From bea17db5881dbc80c058fe7eca812f0d82ff4cdc Mon Sep 17 00:00:00 2001
From: Emili Castells Guasch <e.castells@inpsyde.com>
Date: Tue, 6 Aug 2024 09:25:28 +0200
Subject: [PATCH] Use client credentials

---
 modules/ppcp-api-client/services.php          | 14 +++++--
 .../src/Authentication/ClientCredentials.php  | 41 +++++++++++++++++++
 .../src/Authentication/SdkClientToken.php     | 26 ++++++------
 .../src/Authentication/UserIdToken.php        | 26 ++++++------
 4 files changed, 75 insertions(+), 32 deletions(-)
 create mode 100644 modules/ppcp-api-client/src/Authentication/ClientCredentials.php

diff --git a/modules/ppcp-api-client/services.php b/modules/ppcp-api-client/services.php
index 241240ce2..7cb890c18 100644
--- a/modules/ppcp-api-client/services.php
+++ b/modules/ppcp-api-client/services.php
@@ -9,6 +9,7 @@ declare(strict_types=1);
 
 namespace WooCommerce\PayPalCommerce\ApiClient;
 
+use WooCommerce\PayPalCommerce\ApiClient\Authentication\ClientCredentials;
 use WooCommerce\PayPalCommerce\ApiClient\Authentication\SdkClientToken;
 use WooCommerce\PayPalCommerce\ApiClient\Authentication\UserIdToken;
 use WooCommerce\PayPalCommerce\ApiClient\Endpoint\PaymentMethodTokensEndpoint;
@@ -1656,18 +1657,23 @@ return array(
 			return new PurchaseUnitSanitizer( $behavior, $line_name );
 		}
 	),
+	'api.client-credentials' => static function(ContainerInterface $container): ClientCredentials {
+		return new ClientCredentials(
+			$container->get( 'wcgateway.settings' )
+		);
+	},
 	'api.user-id-token'                              => static function( ContainerInterface $container ): UserIdToken {
 		return new UserIdToken(
 			$container->get( 'api.host' ),
-			$container->get( 'api.bearer' ),
-			$container->get( 'woocommerce.logger.woocommerce' )
+			$container->get( 'woocommerce.logger.woocommerce' ),
+			$container->get( 'api.client-credentials' )
 		);
 	},
 	'api.sdk-client-token'                           => static function( ContainerInterface $container ): SdkClientToken {
 		return new SdkClientToken(
 			$container->get( 'api.host' ),
-			$container->get( 'api.bearer' ),
-			$container->get( 'woocommerce.logger.woocommerce' )
+			$container->get( 'woocommerce.logger.woocommerce' ),
+			$container->get( 'api.client-credentials' )
 		);
 	},
 );
diff --git a/modules/ppcp-api-client/src/Authentication/ClientCredentials.php b/modules/ppcp-api-client/src/Authentication/ClientCredentials.php
new file mode 100644
index 000000000..7ec4628a5
--- /dev/null
+++ b/modules/ppcp-api-client/src/Authentication/ClientCredentials.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * The client credentials.
+ *
+ * @package WooCommerce\PayPalCommerce\ApiClient\Authentication
+ */
+
+declare(strict_types=1);
+
+namespace WooCommerce\PayPalCommerce\ApiClient\Authentication;
+
+use WooCommerce\PayPalCommerce\WcGateway\Settings\Settings;
+
+/**
+ * Class ClientCredentials
+ */
+class ClientCredentials {
+
+	/**
+	 * The settings.
+	 *
+	 * @var Settings
+	 */
+	protected $settings;
+
+	/**
+	 * ClientCredentials constructor.
+	 *
+	 * @param Settings $settings The settings.
+	 */
+	public function __construct(Settings $settings) {
+		$this->settings = $settings;
+	}
+
+	public function credentials(): string {
+		$client_id = $this->settings->has( 'client_id' ) ? $this->settings->get( 'client_id' ) : '';
+		$client_secret = $this->settings->has( 'client_secret' ) ? $this->settings->get( 'client_secret' ) : '';
+
+		return 'Basic ' . base64_encode($client_id . ':' . $client_secret);
+	}
+}
diff --git a/modules/ppcp-api-client/src/Authentication/SdkClientToken.php b/modules/ppcp-api-client/src/Authentication/SdkClientToken.php
index ba0f3a373..c55847d30 100644
--- a/modules/ppcp-api-client/src/Authentication/SdkClientToken.php
+++ b/modules/ppcp-api-client/src/Authentication/SdkClientToken.php
@@ -27,13 +27,6 @@ class SdkClientToken {
 	 */
 	private $host;
 
