78d7bc1161
1. Auto-login after checkout: - Added wp_set_auth_cookie() and wp_set_current_user() in CheckoutController - Auto-registered users are now logged in when thank-you page loads 2. ThankYou page guest buttons: - Added 'Login / Create Account' button for guests - Shows for both receipt and basic templates - No more dead-end after placing order as guest 3. Forgot password flow: - Created ForgotPassword page component (/forgot-password route) - Added forgot_password API endpoint in AuthController - Uses WordPress retrieve_password() for reset email - Replaced wp-login.php link in Login page
234 lines
6.6 KiB
PHP
234 lines
6.6 KiB
PHP
<?php
|
|
namespace WooNooW\Api;
|
|
|
|
use WP_REST_Request;
|
|
use WP_REST_Response;
|
|
use WP_Error;
|
|
|
|
/**
|
|
* Authentication Controller for Standalone Admin
|
|
*
|
|
* Handles login, logout, and auth status checks for the standalone admin interface.
|
|
*
|
|
* @package WooNooW\Api
|
|
*/
|
|
class AuthController {
|
|
|
|
/**
|
|
* Login endpoint for standalone admin
|
|
*
|
|
* @param WP_REST_Request $request Request object
|
|
* @return WP_REST_Response Response object
|
|
*/
|
|
public static function login( WP_REST_Request $request ): WP_REST_Response {
|
|
$username = sanitize_text_field( $request->get_param( 'username' ) );
|
|
$password = $request->get_param( 'password' );
|
|
|
|
if ( empty( $username ) || empty( $password ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Username and password are required', 'woonoow' ),
|
|
], 400 );
|
|
}
|
|
|
|
// Authenticate user (same as wp-login.php)
|
|
$user = wp_authenticate( $username, $password );
|
|
|
|
if ( is_wp_error( $user ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Invalid username or password', 'woonoow' ),
|
|
], 401 );
|
|
}
|
|
|
|
// Check if user has WooCommerce permissions
|
|
if ( ! user_can( $user, 'manage_woocommerce' ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'You do not have permission to access this area', 'woonoow' ),
|
|
], 403 );
|
|
}
|
|
|
|
// CRITICAL: Clear old cookies first, then set new ones
|
|
// This ensures no stale session data interferes with the new login
|
|
wp_clear_auth_cookie();
|
|
wp_set_current_user( $user->ID );
|
|
wp_set_auth_cookie( $user->ID, true );
|
|
|
|
// Trigger login action (same as wp-login.php)
|
|
do_action( 'wp_login', $user->user_login, $user );
|
|
|
|
// Debug logging
|
|
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
|
|
error_log( '[AuthController::login] Login successful for user ID: ' . $user->ID );
|
|
error_log( '[AuthController::login] Current user ID: ' . get_current_user_id() );
|
|
error_log( '[AuthController::login] Cookies set: ' . ( headers_sent() ? 'Headers already sent!' : 'OK' ) );
|
|
}
|
|
|
|
// Return user data and new nonce
|
|
return new WP_REST_Response( [
|
|
'success' => true,
|
|
'user' => [
|
|
'id' => $user->ID,
|
|
'name' => $user->display_name,
|
|
'email' => $user->user_email,
|
|
'avatar' => get_avatar_url( $user->ID ),
|
|
],
|
|
'nonce' => wp_create_nonce( 'wp_rest' ),
|
|
], 200 );
|
|
}
|
|
|
|
/**
|
|
* Customer login endpoint (no admin permission required)
|
|
*
|
|
* @param WP_REST_Request $request Request object
|
|
* @return WP_REST_Response Response object
|
|
*/
|
|
public static function customer_login( WP_REST_Request $request ): WP_REST_Response {
|
|
$username = sanitize_text_field( $request->get_param( 'username' ) );
|
|
$password = $request->get_param( 'password' );
|
|
|
|
if ( empty( $username ) || empty( $password ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Username and password are required', 'woonoow' ),
|
|
], 400 );
|
|
}
|
|
|
|
// Authenticate user
|
|
$user = wp_authenticate( $username, $password );
|
|
|
|
