salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor IGNY8 Bridge to use API key authentication exclusively

Browse Source 
- Removed email/password authentication and related settings from the plugin.
- Updated API connection logic to utilize only the API key for authentication.
- Simplified the admin interface by removing webhook-related settings and messages.
- Enhanced the settings page with improved UI and status indicators for API connection.
- Added a new REST API endpoint to check plugin status and connection health.
- Updated styles for a modernized look and feel across the admin interface.
This commit is contained in:
IGNY8 VPS (Salman)
2025-11-22 10:31:07 +00:00
parent 3b3be535d6
commit a0d9bccb05
10 changed files with 1064 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
igny8-wp-plugin/admin/class-admin.php
View File

@@ -62,9 +62,9 @@ class Igny8Admin {
* Register settings
*/
public function register_settings() {
register_setting('igny8_settings', 'igny8_email');
// Email/password settings removed - using API key only
register_setting('igny8_settings', 'igny8_site_id');
register_setting('igny8_settings', 'igny8_enable_two_way_sync', array(
register_setting('igny8_bridge_connection', 'igny8_connection_enabled', array(
'type' => 'boolean',
'sanitize_callback' => array($this, 'sanitize_boolean'),
'default' => 1
@@ -201,74 +201,42 @@ class Igny8Admin {
}
}
// Handle webhook secret regeneration (use wp_verify_nonce)
if (isset($_POST['igny8_regenerate_secret'])) {
if (empty($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'igny8_regenerate_secret')) {
add_settings_error(
'igny8_settings',
'igny8_nonce_regen',
__('Security check failed. Could not regenerate secret.', 'igny8-bridge'),
'error'
);
} else {
$new_secret = igny8_regenerate_webhook_secret();
add_settings_error(
'igny8_settings',
'igny8_secret_regenerated',
__('Webhook secret regenerated. Update it in your IGNY8 SaaS app settings.', 'igny8-bridge'),
'updated'
);
}
}
// Webhook secret regeneration removed - using API key only
// Include settings template
include IGNY8_BRIDGE_PLUGIN_DIR . 'admin/settings.php';
}
/**
* Handle API connection
* Handle API connection - API key only
*/
private function handle_connection() {
$email = sanitize_email($_POST['igny8_email'] ?? '');
$password = $_POST['igny8_password'] ?? '';
$api_key = sanitize_text_field($_POST['igny8_api_key'] ?? '');
// Check if API key is the placeholder (asterisks) - if so, get the stored key
$is_placeholder = (strpos($api_key, '***') !== false || $api_key === '********');
if ($is_placeholder) {
// Get the existing API key
$api_key = function_exists('igny8_get_secure_option')
? igny8_get_secure_option('igny8_api_key')
: get_option('igny8_api_key');
}
// Require email, password AND API key per updated policy
if (empty($email) || empty($password) || empty($api_key)) {
// API key is required
if (empty($api_key)) {
add_settings_error(
'igny8_settings',
'igny8_error',
__('Email, password and API key are all required to establish the connection.', 'igny8-bridge'),
__('API key is required to connect to IGNY8.', 'igny8-bridge'),
'error'
);
return;
}
// First, attempt login with email/password
// Connect using API key only
$api = new Igny8API();
if (!$api->login($email, $password)) {
if (!$api->connect($api_key)) {
add_settings_error(
'igny8_settings',
'igny8_error',
__('Failed to connect to IGNY8 API with provided credentials.', 'igny8-bridge'),
__('Failed to connect to IGNY8 API. Please verify your API key is correct.', 'igny8-bridge'),
'error'
);
return;
}
// Store email
update_option('igny8_email', $email);
// Store API key securely and also set access token to the API key for subsequent calls
// Only store if it's not the placeholder
if (!$is_placeholder) {