Code Coverage for projects/plugins/jetpack/extensions/blocks/premium-content/_inc/subscription-service/class-abstract-token-subscription-service.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	55.20% covered (warning)	55.20%	122 / 221	26.09% covered (danger)	26.09%	6 / 23	CRAP	0.00% covered (danger)	0.00%	0 / 1
Abstract_Token_Subscription_Service	55.71% covered (warning)	55.71%	122 / 219	26.09% covered (danger)	26.09%	6 / 23	1415.31	0.00% covered (danger)	0.00%	0 / 1
__construct	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
initialize	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
get_and_set_token_from_request	100.00% covered (success)	100.00%	5 / 5	100.00% covered (success)	100.00%	1 / 1	2
get_token_payload	100.00% covered (success)	100.00%	7 / 7	100.00% covered (success)	100.00%	1 / 1	3
get_token_property	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	6
visitor_can_view_content	95.24% covered (success)	95.24%	20 / 21	0.00% covered (danger)	0.00%	0 / 1	4
get_subscriber_email	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	6
is_current_user_subscribed	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
is_current_user_pending_subscriber		n/a	0 / 0		n/a	0 / 0	0
user_has_access	84.62% covered (warning)	84.62%	11 / 13	0.00% covered (danger)	0.00%	0 / 1	10.36
maybe_gate_access_for_user_if_post_tier	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	2
get_valid_plan_ids_for_tier	0.00% covered (danger)	0.00%	0 / 40	0.00% covered (danger)	0.00%	0 / 1	462
find_metadata	33.33% covered (danger)	33.33%	2 / 6	0.00% covered (danger)	0.00%	0 / 1	8.74
maybe_gate_access_for_user_if_tier	87.27% covered (warning)	87.27%	48 / 55	0.00% covered (danger)	0.00%	0 / 1	29.62
decode_token	50.00% covered (danger)	50.00%	3 / 6	0.00% covered (danger)	0.00%	0 / 1	6.00
get_key		n/a	0 / 0		n/a	0 / 0	0
access_url	0.00% covered (danger)	0.00%	0 / 6	0.00% covered (danger)	0.00%	0 / 1	12
token_from_cookie	50.00% covered (danger)	50.00%	1 / 2	0.00% covered (danger)	0.00%	0 / 1	2.50
has_token_from_cookie	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	6
set_token_cookie	50.00% covered (danger)	50.00%	2 / 4	0.00% covered (danger)	0.00%	0 / 1	8.12
clear_token_cookie	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	30
token_from_request	100.00% covered (success)	100.00%	5 / 5	100.00% covered (success)	100.00%	1 / 1	4
validate_subscriptions	100.00% covered (success)	100.00%	11 / 11	100.00% covered (success)	100.00%	1 / 1	7
get_rest_api_token_url	0.00% covered (danger)	0.00%	0 / 2	0.00% covered (danger)	0.00%	0 / 1	2
abbreviate_subscriptions	0.00% covered (danger)	0.00%	0 / 11	0.00% covered (danger)	0.00%	0 / 1	72

1	<?php
2	/**
3	* A paywall that exchanges JWT tokens from WordPress.com to allow
4	* a current visitor to view content that has been deemed "Premium content".
