Rest_Authentication::wp_rest_authentication_errors() - Code Metrics - Inspection of "Merge branch 'master' into try/inline-connect" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — try/inline-connect ( 8d5d81...1de650 )

unknown

created 2021-06-01 21:09 UTC

wp_rest_authentication_errors() A

↳ Parent: Rest_Authentication

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	1
dl	0
loc	6
rs	10
c	0
b	0
f	0

<?php
/**
 * The Jetpack Connection Rest Authentication file.
 *
 * @package automattic/jetpack-connection
 */

namespace Automattic\Jetpack\Connection;

/**
 * The Jetpack Connection Rest Authentication class.
 */
class Rest_Authentication {

	/**
	 * The rest authentication status.
	 *
	 * @since 8.9.0
	 * @var boolean
	 */
	private $rest_authentication_status = null;

	/**
	 * The rest authentication type.
	 * Can be either 'user' or 'blog' depending on whether the request
	 * is signed with a user or a blog token.
	 *
	 * @since 9.9.0
	 * @var string
	 */
	private $rest_authentication_type = null;

	/**
	 * The Manager object.
	 *
	 * @since 8.9.0
	 * @var Object
	 */
	private $connection_manager = null;

	/**
	 * Holds the singleton instance of this class
	 *
	 * @since 8.9.0
	 * @var Object
	 */
	private static $instance = false;

	/**
	 * Flag used to avoid determine_current_user filter to enter an infinite loop
	 *
	 * @since 9.7.0
	 * @var boolean
	 */
	private $doing_determine_current_user_filter = false;

	/**
	 * The constructor.
	 */
	private function __construct() {
		$this->connection_manager = new Manager();
	}

	/**
	 * Controls the single instance of this class.
	 *
	 * @static
	 */
	public static function init() {
		if ( ! self::$instance ) {
			self::$instance = new self();

			add_filter( 'determine_current_user', array( self::$instance, 'wp_rest_authenticate' ) );
			add_filter( 'rest_authentication_errors', array( self::$instance, 'wp_rest_authentication_errors' ) );
		}

		return self::$instance;
	}

	/**
	 * Authenticates requests from Jetpack server to WP REST API endpoints.
	 * Uses the existing XMLRPC request signing implementation.
	 *
	 * @param int|bool $user User ID if one has been determined, false otherwise.
	 *
	 * @return int|null The user id or null if the request was not authenticated.
	 */
	public function wp_rest_authenticate( $user ) {
		if ( $this->doing_determine_current_user_filter ) {
			return $user;
		}

		$this->doing_determine_current_user_filter = true;

		try {
			if ( ! empty( $user ) ) {
				// Another authentication method is in effect.
				return $user;
			}

			add_filter(
				'jetpack_constant_default_value',
				__NAMESPACE__ . '\Utils::jetpack_api_constant_filter',
				10,
				2
			);

			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
			if ( ! isset( $_GET['_for'] ) || 'jetpack' !== $_GET['_for'] ) {
				// Nothing to do for this authentication method.
				return null;
			}

			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
			if ( ! isset( $_GET['token'] ) && ! isset( $_GET['signature'] ) ) {
				// Nothing to do for this authentication method.
				return null;
			}

			if ( ! isset( $_SERVER['REQUEST_METHOD'] ) ) {
				$this->rest_authentication_status = new \WP_Error(

					'rest_invalid_request',

					__( 'The request method is missing.', 'jetpack' ),
					array( 'status' => 400 )
				);
				return null;
			}

			// Only support specific request parameters that have been tested and
			// are known to work with signature verification.  A different method
			// can be passed to the WP REST API via the '?_method=' parameter if
			// needed.
			if ( 'GET' !== $_SERVER['REQUEST_METHOD'] && 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
				$this->rest_authentication_status = new \WP_Error(

					'rest_invalid_request',

					__( 'This request method is not supported.', 'jetpack' ),
					array( 'status' => 400 )
				);
				return null;
			}
			if ( 'POST' !== $_SERVER['REQUEST_METHOD'] && ! empty( file_get_contents( 'php://input' ) ) ) {
				$this->rest_authentication_status = new \WP_Error(

					'rest_invalid_request',

					__( 'This request method does not support body parameters.', 'jetpack' ),
					array( 'status' => 400 )
				);
				return null;
			}

			$verified = $this->connection_manager->verify_xml_rpc_signature();

			if (
				$verified &&
				isset( $verified['type'] ) &&
				'blog' === $verified['type']
			) {
				// Site-level authentication successful.
				$this->rest_authentication_status = true;
				$this->rest_authentication_type   = 'blog';
				return null;
			}

			if (
				$verified &&
				isset( $verified['type'] ) &&
				'user' === $verified['type'] &&
				! empty( $verified['user_id'] )
			) {
				// User-level authentication successful.
				$this->rest_authentication_status = true;
				$this->rest_authentication_type   = 'user';
				return $verified['user_id'];
			}

