Remove Hard-Coded Dev-Secret by Adding DEV_BLOG_TOKEN_SECRET Env Var (#…

…9019)
Automattic · Jul 23, 2024 · 889d821 · 889d821
1 parent 2c37ea2
commit 889d821
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/changelog/fix-2740-woopay-update-dev-env-constants b/changelog/fix-2740-woopay-update-dev-env-constants
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Replace WooPay's development environment constants with global variables.
diff --git a/includes/woopay/class-woopay-utilities.php b/includes/woopay/class-woopay-utilities.php
@@ -9,6 +9,7 @@
 
 use WC_Payments_Features;
 use WC_Payments_Subscriptions_Utilities;
+use WCPay\Logger;
 use WooPay_Extension;
 use WC_Geolocation;
 use WC_Payments;
@@ -252,14 +253,35 @@ public static function get_woopay_url() {
 		return defined( 'PLATFORM_CHECKOUT_HOST' ) ? PLATFORM_CHECKOUT_HOST : self::DEFAULT_WOOPAY_URL;
 	}
 
+	/**
+	 * Get the store blog token.
+	 *
+	 * @return mixed|string the store blog token.
+	 */
+	public static function get_store_blog_token() {
+		if ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) {
+			// Using WooPay production: Use the blog token secret from the store blog.
+			return Jetpack_Options::get_option( 'blog_token' );
+		} elseif ( apply_filters( 'wcpay_woopay_use_blog_token', false ) ) {
+			// Requested to use the blog token secret from the store blog.
+			return Jetpack_Options::get_option( 'blog_token' );
+		} elseif ( defined( 'DEV_BLOG_TOKEN_SECRET' ) ) {
+			// Has a defined dev blog token secret: Use it.
+			return DEV_BLOG_TOKEN_SECRET;
+		} else {
+			Logger::log( __( 'WooPay blog_token is currently misconfigured.', 'woocommerce-payments' ) );
+			return '';
+		}
+	}
+
 	/**
 	 * Return an array with encrypted and signed data.
 	 *
 	 * @param array $data The data to be encrypted and signed.
 	 * @return array The encrypted and signed data.
 	 */
 	public static function encrypt_and_sign_data( $data ) {
-		$store_blog_token = ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) ? Jetpack_Options::get_option( 'blog_token' ) : 'dev_mode';
+		$store_blog_token = self::get_store_blog_token();
 
 		if ( empty( $store_blog_token ) ) {
 			return [];
@@ -295,7 +317,7 @@ public static function encrypt_and_sign_data( $data ) {
 	 * @return mixed The decoded data.
 	 */
 	public static function decrypt_signed_data( $data ) {
-		$store_blog_token = ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) ? Jetpack_Options::get_option( 'blog_token' ) : 'dev_mode';
+		$store_blog_token = self::get_store_blog_token();
 
 		if ( empty( $store_blog_token ) ) {
 			return null;