5	*
6	* @package Automattic\Jetpack\Extensions\Premium_Content
7	*/
8
9	namespace Automattic\Jetpack\Extensions\Premium_Content\Subscription_Service;
10
11	use Automattic\Jetpack\Extensions\Premium_Content\JWT;
12	use WP_Error;
13	use WP_Post;
14	use const Automattic\Jetpack\Extensions\Subscriptions\META_NAME_FOR_POST_TIER_ID_SETTINGS;
15
16	if ( ! defined( 'ABSPATH' ) ) {
17	exit( 0 );
18	}
19
20	/**
21	* Class Abstract_Token_Subscription_Service
22	*
23	* @package Automattic\Jetpack\Extensions\Premium_Content\Subscription_Service
24	*/
25	abstract class Abstract_Token_Subscription_Service implements Subscription_Service {
26
27	const JWT_AUTH_TOKEN_COOKIE_NAME = 'wp-jp-premium-content-session'; // wp prefix helps with skipping batcache
28	const DECODE_EXCEPTION_FEATURE = 'memberships';
29	const DECODE_EXCEPTION_MESSAGE = 'Problem decoding provided token';
30	const REST_URL_ORIGIN = 'https://subscribe.wordpress.com/';
31	const BLOG_SUB_ACTIVE = 'active';
32	const BLOG_SUB_PENDING = 'pending';
33	const POST_ACCESS_LEVEL_EVERYBODY = 'everybody';
34	const POST_ACCESS_LEVEL_SUBSCRIBERS = 'subscribers';
35	const POST_ACCESS_LEVEL_PAID_SUBSCRIBERS = 'paid_subscribers';
36	const POST_ACCESS_LEVEL_PAID_SUBSCRIBERS_ALL_TIERS = 'paid_subscribers_all_tiers';
37
38	/**
39	* An optional user_id to query against (omitting this will use either the token or current user id)
40	*
41	* @var int\|null
42	*/
43	protected $user_id = null;
44
45	/**
46	* Constructor
47	*
48	* @param int\|null $user_id An optional user_id to query subscriptions against. Uses token from request/cookie or logged-in user information if omitted.
49	*/
50	public function __construct( $user_id = null ) {
51	$this->user_id = $user_id;
52	}
53
54	/**
55	* Initialize the token subscription service.
56	*
57	* @inheritDoc
58	*/
59	public function initialize() {
60	$this->get_and_set_token_from_request();
61	}
62
63	/**
64	* Set the token from the Request to the cookie and retrieve the token.
65	*
66	* @return string\|null
67	*/
68	public function get_and_set_token_from_request() {
69	// URL token always has a precedence, so it can overwrite the cookie when new data available.
70	$token = $this->token_from_request();
71	if ( null !== $token ) {
72	$this->set_token_cookie( $token );
73	return $token;
74	}
75
76	return $this->token_from_cookie();
77	}
78
79	/**
80	* Get the token payload .
81	*
82	* @return array
83	*/
84	public function get_token_payload() {
85	$token = $this->get_and_set_token_from_request();
86	if ( empty( $token ) ) {
87	return array();
88	}
89	$token_payload = $this->decode_token( $token );
90	if ( ! is_array( $token_payload ) ) {
91	return array();
92	}
93	return $token_payload;
94	}
95
96	/**
97	* Get a token property, otherwise return false.
98	*
99	* @param string $key the property name.
100	*
101	* @return mixed\|false
102	*/
103	public function get_token_property( $key ) {
104	$token_payload = $this->get_token_payload();
105	if ( ! isset( $token_payload[ $key ] ) ) {
106	return false;
107	}
108	return $token_payload[ $key ];
109	}
110
111	/**
112	* The user is visiting with a subscriber token cookie.
113	*
114	* This is theoretically where the cookie JWT signature verification
115	* thing will happen.
116	*
117	* How to obtain one of these (or what exactly it is) is
118	* still a WIP (see api/auth branch)
119	*
120	* @inheritDoc
121	*
122	* @param array $valid_plan_ids List of valid plan IDs.
123	* @param array $access_level Access level for content.
124	*
125	* @return bool Whether the user can view the content
126	*/
127	public function visitor_can_view_content( $valid_plan_ids, $access_level ) {
128	global $current_user;
129	$old_user = $current_user; // backup the current user so we can set the current user to the token user for paywall purposes
130
131	$payload = $this->get_token_payload();
132	$is_valid_token = ! empty( $payload );
133
134	if ( $is_valid_token && isset( $payload['user_id'] ) ) {
135	// set the current user to the payload's user id
136	// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
137	$current_user = get_user_by( 'id', $payload['user_id'] );
138	}
139
140	$is_blog_subscriber = false;
141	$is_paid_subscriber = false;
142	$subscriptions = array();
143
144	if ( $is_valid_token ) {
145	/**
146	* Allow access to the content if:
147	*
148	* Active: user has a valid subscription
149	*/
150	$is_blog_subscriber = in_array(
151	$payload['blog_sub'],
152	array(
153	self::BLOG_SUB_ACTIVE,
154	),
155	true
156	);
157	$subscriptions = (array) $payload['subscriptions'];
158	$is_paid_subscriber = static::validate_subscriptions( $valid_plan_ids, $subscriptions );
159	}
160
161	$has_access = $this->user_has_access( $access_level, $is_blog_subscriber, $is_paid_subscriber, get_the_ID(), $subscriptions );
162	// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
163	$current_user = $old_user;
164	return $has_access;
165	}
166
167	/**
168	* Retrieves the email of the currently authenticated subscriber.
