Registering an user and logging in
Closed this issue · 8 comments
Hi,
First of all, thanks for the API, I really like it.
I'm developing a multi-platform app for Woocommerce using your API. I've got an user with the API-key set up by hand. But is it possible to automatically set an API key on registration (e.g. User registers on the website, the API key now is empty, I would like to set it to some value).
Is it also possible to set the default permissions for a newly registered user?
Then the last question... Is there any way to "log the user in" and retrieve the API key?
Thanks in advance!
You can authenticate with username/password as well...
I have thought about adding in default permission sets...I could also add a yes/no to automatically generate a token and set default permissions. This would be added into the JSON Settings page.
If you could do that, that'd be awesome. Because now I have to either "hack" in the API key somehow or set the API key per user by hand.
Well having it do this automatically is not really an issue, simple hook into user_register and copy over a default users api settings.
I will add this as a feature asap though...but api keys can be anything you want them to be, it's a string comparision, they can be a hash, a phrase, letters, numbers, any kind of text really...
For now I've hooked into the user_register function. I'm using a simple md5(user_id) as the user_id is always unique and it makes the API key somewhat harder to guess. Maybe uniqid() is better as it's even harder to guess, maybe a combination of both.. I don't know what you think about it :-)
In this case, I would use
<?php
wp_hash_password(date("YmdHis",time() . rand(1000,99999) . $_SERVER['REMOTE_ADDR'] . SECURE_AUTH_SALT);Would you mind publishing, or sending me your code for this? I can add it into the project... or you can fork the repo, add it, and make a merge request...
Well, the code is quite hacky :P
I can't use the get_user_meta yet as it's not yet been set on_register so I've set it all by hand.
add_action('user_register','set_permissions');
function set_permissions($user_id){
$pluginPrefix = "woocommerce_json_api";
$key = $pluginPrefix . '_settings';
$apiKey = wp_hash_password(date("YmdHis",time()) . rand(1000,99999) . $_SERVER['REMOTE_ADDR'] . SECURE_AUTH_SALT . $user_id);
$ob[$key]["token"] = $apiKey;
$ob[$key]["ips_allowed"] = "";
$ob[$key]["can_access_the_api"] = "yes";
$ob[$key]["can_get_system_time"] = "yes";
$ob[$key]["can_get_supported_attributes"] = "yes";
$ob[$key]["can_get_products"] = "yes";
$ob[$key]["can_get_categories"] = "yes";
$ob[$key]["can_get_taxes"] = "yes";
$ob[$key]["can_get_shipping_methods"] = "yes";
$ob[$key]["can_get_payment_gateways"] = "yes";
$ob[$key]["can_get_tags"] = "yes";
$ob[$key]["can_get_products_by_tags"] = "yes";
$ob[$key]["can_get_customers"] = "yes";
$ob[$key]["can_get_orders"] = "yes";
$ob[$key]["can_get_store_settings"] = "yes";
$ob[$key]["can_get_site_settings"] = "yes";
$ob[$key]["can_get_api_methods"] = "yes";
$ob[$key]["can_get_api_methods"] = "yes";
$ob[$key]["can_get_coupons"] = "yes";
$ob[$key]["can_get_images"] = "yes";
$ob[$key]["can_set_products"] = "no";
$ob[$key]["can_set_categories"] = "no";
$ob[$key]["can_set_orders"] = "no";
$ob[$key]["can_set_store_settings"] = "no";
$ob[$key]["can_set_site_settings"] = "no";
$params = serialize($ob[$key]);
update_user_meta($user_id,$key,$params);
}
Hi Jason, another note.
I've made a few small changes in your code so the api-token is returned. I've done this because the user then only needs to log-in once, then we get the api-key back (if set) and we don't need to save the username/password in our local storage or something. From that moment on, we can use the api-key instead of the username/password.
If you wish for me to merge it, let me know.
Yes please, that was on my todo list