-	/**
-	 * The bearer.
-	 *
-	 * @var Bearer
-	 */
-	private $bearer;
-
 	/**
 	 * The logger.
 	 *
@@ -41,21 +34,28 @@ class SdkClientToken {
 	 */
 	private $logger;
 
+	/**
+	 * The client credentials.
+	 *
+	 * @var ClientCredentials
+	 */
+	private $client_credentials;
+
 	/**
 	 * SdkClientToken constructor.
 	 *
 	 * @param string          $host The host.
-	 * @param Bearer          $bearer The bearer.
 	 * @param LoggerInterface $logger The logger.
+	 * @param ClientCredentials $client_credentials The client credentials.
 	 */
 	public function __construct(
 		string $host,
-		Bearer $bearer,
-		LoggerInterface $logger
+		LoggerInterface $logger,
+		ClientCredentials $client_credentials
 	) {
 		$this->host   = $host;
-		$this->bearer = $bearer;
 		$this->logger = $logger;
+		$this->client_credentials = $client_credentials;
 	}
 
 	/**
@@ -69,8 +69,6 @@ class SdkClientToken {
 	 * @throws RuntimeException If something unexpected happens.
 	 */
 	public function sdk_client_token( string $target_customer_id = '' ): string {
-		$bearer = $this->bearer->bearer();
-
 		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
 		$domain = wp_unslash( $_SERVER['HTTP_HOST'] ?? '' );
 		$domain = preg_replace( '/^www\./', '', $domain );
@@ -89,7 +87,7 @@ class SdkClientToken {
 		$args = array(
 			'method'  => 'POST',
 			'headers' => array(
-				'Authorization' => 'Bearer ' . $bearer->token(),
+				'Authorization' => $this->client_credentials->credentials(),
 				'Content-Type'  => 'application/x-www-form-urlencoded',
 			),
 		);
diff --git a/modules/ppcp-api-client/src/Authentication/UserIdToken.php b/modules/ppcp-api-client/src/Authentication/UserIdToken.php
index cae8cb58a..05dc62282 100644
--- a/modules/ppcp-api-client/src/Authentication/UserIdToken.php
+++ b/modules/ppcp-api-client/src/Authentication/UserIdToken.php
@@ -27,13 +27,6 @@ class UserIdToken {
 	 */
 	private $host;
 
-	/**
-	 * The bearer.
-	 *
-	 * @var Bearer
-	 */
-	private $bearer;
-
 	/**
 	 * The logger.
 	 *
@@ -41,21 +34,28 @@ class UserIdToken {
 	 */
 	private $logger;
 
+	/**
+	 * The client credentials.
+	 *
+	 * @var ClientCredentials
+	 */
+	private $client_credentials;
+
 	/**
 	 * UserIdToken constructor.
 	 *
 	 * @param string          $host The host.
-	 * @param Bearer          $bearer The bearer.
 	 * @param LoggerInterface $logger The logger.
+	 * @param ClientCredentials $client_credentials The client credentials.
 	 */
 	public function __construct(
 		string $host,
-		Bearer $bearer,
-		LoggerInterface $logger
+		LoggerInterface $logger,
+		ClientCredentials $client_credentials
 	) {
 		$this->host   = $host;
-		$this->bearer = $bearer;
 		$this->logger = $logger;
+		$this->client_credentials = $client_credentials;
 	}
 
 	/**
@@ -69,8 +69,6 @@ class UserIdToken {
 	 * @throws RuntimeException If something unexpected happens.
 	 */
 	public function id_token( string $target_customer_id = '' ): string {
-		$bearer = $this->bearer->bearer();
-
 		$url = trailingslashit( $this->host ) . 'v1/oauth2/token?grant_type=client_credentials&response_type=id_token';
 		if ( $target_customer_id ) {
 			$url = add_query_arg(
@@ -84,7 +82,7 @@ class UserIdToken {
 		$args = array(
 			'method'  => 'POST',
 			'headers' => array(
-				'Authorization' => 'Bearer ' . $bearer->token(),
+				'Authorization' => $this->client_credentials->credentials(),
 				'Content-Type'  => 'application/x-www-form-urlencoded',
 			),
 		);