169	*
170	* @return string The email address of the current user.
171	*/
172	public function get_subscriber_email() {
173	$email = $this->get_token_property( 'blog_subscriber' );
174	if ( empty( $email ) ) {
175	return '';
176	}
177	return $email;
178	}
179
180	/**
181	* Returns true if the current authenticated user is subscribed to the current site.
182	*
183	* @return boolean
184	*/
185	public function is_current_user_subscribed() {
186	return $this->get_token_property( 'blog_sub' ) === 'active';
187	}
188
189	/**
190	* Returns true if the current authenticated user has a pending subscription to the current site.
191	*
192	* @return bool
193	*/
194	abstract public function is_current_user_pending_subscriber(): bool;
195
196	/**
197	* Return if the user has access to the content depending on the access level and the user rights
198	*
199	* @param string $access_level Post or blog access level.
200	* @param bool $is_blog_subscriber Is user a subscriber of the blog.
201	* @param bool $is_paid_subscriber Is user a paid subscriber of the blog.
202	* @param int $post_id Post ID.
203	* @param array $user_abbreviated_subscriptions User subscription abbreviated.
204	*
205	* @return bool Whether the user has access to the content.
206	*/
207	protected function user_has_access( $access_level, $is_blog_subscriber, $is_paid_subscriber, $post_id, $user_abbreviated_subscriptions ) {
208
209	if ( is_user_logged_in() && current_user_can( 'edit_post', $post_id ) ) {
210	// Admin has access
211	$has_access = true;
212	} else {
213	switch ( $access_level ) {
214	case self::POST_ACCESS_LEVEL_EVERYBODY:
215	default:
216	$has_access = true;
217	break;
218	case self::POST_ACCESS_LEVEL_SUBSCRIBERS:
219	$has_access = $is_blog_subscriber \|\| $is_paid_subscriber;
220	break;
221	case self::POST_ACCESS_LEVEL_PAID_SUBSCRIBERS_ALL_TIERS:
222	$has_access = $is_paid_subscriber;
223	break;
224	case self::POST_ACCESS_LEVEL_PAID_SUBSCRIBERS:
225	$has_access = $is_paid_subscriber &&
226	! $this->maybe_gate_access_for_user_if_post_tier( $post_id, $user_abbreviated_subscriptions );
227	break;
228	}
229	}
230
231	do_action( 'earn_user_has_access', $access_level, $has_access, $is_blog_subscriber, $is_paid_subscriber, $post_id );
232	return $has_access;
233	}
234
235	/**
236	* Check post access for tiers.
237	*
238	* @param int $post_id Current post id.
239	* @param array $user_abbreviated_subscriptions User subscription abbreviated.
240	*
241	* @return bool
242	*/
243	private function maybe_gate_access_for_user_if_post_tier( $post_id, $user_abbreviated_subscriptions ) {
244	$tier_id = intval(
245	get_post_meta( $post_id, META_NAME_FOR_POST_TIER_ID_SETTINGS, true )
246	);
247
248	if ( ! $tier_id ) {
249	return false;
250	}
251
252	return $this->maybe_gate_access_for_user_if_tier( $tier_id, $user_abbreviated_subscriptions );
253	}
254
255	/**
256	* Get all plans id that make access valid for a post with this tier id.
257	*
258	* @param int $tier_id Newsletter tier post ID.
