以编程方式获取消费者密钥和秘密

以编程方式获取消费者密钥和秘密

本文介绍了WooCommerce REST Client API - 以编程方式获取消费者密钥和秘密的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在使用客户端 API 来实现一个简单的用户前端来上传产品.函数 client->products->create() 似乎工作正常,但我始终无法解决一个问题.

I am currently using the client-API to implement a simple user front-end to upload products. The function client->products->create() seems to work fine, how ever I can’t get around one issue.

我每次上传产品时,vendor 设置为admin 用户,而不是当前登录的用户.有没有办法通过API 设置vendor?有人做过吗?

Every time I upload a product, the vendor is set to the admin user instead of the user that is currently logged in. Is there a way to set the vendor through the API? Has anybody get done this?

这是我创建的函数,它在提交表单时由 AJaX 调用(我故意将键和网站字段留空):

This is the function I created that is called by AJaX when the form is submitted (I left key and website fields empty here on purpose):

function addProduct()
{

  $options = array(
    'debug'           => false,
    'return_as_array' => false,
    'validate_url'    => false,
    'timeout'         => 30,
    'ssl_verify'      => false,
  );

  try {

    $client = new WC_API_Client('', '', '', $options);

    $productName = $_POST["productname"];
    $price = $_POST["price"];
    $discountPrice = $_POST["discountPrice"];
    $description = $_POST["description"];
    $shortDescription = $_POST["shortDescription"];
    $authorId = 5;

    $client->products->create(array('title' => $productName, 'type' => 'simple', 'regular_price' => $price, 'description' => $description));
  } catch (WC_API_Client_Exception $e) {

    echo $e->getMessage() . PHP_EOL;
    echo $e->getCode() . PHP_EOL;

    if ($e instanceof WC_API_Client_HTTP_Exception) {

      print_r($e->get_request());
      print_r($e->get_response());
    }
  }

  echo ("Publicado" . $authorId);

  // Una función AJaX en WordPress debe siempre terminarse con die().
  die();
}

问题似乎是消费者密钥和消费者秘密,那么,有没有办法以编程方式向客户端提供 API 密钥并动态获取这些密钥?

The problem seems to be the consumer key and consumer secret, so, is there a way to programmatically provide the clients with API keys and get these dynamically?

推荐答案

UPDATE:下面描述的获取消费者密钥的方法将不起作用一旦生成消费者密钥,就无法再从数据库中获取它.存储在这个新表中的消费者密钥与在管理屏幕中生成并传递给最终用户的消费者密钥不同.它似乎是一个 SHA25 版本 这个键.这更安全(以前存储在 wp_usermeta 中的消费者密钥和秘密相当于存储明文密码,因为任何有权访问该数据的人都可以作为这些用户中的任何一个登录 API),但要少一些方便的.赢一些,输一些,但赢在安全上.

UPDATE: The method to obtain the consumer key described below will not work; it is no longer possible to get hold of the consumer key from the database once it has been generated. The consumer key stored in this new table is not the same consumer key that is generated in the admin screens and passed out to the end user. It appears to be an SHA256 hashed a version of this key. This is more secure (previously the consumer key and secret stored in wp_usermeta was tantamount to storing clear-text passwords, as anyone with access to that data would be able to log into the API as any of those users), but is a little less convenient. Win some, lose some, but win on security.

您的 new WC_API_Client() 将在选项之前采用三个参数:$store_url、$consumer_key 和 $consumer_secret.

Your new WC_API_Client() will take three parameters before the options: $store_url, $consumer_key and $consumer_secret.

WC 商店中用于访问 API 的任何用户都需要消费者密钥或消费者秘密.使用者密钥将标识 API 将作为哪个用户运行,并且该用户将链接到通过 API 创建的任何实体.

Any user on the WC shop who is to be used to access the API will need a consumer key or consumer secret. The consumer key will identify which user the API will run as, and it is that user which will be linked to any entities created through the API.

直到最近,您还可以获得这样的用户的这两条信息:

Until recently, you could get these two pieces of information for a user like this:

$consumer_key = get_user_meta($user_id, 'woocommerce_api_consumer_key', true);
$consumer_secret = get_user_meta($user_id, 'woocommerce_api_consumer_secret', true);

其中 $user_id 是将创建项目的用户的 ID.如果您希望当前登录的用户能够以他们的名义创建项目,那么该用户需要获得消费者密钥和秘密,并且需要在适当的 WC/WP 组中允许他们这样做.

Where $user_id is the ID for the user that will be creating items. If you want the current logged in user to be able to create items in their name then that user would need to be given a consumer key and secret, and would need to be in an appropriate WC/WP group to give them permission to do so.

请注意,如果您这样做,那么用户还可以访问 WC 的管理页面以创建这些项目,而不仅仅是通过 API.

Note, that if you do this, then the user will also have access to the admin pages for WC to create these items, and not just through the API.

在 WC 的更高版本中,用户元数据项已移至单独的表:wp_woocommerce_api_keys,因此您需要在那里查看而不是在用户元数据中查看.

In later versions of WC, the user meta items have been moved to a separate table: wp_woocommerce_api_keys so you need to look in there instead of in the user meta.

这将为您提供给定用户 ID 的使用者密钥和秘密:

This will get you the consumer key and secret for a given user ID:

global $wpdb;
$key = $wpdb->get_row( $wpdb->prepare("
    SELECT consumer_key, consumer_secret, permissions
    FROM {$wpdb->prefix}woocommerce_api_keys
    WHERE user_id = %d
", $user_id), ARRAY_A);

结果是这样的:

array(3) {
  ["consumer_key"]=>
  string(64) "58043812eee6aa75c80407f8eb9cec025825f138eb7d60118af66cf4b38060fa"
  ["consumer_secret"]=>
  string(43) "cs_1da716412bb9680d8b06b09160872b7e54416799"
  ["permissions"]=>
  string(10) "read_write"
}

当然,我假设您使用 API 来环回"到当前站点而不是访问远程站点.即使在当前站点上使用 WC API 创建产品也比通过 PHP 对象 API 方便得多.

I am, of course, assuming you are using the API to "loop back" to the current site and not accessing a remote site. Using the WC API to create products even on the current site can be very much more convenient than going through the PHP object API.

我还没有找到任何公共 WC 方法来获取这些详细信息;它们都是私有的,假设只有 WC 需要知道这些细节.

I have not yet found any public WC methods to get these details; they are all private and assume only WC needs to know these details.

这篇关于WooCommerce REST Client API - 以编程方式获取消费者密钥和秘密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-06 04:12