Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace Woopay’s Development Environment Constants With Global Variables #9019

Merged
merged 9 commits into from
Jul 23, 2024
Merged

Replace Woopay’s Development Environment Constants With Global Variables #9019

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c9cf063
Remove hard-coded dev-secret by adding DEV_BLOG_TOKEN_SECRET env var
lovo-h Jun 25, 2024
c7385c1
Add changelog
lovo-h Jul 2, 2024
624cc94
Allow JP blog token to be used when USE_STORE_BLOG_TOKEN is set
lovo-h Jul 3, 2024
a0ce725
Merge branch 'develop' into debt/2740-woopay-remove-hard-coded-secrets
lovo-h Jul 12, 2024
6480e08
Add 'get_store_blog_token()' to handle different scenarios
lovo-h Jul 14, 2024
7e5cab8
Merge branch 'develop' into debt/2740-woopay-remove-hard-coded-secrets
lovo-h Jul 14, 2024
1379d5a
Update changelog
lovo-h Jul 16, 2024
2253cdb
Log when WooPay has blog_token misconfigured
lovo-h Jul 16, 2024
b408a14
Merge branch 'develop' into debt/2740-woopay-remove-hard-coded-secrets
lovo-h Jul 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelog/fix-2740-woopay-remove-hard-coded-secrets
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: fix

Replace hard-coded development blog-token secret with DEV_BLOG_TOKEN_SECRET global variable.
25 changes: 23 additions & 2 deletions includes/woopay/class-woopay-utilities.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,14 +252,35 @@ public static function get_woopay_url() {
return defined( 'PLATFORM_CHECKOUT_HOST' ) ? PLATFORM_CHECKOUT_HOST : self::DEFAULT_WOOPAY_URL;
}

/**
* Get the store blog token.
*
* @return mixed|string the store blog token.
*/
public static function get_store_blog_token() {
if ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) {
// Using WooPay production: Use the blog token secret from the store blog.
return Jetpack_Options::get_option( 'blog_token' );
} elseif ( apply_filters( 'wcpay_woopay_use_blog_token', false ) ) {
// Requested to use the blog token secret from the store blog.
return Jetpack_Options::get_option( 'blog_token' );
} elseif ( defined( 'DEV_BLOG_TOKEN_SECRET' ) ) {
// Has a defined dev blog token secret: Use it.
return DEV_BLOG_TOKEN_SECRET;
} else {
// TODO: Should we log this?
cesarcosta99 marked this conversation as resolved.
Show resolved Hide resolved
return '';
}
}

/**
* Return an array with encrypted and signed data.
*
* @param array $data The data to be encrypted and signed.
* @return array The encrypted and signed data.
*/
public static function encrypt_and_sign_data( $data ) {
$store_blog_token = ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) ? Jetpack_Options::get_option( 'blog_token' ) : 'dev_mode';
$store_blog_token = self::get_store_blog_token();

if ( empty( $store_blog_token ) ) {
return [];
Expand Down Expand Up @@ -295,7 +316,7 @@ public static function encrypt_and_sign_data( $data ) {
* @return mixed The decoded data.
*/
public static function decrypt_signed_data( $data ) {
$store_blog_token = ( self::get_woopay_url() === self::DEFAULT_WOOPAY_URL ) ? Jetpack_Options::get_option( 'blog_token' ) : 'dev_mode';
$store_blog_token = self::get_store_blog_token();

if ( empty( $store_blog_token ) ) {
return null;
Expand Down
Loading