I have created a custom WooCommerce API endpoint (in a custom WP plugin) for that creates a new order in WooCommerce. I usually use HTTPS and basic auth with consumer key and consumer secret.
This customer API was designed to be accessed by another platform that does not have the ability to enter consumer key and secret in request header. So I would like to disable WooCommerce authentication for this plugin only. I will be authenticating using a field in the original request by comparing a key.
Does anyone know how to do this?
I found the solution:
// To disable authentication, hook into this filter at a later priority and return a valid WP_User
add_filter( 'woocommerce_api_check_authentication', array( $this, 'authenticate' ), 0 );
Comment below lines in file woocommerce/includes/class-wc-rest-authentication.php
if ( !hash_equals( $signature, $consumer_signature ) ) { #codingStandardsIgnoreLine
return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid signature - provided signature does not matchh.', 'woocommerce' ), array( 'status' => 401 ) );
}
If you want to disable authentication for v3, then disable line 152, 153 in plugins/woocommerce/incoudes/api/legacy/v3/class-wc-api-authentication.php
//$this->check_oauth_signature( $keys, $params );
//$this->check_oauth_timestamp_and_nonce( $keys, $params['oauth_timestamp'], $params['oauth_nonce'] );
Related
How can this situation be done?
Wordpress install at ABC.com.
Wordpress install at 123.com.
A new member signs up at abc.com, then instantly and automatically, the same user's email address and password be programmatically inserted into 123.com. After the abc.com sign up process is completed, the new user is redirected to log in at 123.com.
How to achieve that?
you can achieve your functionality using two tricks, firstly you have to connect your wordpress with second DB.
global $wpdb;
$newdb = new wpdb( 'USERNAME' , 'PASSWORD' , 'DATABASE NAME' , 'HOST' );
$newdb->show_errors();
Then you can use the user_register hook to get all data from user upon registration AND update them to new database as a user.
add_action( 'user_register', 'myplugin_registration_save', 10, 1 );
function myplugin_registration_save( $user_id ) {
//print_r($_POST); // to get all information of user
// Insert data in other database
$newdb->insert('wp_users', array(
'display_name' => $_POST['first_name'],
'user_email' => $_POST['user_email'],
'user_phone' => $_POST['user_phone'], // ... and so on
));
}
Haven't tried this code but it will work.
I have defined the following custom endpoint for woocommerce:
add_action( 'rest_api_init', 'custom_endpoint' );
function custom_endpoint() {
register_rest_route( 'wc/v3', 'my_custom_endpoint', array(
'methods' => 'GET',
'callback' => 'return_value',
) );
}
function return_value() {
return "this is my custom endpoint!";
}
However, this endpoint is also accessible if I'm not authenticated using the ck and cs.
How can I protect it the same way all other, default endpoints of the WooCommerce API are protected? (I would prefer not needing another auth plugin for this to work, but to access it with the standard WooCommerce auth keys instead).
Thanks!
Hello use permission_callback with JWT Authentication for WP REST API plugin so it will work fine.
Steps :
1) Install JWT Authentication for WP REST API plugin
2) Set permission_callback
Below code will work well after JWT Authentication for WP REST API plugin installation
add_action('rest_api_init', 'custom_endpoint');
function custom_endpoint(){
register_rest_route('wc/v3', 'my_custom_endpoint', array(
'methods' => 'GET',
'callback' => 'return_value',
'permission_callback' => function($request){
return is_user_logged_in();
}
));
}
function return_value(){
return "this is my custom endpoint!";
}
for more information please check JWT Authentication for WP REST API documentation.
Checked and works well.
Cookie authentication is the standard authentication method included with WordPress. When you log in to your dashboard, this sets up the cookies correctly for you, so plugin and theme developers need only to have a logged-in user.
As an example, this is how the built-in Javascript client creates the nonce:
<?php
wp_localize_script( 'wp-api', 'wpApiSettings', array(
'root' => esc_url_raw( rest_url() ),
'nonce' => wp_create_nonce( 'wp_rest' )
) );
This is then used in the base model:
options.beforeSend = function(xhr) {
xhr.setRequestHeader('X-WP-Nonce', wpApiSettings.nonce);
if (beforeSend) {
return beforeSend.apply(this, arguments);
}
};
Here is an example of editing the title of a post, using jQuery AJAX:
$.ajax( {
url: wpApiSettings.root + 'wp/v2/posts/1',
method: 'POST',
beforeSend: function ( xhr ) {
xhr.setRequestHeader( 'X-WP-Nonce', wpApiSettings.nonce );
},
data:{
'title' : 'Hello Moon'
}
} ).done( function ( response ) {
console.log( response );
} );
Note that you do not need to verify that the nonce is valid inside your custom end point. This is automatically done for you in
rest_cookie_check_errors()
Woocommerce API
https://woocommerce.github.io/woocommerce-rest-api-docs/?php#authentication-over-https
While cookie authentication is the only authentication mechanism
available natively within WordPress, plugins may be added to support
alternative modes of authentication that will work from remote
applications.
As Per Official Document : https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#authentication-plugins
I am trying to get all the user details from wordpress 4.7 through the rest api - wp-json/wp/v2/users.