			// Something else went wrong.  Probably a signature error.
			$this->rest_authentication_status = new \WP_Error(

				'rest_invalid_signature',

				__( 'The request is not signed correctly.', 'jetpack' ),
				array( 'status' => 400 )
			);
			return null;
		} finally {
			$this->doing_determine_current_user_filter = false;
		}
	}

	/**
	 * Report authentication status to the WP REST API.
	 *
	 * @param  WP_Error|mixed $value Error from another authentication handler, null if we should handle it, or another value if not.
	 * @return WP_Error|boolean|null {@see WP_JSON_Server::check_authentication}
	 */
	public function wp_rest_authentication_errors( $value ) {
		if ( null !== $value ) {
			return $value;
		}
		return $this->rest_authentication_status;
	}

	/**
	 * Resets the saved authentication state in between testing requests.
	 */
	public function reset_saved_auth_state() {
		$this->rest_authentication_status = null;
		$this->connection_manager->reset_saved_auth_state();
	}

	/**
	 * Whether the request was signed with a blog token.
	 *
	 * @since 9.9.0
	 *
	 * @return bool True if the request was signed with a valid blog token, false otherwise.
	 */
	public static function is_signed_with_blog_token() {
		$instance = self::init();

		return true === $instance->rest_authentication_status && 'blog' === $instance->rest_authentication_type;
	}
}


