching token
55		* @return object\|false
56		*/
57		public static function get_access_token( $user_id = false, $token_key = false ) {
58		_deprecated_function( __METHOD__, '7.5', 'Connection_Manager' );
59		$connection_manager = new Connection_Manager();
60		return $connection_manager->get_access_token( $user_id, $token_key );
61		}
62
63		/**
64		* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
65		*
66		* @param $domain
67		* @param array $extra
68		*
69		* @deprecated
70		*
71		* @return bool\|WP_Error
72		*/
73	View Code Duplication	public static function is_usable_domain( $domain, $extra = array() ) {
74
75		// If it's empty, just fail out.
76		if ( ! $domain ) {
77		return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
78		}
79
80		/**
81		* Skips the usuable domain check when connecting a site.
82		*
83		* Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
84		*
85		* @since 4.1.0
86		*
87		* @param bool If the check should be skipped. Default false.
88		*/
89		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
90		return true;
91		}
92
93		// None of the explicit localhosts.
94		$forbidden_domains = array(
95		'wordpress.com',
96		'localhost',
97		'localhost.localdomain',
98		'127.0.0.1',
99		'local.wordpress.test', // VVV
100		'local.wordpress-trunk.test', // VVV
101		'src.wordpress-develop.test', // VVV
102		'build.wordpress-develop.test', // VVV
103		);
104		if ( in_array( $domain, $forbidden_domains ) ) {
105		return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
106		}
107
108		// No .test or .local domains
109		if ( preg_match( '#\.(test\|local)$#i', $domain ) ) {
110		return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
111		}
112
113		// No WPCOM subdomains
114		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
115		return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
116		}
117
118		// If PHP was compiled without support for the Filter module (very edge case)
119		if ( ! function_exists( 'filter_var' ) ) {
120		// Just pass back true for now, and let wpcom sort it out.
121		return true;
122		}
123
124		return true;
125		}
126		}
127

Automattic / jetpack

Push — add/is-active-to-connection-pa... ( 30e22c )

Jetpack_Data::get_access_token() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like