magdev/wc-licensed-product
1
Fork 0
Code Issues Pull Requests Actions Releases 4 Activity

Fix API Verification Secret not visible in Docker environments

Browse Source 
- Add ResponseSigner::getServerSecret() to check multiple sources
- Check constant, getenv(), $_ENV, and $_SERVER for server secret
- Update Plugin.php to use ResponseSigner::isSigningEnabled()
- Maintains backward compatibility with standard WordPress setups

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Marco Grätsch
2026-02-01 13:52:57 +01:00
parent a879be989c
commit e0001c3f4e
2 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/Api/ResponseSigner.php
View File

@@ -26,9 +26,7 @@ final class ResponseSigner
public function __construct() public function __construct()
{ {
$this->serverSecret = defined('WC_LICENSE_SERVER_SECRET') $this->serverSecret = self::getServerSecret();
? WC_LICENSE_SERVER_SECRET
: '';
} }
/** /**
@@ -185,7 +183,7 @@ final class ResponseSigner
*/ */
public static function getCustomerSecretForLicense(string $licenseKey): ?string public static function getCustomerSecretForLicense(string $licenseKey): ?string
{ {
$serverSecret = defined('WC_LICENSE_SERVER_SECRET') ? WC_LICENSE_SERVER_SECRET : ''; $serverSecret = self::getServerSecret();
if (empty($serverSecret)) { if (empty($serverSecret)) {
return null; return null;
@@ -201,6 +199,40 @@ final class ResponseSigner
*/ */
public static function isSigningEnabled(): bool public static function isSigningEnabled(): bool
{ {
return defined('WC_LICENSE_SERVER_SECRET') && !empty(WC_LICENSE_SERVER_SECRET); return !empty(self::getServerSecret());
}
/**
* Get the server secret from constant or environment variable
*
* Checks in order:
* 1. WC_LICENSE_SERVER_SECRET constant (preferred)
* 2. WC_LICENSE_SERVER_SECRET environment variable (Docker fallback)
*
* @return string The server secret, or empty string if not configured
*/
public static function getServerSecret(): string
{
// First check the constant (standard WordPress configuration)
if (defined('WC_LICENSE_SERVER_SECRET') && !empty(WC_LICENSE_SERVER_SECRET)) {
return WC_LICENSE_SERVER_SECRET;
}
// Fallback to environment variable (Docker environments)
$envSecret = getenv('WC_LICENSE_SERVER_SECRET');
if ($envSecret !== false && !empty($envSecret)) {
return $envSecret;
}
// Also check $_ENV and $_SERVER (some PHP configurations)
if (!empty($_ENV['WC_LICENSE_SERVER_SECRET'])) {
return $_ENV['WC_LICENSE_SERVER_SECRET'];
}
if (!empty($_SERVER['WC_LICENSE_SERVER_SECRET'])) {
return $_SERVER['WC_LICENSE_SERVER_SECRET'];
}
return '';
} }
} }

2
src/Plugin.php
View File

@@ -147,7 +147,7 @@ final class Plugin
new LicenseEmailController($this->licenseManager); new LicenseEmailController($this->licenseManager);
// Initialize response signing if server secret is configured // Initialize response signing if server secret is configured
if (defined('WC_LICENSE_SERVER_SECRET') && WC_LICENSE_SERVER_SECRET !== '') { if (ResponseSigner::isSigningEnabled()) {
(new ResponseSigner())->register(); (new ResponseSigner())->register();
} }