Currently I am seeing a lot of fields for the user object (close to 100 fields, amr user plugin installed) in the wordpress site, but the api is returning very few fields.
How can I get all the fields of user object in the rest api, should I install any other plugin for the same?
You are only receiving the user fields which are stored in the wp_users table, but not the fields which are stored in the wp_usermeta table.
In order to get all information about a user, you have to get the user meta fields of this user from the REST API.
How to get user meta fields from the REST API:
Look into register_rest_field() to register meta with the rest api.
add_action( 'rest_api_init', 'adding_user_meta_rest' );
function adding_user_meta_rest() {
register_rest_field( 'user',
'collapsed_widgets',
array(
'get_callback' => 'user_meta_callback',
'update_callback' => null,
'schema' => null,
)
);
}
And then put your get_user_meta bit in the callback.
function user_meta_callback( $user, $field_name, $request) {
return get_user_meta( $user[ 'id' ], $field_name, true );
}
The WP_REST_Meta_Fields class may provide more useful insight as well.
The later part of this answer I have found in this answer on WordPress Stackexchange: https://wordpress.stackexchange.com/questions/270154/getting-user-meta-data-from-wp-rest-api
I want to write a program which will create bulk post and bulk pages through a rest api in VIP Wordpress.
According to VIP Wordpress Developer Documentation, it states that wordpress rest api are supported.
and Wordpress Documentation allows us to create both post and pages via rest api.
I do not have access to a VIP wordpress, but has anyone tried to autocreate posts or pages in wordpress using REST API?
Are there any issues regarding this?
if you want to create post page by Rest API in wordpress you have to get authorization which is basically cookies auth , basic auth and oauth.
in bellow i have done by basic auth
<?php
$headers = array (
// 'Authorization' => 'Basic ' . base64_encode( 'username:password' ),
// );
// $response = wp_remote_request( 'url', array(
// 'method' => 'method',
// 'headers' => $headers
// ));
?>
i hope it will be little help for you mate
I am trying to cancel/remove the automatic customer emails that are sent when saving order status as "completed" after the order was shipped.
The reason for not wanting automatic emails to be sent is because I added a a code to the email template file (override) /woocommerce/email/customer-completed-order.php which will display the new order note created in the admin in the email sent to the customer and if we add the order note and save it and then change the order status to completed and save it, a new note is created and an email is sent. So now the note showing in the email sent to the customer is not the note that we wanted to display in the email.
The entire intention of this is to have a nicely designed email with status update "shipped" and include the tracking number of the shipment.
The code that adds the last/newest order note to the email:
<?php
$args = array(
'status' => 'approve',
'post_id' => $order->id
);
$comments = get_comments($args);
foreach($comments as $comment) {
if ($comment === reset ($comments))
echo $comment->comment_content . '.<br />';
}
So I now found a solution for this.
Adding the function from this link:
https://docs.woocommerce.com/document/unhookremove-woocommerce-emails/
add_action( 'woocommerce_email', 'unhook_those_pesky_emails' );
function unhook_those_pesky_emails( $email_class ) {
remove_action( 'woocommerce_order_status_completed_notification', array( $email_class->emails['WC_Email_Customer_Completed_Order'], 'trigger' ) );
}
The above function will disable the automatic email that is sent when saving the order with the status "completed" but you can still manually send the order completed email using the "order actions" and control which last order note is saved while sending the email.
So now we simply change the order status to completed and save, then we add an "order note to customer" (not private) which only contains the tracking number and save it ("add note") and lastly we use the "order actions" to manually send the order completed email to the customer.
Feel free if any questions...
The entire intention of this is to have a nicely designed email with
status update "shipped" and include the tracking number of the
shipment.
I recommend creating your own order status and calling it shipped. Here's how to make it all work: WooCommerce - send custom email on custom order status change
I had a similar issue but resolved it differently:
We disabled the automatic email that is sent once the order is completed (in WC>settings>emails) so no email is sent out when the order is marked completed.
We then changed the email template of the order notes to our desired text (e.g. "Your order has now been completed and is on it's way to you. Please find below the tracking numbers for your shipment") and use the note function for the tracking numbers. They don't link to the tracking website directly but with the shipping agents detailed provided in the template it should be easy for the customer to manually copy and paste for tracking.
Would that work for you?
<?php
$args = array(
'status' => 'approve',
'post_id' => $order->id
);
$comments = get_comments($args);
foreach($comments as $comment)
{
if ($comment === reset ($comments))
echo $comment->comment_content . '.<br />';
}
The above code does not give the desired output(i.e. the last order note to the customer) in WooCommerce(WC) 3.1.0
The working of the above code was due to a bug which was fixed in WC 3.1.0. For the above code to work(to return the last order note to the customer) do the following:
remove the code line: $comments = get_comments($args);
and replace it with:
`remove_filter( 'comments_clauses', array( 'WC_Comments','exclude_order_comments' ), 10, 1 );
$comments = get_comments( $args );
add_filter( 'comments_clauses', array( 'WC_Comments','exclude_order_comments' ), 10, 1 );`
Fo more details on the bug :https://github.com/woocommerce/woocommerce/issues/15982#issuecomment-313235066