259	*
260	* @return array\|WP_Error
261	*/
262	public static function get_valid_plan_ids_for_tier( int $tier_id ) {
263	// Valid plans are:
264	// - monthly plan with ID $tier_id
265	// - yearly plan related to this $tier_id (in meta jetpack_memberships_tier)
266	// - monthly tiers with same currency and price same or higher than original tier
267	// - yearly plans that are more expensive than the yearly plan linked to the original tier
268
269	$valid_plan_ids = array();
270
271	$all_plans = \Jetpack_Memberships::get_all_plans();
272
273	// Let's get the current tier
274	$tier = null;
275	foreach ( $all_plans as $post ) {
276	if ( $post->ID === $tier_id ) {
277	$tier = $post;
278	break;
279	}
280	}
281
282	if ( $tier === null ) {
283	// We have an error
284	return new WP_Error( 'related-plan-not-found', 'The plan related to the tier cannot be found' );
285	}
286
287	$tier_price = self::find_metadata( $tier, 'jetpack_memberships_price' );
288	$tier_currency = self::find_metadata( $tier, 'jetpack_memberships_currency' );
289	$tier_product_id = self::find_metadata( $tier, 'jetpack_memberships_product_id' );
290
291	if ( $tier_price === null \|\| $tier_currency === null \|\| $tier_product_id === null ) {
292	// There is an issue with the meta
293	return new WP_Error( 'wrong-data-plan-not-found', 'The plan related to the tier is missing data' );
294	}
295
296	$valid_plan_ids[] = $tier_id;
297
298	$tier_price = floatval( $tier_price );
299
300	// At this point we know the post is
301	$annual_tier = null;
302	foreach ( $all_plans as $plan ) {
303	if ( intval( self::find_metadata( $plan, 'jetpack_memberships_tier' ) ) === $tier_id ) {
304	$annual_tier = $plan;
305	break;
306	}
307	}
308
309	$annual_tier_price = null;
310	if ( ! empty( $annual_tier ) ) {
311	$annual_tier_price = floatval( self::find_metadata( $annual_tier, 'jetpack_memberships_price' ) );
312	$valid_plan_ids[] = $annual_tier->ID;
313	}
314
315	foreach ( $all_plans as $post ) {
316	if ( in_array( $post->ID, $valid_plan_ids, true ) ) {
317	continue;
318	}
319
320	$plan_price = self::find_metadata( $post, 'jetpack_memberships_price' );
321	$plan_currency = self::find_metadata( $post, 'jetpack_memberships_currency' );
322	$plan_interval = self::find_metadata( $post, 'jetpack_memberships_interval' );
323
324	if ( $plan_price === null \|\| $plan_currency === null \|\| $plan_interval === null ) {
325	// There is an issue with the meta
326	continue;
327	}
328
329	$plan_price = floatval( $plan_price );
330
331	if ( $tier_currency !== $plan_currency ) {
332	// For now, we don't count if there are different currency (not sure how to convert price in a pure JP env)
333	continue;
334	}
335
336	if ( ( $plan_interval === '1 month' && $plan_price >= $tier_price ) \|\|
337	( $annual_tier_price !== null && $plan_interval === '1 year' && $plan_price >= $annual_tier_price )
338	) {
339	$valid_plan_ids [] = $post->ID;
340	}
341	}
342
343	return $valid_plan_ids;
344	}
345
346	/**
347	* Find metadata in post
348	*
349	* @param WP_Post\|object $post Post.
350	* @param string $meta_key Meta to retrieve.
351	*
352	* @return mixed\|null
353	*/
354	private static function find_metadata( $post, $meta_key ) {
355
356	if ( $post instanceof WP_Post ) {
357	return $post->{$meta_key};
358	}
359
360	foreach ( $post->metadata as $meta ) {
361	if ( $meta->key === $meta_key ) {
362	return $meta->value;
363	}
364	}
365
366	return null;
367	}
368
369	/**
370	* Check access for tier.
371	*
372	* @param int $tier_id Tier id.
373	* @param array $user_abbreviated_subscriptions User subscription abbreviated.
