Registering an user and logging in about woocommerce-json-api HOT 8 CLOSED

You can authenticate with username/password as well...

I have thought about adding in default permission sets...I could also add a yes/no to automatically generate a token and set default permissions. This would be added into the JSON Settings page.

from woocommerce-json-api.

If you could do that, that'd be awesome. Because now I have to either "hack" in the API key somehow or set the API key per user by hand.

from woocommerce-json-api.

Well having it do this automatically is not really an issue, simple hook into user_register and copy over a default users api settings.

I will add this as a feature asap though...but api keys can be anything you want them to be, it's a string comparision, they can be a hash, a phrase, letters, numbers, any kind of text really...

from woocommerce-json-api.

For now I've hooked into the user_register function. I'm using a simple md5(user_id) as the user_id is always unique and it makes the API key somewhat harder to guess. Maybe uniqid() is better as it's even harder to guess, maybe a combination of both.. I don't know what you think about it :-)

from woocommerce-json-api.

In this case, I would use

<?php
wp_hash_password(date("YmdHis",time() . rand(1000,99999) . $_SERVER['REMOTE_ADDR'] . SECURE_AUTH_SALT);

Would you mind publishing, or sending me your code for this? I can add it into the project... or you can fork the repo, add it, and make a merge request...

from woocommerce-json-api.

Well, the code is quite hacky :P
I can't use the get_user_meta yet as it's not yet been set on_register so I've set it all by hand.

add_action('user_register','set_permissions');

function set_permissions($user_id){
$pluginPrefix = "woocommerce_json_api";
$key = $pluginPrefix . '_settings';

$apiKey = wp_hash_password(date("YmdHis",time()) . rand(1000,99999) . $_SERVER['REMOTE_ADDR'] . SECURE_AUTH_SALT . $user_id);

$ob[$key]["token"] = $apiKey;
$ob[$key]["ips_allowed"] = "";
$ob[$key]["can_access_the_api"] = "yes";
$ob[$key]["can_get_system_time"] = "yes";
$ob[$key]["can_get_supported_attributes"] = "yes";
$ob[$key]["can_get_products"] = "yes";
$ob[$key]["can_get_categories"] = "yes";
$ob[$key]["can_get_taxes"] = "yes";
$ob[$key]["can_get_shipping_methods"] = "yes";
$ob[$key]["can_get_payment_gateways"] = "yes";
$ob[$key]["can_get_tags"] = "yes";
$ob[$key]["can_get_products_by_tags"] = "yes";
$ob[$key]["can_get_customers"] = "yes";
$ob[$key]["can_get_orders"] = "yes";
$ob[$key]["can_get_store_settings"] = "yes";
$ob[$key]["can_get_site_settings"] = "yes";
$ob[$key]["can_get_api_methods"] = "yes";
$ob[$key]["can_get_api_methods"] = "yes";
$ob[$key]["can_get_coupons"] = "yes";
$ob[$key]["can_get_images"] = "yes";
$ob[$key]["can_set_products"] = "no";
$ob[$key]["can_set_categories"] = "no";
$ob[$key]["can_set_orders"] = "no";
$ob[$key]["can_set_store_settings"] = "no";
$ob[$key]["can_set_site_settings"] = "no";

$params = serialize($ob[$key]);
update_user_meta($user_id,$key,$params);

}

from woocommerce-json-api.

Hi Jason, another note.

I've made a few small changes in your code so the api-token is returned. I've done this because the user then only needs to log-in once, then we get the api-key back (if set) and we don't need to save the username/password in our local storage or something. From that moment on, we can use the api-key instead of the username/password.

If you wish for me to merge it, let me know.

from woocommerce-json-api.

Yes please, that was on my todo list

from woocommerce-json-api.