if ( is_wp_error( $user ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Invalid username or password', 'woonoow' ),
|
|
], 401 );
|
|
}
|
|
|
|
// Clear old cookies and set new ones
|
|
wp_clear_auth_cookie();
|
|
wp_set_current_user( $user->ID );
|
|
wp_set_auth_cookie( $user->ID, true );
|
|
|
|
// Trigger login action
|
|
do_action( 'wp_login', $user->user_login, $user );
|
|
|
|
// Get customer data
|
|
$customer_data = [
|
|
'id' => $user->ID,
|
|
'name' => $user->display_name,
|
|
'email' => $user->user_email,
|
|
'first_name' => get_user_meta( $user->ID, 'first_name', true ),
|
|
'last_name' => get_user_meta( $user->ID, 'last_name', true ),
|
|
'avatar' => get_avatar_url( $user->ID ),
|
|
];
|
|
|
|
return new WP_REST_Response( [
|
|
'success' => true,
|
|
'user' => $customer_data,
|
|
'nonce' => wp_create_nonce( 'wp_rest' ),
|
|
], 200 );
|
|
}
|
|
|
|
/**
|
|
* Logout endpoint
|
|
*
|
|
* @return WP_REST_Response Response object
|
|
*/
|
|
public static function logout(): WP_REST_Response {
|
|
wp_logout();
|
|
|
|
return new WP_REST_Response( [
|
|
'success' => true,
|
|
'message' => __( 'Logged out successfully', 'woonoow' ),
|
|
], 200 );
|
|
}
|
|
|
|
/**
|
|
* Check auth status
|
|
*
|
|
* @return WP_REST_Response Response object
|
|
*/
|
|
public static function check(): WP_REST_Response {
|
|
$is_logged_in = is_user_logged_in();
|
|
|
|
// Debug logging
|
|
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
|
|
error_log( '[AuthController::check] is_user_logged_in: ' . ( $is_logged_in ? 'true' : 'false' ) );
|
|
error_log( '[AuthController::check] Cookies: ' . print_r( $_COOKIE, true ) );
|
|
}
|
|
|
|
if ( ! $is_logged_in ) {
|
|
return new WP_REST_Response( [
|
|
'authenticated' => false,
|
|
'debug' => 'Not logged in',
|
|
], 200 );
|
|
}
|
|
|
|
$user = wp_get_current_user();
|
|
|
|
// Check WooCommerce permission
|
|
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
|
return new WP_REST_Response( [
|
|
'authenticated' => false,
|
|
'message' => __( 'Insufficient permissions', 'woonoow' ),
|
|
'debug' => 'No manage_woocommerce permission',
|
|
], 200 );
|
|
}
|
|
|
|
return new WP_REST_Response( [
|
|
'authenticated' => true,
|
|
'user' => [
|
|
'id' => $user->ID,
|
|
'name' => $user->display_name,
|
|
'email' => $user->user_email,
|
|
'avatar' => get_avatar_url( $user->ID ),
|
|
],
|
|
], 200 );
|
|
}
|
|
|
|
/**
|
|
* Forgot password endpoint - sends password reset email
|
|
*
|
|
* @param WP_REST_Request $request Request object
|
|
* @return WP_REST_Response Response object
|
|
*/
|
|
public static function forgot_password( WP_REST_Request $request ): WP_REST_Response {
|
|
$email = sanitize_email( $request->get_param( 'email' ) );
|
|
|
|
if ( empty( $email ) || ! is_email( $email ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Please enter a valid email address', 'woonoow' ),
|
|
], 400 );
|
|
}
|
|
|
|
// Check if user exists
|
|
$user = get_user_by( 'email', $email );
|
|
|
|
if ( ! $user ) {
|
|
// For security, don't reveal if email exists or not
|
|
// But still return success to prevent email enumeration attacks
|
|
return new WP_REST_Response( [
|
|
'success' => true,
|
|
'message' => __( 'If an account exists with this email, you will receive a password reset link.', 'woonoow' ),
|
|
], 200 );
|
|
}
|
|
|
|
// Use WordPress's built-in password reset functionality
|
|
$result = retrieve_password( $user->user_login );
|
|
|
|
if ( is_wp_error( $result ) ) {
|
|
return new WP_REST_Response( [
|
|
'success' => false,
|
|
'message' => __( 'Failed to send password reset email. Please try again.', 'woonoow' ),
|
|
], 500 );
|
|
}
|
|
|
|
return new WP_REST_Response( [
|
|
'success' => true,
|
|
'message' => __( 'Password reset email sent! Please check your inbox.', 'woonoow' ),
|
|
], 200 );
|
|
}
|
|
}
|