Add verify access token logic.

iamdharmesh · iamdharmesh · commit b69e65059e65 · 2024-08-06T16:49:51.000+05:30
diff --git a/includes/class-mailchimp-admin.php b/includes/class-mailchimp-admin.php
@@ -1,18 +1,26 @@
 <?php
 /**
- * Admin functions for Mailchimp
+ * Class responsible for Admin side functionalities.
  *
  * @package Mailchimp
  */
 
+ // Exit if accessed directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
 /**
- * Admin functions for Mailchimp
+ * Class MailChimp_Admin
+ *
+ * @since x.x.x
  */
 class MailChimp_Admin {
 
 	/**
 	 * The OAuth base endpoint
 	 *
+	 * @since x.x.x
 	 * @var string
 	 */
 	private $oauth_url = 'https://woocommerce.mailchimpapp.com';
@@ -59,7 +67,7 @@ public function start_oauth_process() {
 
 		// Check for errors.
 		if ( $response instanceof WP_Error ) {
-			wp_send_json_error( $response );
+			wp_send_json_error( array( 'message' => $response->get_error_message() ) );
 		}
 
 		// Send the response to the front-end.
@@ -107,21 +115,26 @@ public function finish_oauth_process() {
 
 		// Check for errors.
 		if ( $response instanceof WP_Error ) {
-			wp_send_json_error( $response );
+			wp_send_json_error( array( 'message' => $response->get_error_message() ) );
 		}
 
 		if ( 200 === $response['response']['code'] ) {
-			delete_option( 'mc_api_key' );
-			delete_option( 'mailchimp_sf_access_token' );
-			delete_option( 'mailchimp_sf_data_center' );
-
-			delete_site_transient( 'mailchimp_sf_oauth_secret' );
-
 			// Save the access token and data center.
 			$result = json_decode( $response['body'], true );
 			if ( $result && ! empty( $result['access_token'] ) && ! empty( $result['data_center'] ) ) {
-				update_option( 'mailchimp_sf_data_center', $result['data_center'] );
-				update_option( 'mailchimp_sf_access_token', $result['access_token'] );
+				// Clean up the old data.
+				delete_option( 'mailchimp_sf_access_token' );
+				delete_option( 'mailchimp_sf_data_center' );
+
+				delete_site_transient( 'mailchimp_sf_oauth_secret' );
+
+				// Verify the token.
+				$verify = $this->verify_and_save_oauth_token( $result['access_token'], $result['data_center'] );
+
+				if ( is_wp_error( $verify ) ) {
+					// If there is an error, send it back to the front-end.
+					wp_send_json_error( array( 'message' => $verify->get_error_message() ) );
+				}
 
 				wp_send_json_success( true );
 			} else {
@@ -131,4 +144,41 @@ public function finish_oauth_process() {
 			wp_send_json_error( $response );
 		}
 	}
+
+	/**
+	 * Verify and save the OAuth token.
+	 *
+	 * @param string $access_token The token to verify.
+	 * @param string $data_center  The data center to verify.
+	 * @return mixed
+	 */
+	public function verify_and_save_oauth_token( $access_token, $data_center ) {
+		try {
+			$api = new MailChimp_API( $access_token, $data_center );
+		} catch ( Exception $e ) {
+			$msg = $e->getMessage();
+			return new WP_Error( 'mailchimp-sf-invalid-token', $msg );
+		}
+
+		$user = $api->get( '' );
+		if ( is_wp_error( $user ) ) {
+			return $user;
+		}
+
+		// Might as well set this data if we have it already.
+		$valid_roles = array( 'owner', 'admin', 'manager' );
+		if ( isset( $user['role'] ) && in_array( $user['role'], $valid_roles, true ) ) {
+			$data_encryption = new MailChimp_Data_Encryption();
+			$access_token    = $data_encryption->encrypt( $access_token );
+
+			update_option( 'mailchimp_sf_access_token', $access_token );
+			update_option( 'mailchimp_sf_data_center', $data_center );
+			update_option( 'mc_user', $user );
+			return true;
+
+		} else {
+			$msg = esc_html__( 'API Key must belong to "Owner", "Admin", or "Manager."', 'mailchimp' );
+			return new WP_Error( 'mailchimp-sf-invalid-role', $msg );
+		}
+	}
 }