1			<?php
2			/**
3			* The Jetpack Connection Rest Authentication file.
4			*
5			* @package automattic/jetpack-connection
6			*/
7
8			namespace Automattic\Jetpack\Connection;
9
10			/**
11			* The Jetpack Connection Rest Authentication class.
12			*/
13			class Rest_Authentication {
14
15			/**
16			* The rest authentication status.
17			*
18			* @since 8.9.0
19			* @var boolean
20			*/
21			private $rest_authentication_status = null;
22
23			/**
24			* The rest authentication type.
25			* Can be either 'user' or 'blog' depending on whether the request
26			* is signed with a user or a blog token.
27			*
28			* @since 9.9.0
29			* @var string
30			*/
31			private $rest_authentication_type = null;
32
33			/**
34			* The Manager object.
35			*
36			* @since 8.9.0
37			* @var Object
38			*/
39			private $connection_manager = null;
40
41			/**
42			* Holds the singleton instance of this class
43			*
44			* @since 8.9.0
45			* @var Object
46			*/
47			private static $instance = false;
48
49			/**
50			* Flag used to avoid determine_current_user filter to enter an infinite loop
51			*
52			* @since 9.7.0
53			* @var boolean
54			*/
55			private $doing_determine_current_user_filter = false;
56
57			/**
58			* The constructor.
59			*/
60			private function __construct() {
61			$this->connection_manager = new Manager();
62			}
63
64			/**
65			* Controls the single instance of this class.
66			*
67			* @static
68			*/
69			public static function init() {
70			if ( ! self::$instance ) {
71			self::$instance = new self();
72
73			add_filter( 'determine_current_user', array( self::$instance, 'wp_rest_authenticate' ) );
74			add_filter( 'rest_authentication_errors', array( self::$instance, 'wp_rest_authentication_errors' ) );
75			}
76
77			return self::$instance;
78			}
79
80			/**
81			* Authenticates requests from Jetpack server to WP REST API endpoints.
82			* Uses the existing XMLRPC request signing implementation.
83			*
84			* @param int\|bool $user User ID if one has been determined, false otherwise.
85			*
86			* @return int\|null The user id or null if the request was not authenticated.
87			*/
88			public function wp_rest_authenticate( $user ) {
89			if ( $this->doing_determine_current_user_filter ) {
90			return $user;
91			}
92
93			$this->doing_determine_current_user_filter = true;
94
95			try {
96			if ( ! empty( $user ) ) {
97			// Another authentication method is in effect.
98			return $user;
99			}
100
101			add_filter(
102			'jetpack_constant_default_value',
103			__NAMESPACE__ . '\Utils::jetpack_api_constant_filter',
104			10,
105			2
106			);
107
108			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
109			if ( ! isset( $_GET['_for'] ) \|\| 'jetpack' !== $_GET['_for'] ) {
110			// Nothing to do for this authentication method.
111			return null;
112			}
113
114			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
115			if ( ! isset( $_GET['token'] ) && ! isset( $_GET['signature'] ) ) {
116			// Nothing to do for this authentication method.
117			return null;
118			}
119
120			if ( ! isset( $_SERVER['REQUEST_METHOD'] ) ) {
121			$this->rest_authentication_status = new \WP_Error(
			0 ignored issues – show Documentation Bug introduced 2020-08-24 04:33 UTC by Report Bug Copy Issue Report It seems like `new \WP_Error('rest_inva...array('status' => 400))` of type `object<WP_Error>` is incompatible with the declared type `boolean` of property `$rest_authentication_status`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
122			'rest_invalid_request',
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'rest_invalid_request'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
123			__( 'The request method is missing.', 'jetpack' ),
124			array( 'status' => 400 )
125			);
126			return null;
127			}
128
129			// Only support specific request parameters that have been tested and
130			// are known to work with signature verification. A different method
131			// can be passed to the WP REST API via the '?_method=' parameter if
132			// needed.
133			if ( 'GET' !== $_SERVER['REQUEST_METHOD'] && 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
134			$this->rest_authentication_status = new \WP_Error(
			0 ignored issues – show Documentation Bug introduced 2020-08-24 04:33 UTC by Report Bug Copy Issue Report It seems like `new \WP_Error('rest_inva...array('status' => 400))` of type `object<WP_Error>` is incompatible with the declared type `boolean` of property `$rest_authentication_status`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
135			'rest_invalid_request',
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'rest_invalid_request'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
136			__( 'This request method is not supported.', 'jetpack' ),
137			array( 'status' => 400 )
138			);
139			return null;
140			}
141			if ( 'POST' !== $_SERVER['REQUEST_METHOD'] && ! empty( file_get_contents( 'php://input' ) ) ) {
142			$this->rest_authentication_status = new \WP_Error(
			0 ignored issues – show Documentation Bug introduced 2020-08-24 04:33 UTC by Report Bug Copy Issue Report It seems like `new \WP_Error('rest_inva...array('status' => 400))` of type `object<WP_Error>` is incompatible with the declared type `boolean` of property `$rest_authentication_status`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
143			'rest_invalid_request',
			0 ignored issues – show Unused Code introduced 2020-08-24 04:33 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'rest_invalid_request'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
144			__( 'This request method does not support body parameters.', 'jetpack' ),
145			array( 'status' => 400 )
146			);
147			return null;
148			}
149
150			$verified = $this->connection_manager->verify_xml_rpc_signature();
151
152			if (
153			$verified &&
154			isset( $verified['type'] ) &&
155			'blog' === $verified['type']
156			) {
157			// Site-level authentication successful.
158			$this->rest_authentication_status = true;
159			$this->rest_authentication_type = 'blog';
160			return null;
161			}
162
163			if (
164			$verified &&
165			isset( $verified['type'] ) &&
166			'user' === $verified['type'] &&
167			! empty( $verified['user_id'] )
168			) {
169			// User-level authentication successful.
170			$this->rest_authentication_status = true;
171			$this->rest_authentication_type = 'user';
172			return $verified['user_id'];
173			}
174
175			// Something else went wrong. Probably a signature error.
176			$this->rest_authentication_status = new \WP_Error(
			0 ignored issues – show Documentation Bug introduced 2020-08-24 04:33 UTC by Report Bug Copy Issue Report It seems like `new \WP_Error('rest_inva...array('status' => 400))` of type `object<WP_Error>` is incompatible with the declared type `boolean` of property `$rest_authentication_status`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
177			'rest_invalid_signature',
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report The call to `WP_Error::__construct()` has too many arguments starting with `'rest_invalid_signature'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
178			__( 'The request is not signed correctly.', 'jetpack' ),
179			array( 'status' => 400 )
180			);
181			return null;
182			} finally {
183			$this->doing_determine_current_user_filter = false;
184			}
185			}
186
187			/**
188			* Report authentication status to the WP REST API.
189			*
190			* @param WP_Error\|mixed $value Error from another authentication handler, null if we should handle it, or another value if not.
191			* @return WP_Error\|boolean\|null {@see WP_JSON_Server::check_authentication}
192			*/
193			public function wp_rest_authentication_errors( $value ) {
194			if ( null !== $value ) {
195			return $value;
196			}
197			return $this->rest_authentication_status;
198			}
199
200			/**
201			* Resets the saved authentication state in between testing requests.
202			*/
203			public function reset_saved_auth_state() {
204			$this->rest_authentication_status = null;
205			$this->connection_manager->reset_saved_auth_state();
206			}
207
208			/**
209			* Whether the request was signed with a blog token.
210			*
211			* @since 9.9.0
212			*
213			* @return bool True if the request was signed with a valid blog token, false otherwise.
214			*/
215			public static function is_signed_with_blog_token() {
216			$instance = self::init();
217
218			return true === $instance->rest_authentication_status && 'blog' === $instance->rest_authentication_type;
219			}
220			}
221

Automattic / jetpack

Push — try/inline-connect ( 8d5d81...1de650 )

wp_rest_authentication_errors() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like