374	*
375	* @return bool
376	*/
377	public function maybe_gate_access_for_user_if_tier( $tier_id, $user_abbreviated_subscriptions ) {
378
379	$plan_ids = \Jetpack_Memberships::get_all_newsletter_plan_ids();
380
381	if ( ! in_array( $tier_id, $plan_ids, true ) ) {
382	// If the tier is not in the plans, we bail
383	return false;
384	}
385
386	// We now need the tier price and currency, and the same for the annual price (if available)
387	$all_plans = \Jetpack_Memberships::get_all_plans();
388	$tier = null;
389	foreach ( $all_plans as $post ) {
390	if ( $post->ID === $tier_id ) {
391	$tier = $post;
392	break;
393	}
394	}
395
396	if ( $tier === null ) {
397	return false;
398	}
399
400	$tier_price = self::find_metadata( $tier, 'jetpack_memberships_price' );
401	$tier_currency = self::find_metadata( $tier, 'jetpack_memberships_currency' );
402	$tier_product_id = self::find_metadata( $tier, 'jetpack_memberships_product_id' );
403	$annual_tier_price = $tier_price * 12;
404
405	if ( $tier_price === null \|\| $tier_currency === null \|\| $tier_product_id === null ) {
406	// There is an issue with the meta
407	return false;
408	}
409
410	$tier_price = floatval( $tier_price );
411
412	// At this point we know the post is
413	$annual_tier_id = null;
414	$annual_tier = null;
415	foreach ( $all_plans as $plan ) {
416	if ( intval( self::find_metadata( $plan, 'jetpack_memberships_tier' ) ) === $tier_id ) {
417	$annual_tier = $plan;
418	break;
419	}
420	}
421
422	$annual_tier_price = null;
423	if ( ! empty( $annual_tier ) ) {
424	$annual_tier_id = $annual_tier->ID;
425	$annual_tier_price = floatval( self::find_metadata( $annual_tier, 'jetpack_memberships_price' ) );
426	}
427
428	foreach ( $user_abbreviated_subscriptions as $subscription_plan_id => $details ) {
429	$details = (array) $details;
430	$end = is_int( $details['end_date'] ) ? $details['end_date'] : strtotime( $details['end_date'] );
431	if ( $end < time() ) {
432	// subscription not active anymore
433	continue;
434	}
435
436	$subscription_post = null;
437	foreach ( $all_plans as $plan ) {
438	if ( intval( self::find_metadata( $plan, 'jetpack_memberships_product_id' ) ) === intval( $subscription_plan_id ) ) {
439	$subscription_post = $plan;
440	break;
441	}
442	}
443
444	if ( empty( $subscription_post ) ) {
445	// No post linked to this plan
446	continue;
447	}
448	$subscription_post_id = $subscription_post->ID;
449
450	if ( $subscription_post_id === $tier_id \|\| $subscription_post_id === $annual_tier_id ) {
451	// User is subscribed to the right tier
452	return false;
453	}
454
455	$subscription_price = self::find_metadata( $subscription_post, 'jetpack_memberships_price' );
456	$subscription_currency = self::find_metadata( $subscription_post, 'jetpack_memberships_currency' );
457	$subscription_interval = self::find_metadata( $subscription_post, 'jetpack_memberships_interval' );
458
459	if ( $subscription_price === null \|\| $subscription_currency === null \|\| $subscription_interval === null ) {
460	// There is an issue with the meta
461	continue;
462	}
463
464	$subscription_price = floatval( $subscription_price );
465
466	if ( $tier_currency !== $subscription_currency ) {
467	// For now, we don't count if there are different currency (not sure how to convert price in a pure JP env)
468	continue;
469	}
470
471	if ( ( $subscription_interval === '1 month' && $subscription_price >= $tier_price ) \|\|
472	( $annual_tier_price !== null && $subscription_interval === '1 year' && $subscription_price >= $annual_tier_price )
473	) {
474	// One subscription is more expensive than the minimum set by the post' selected tier
475	return false;
476	}
477	}
478	return true; // No user subscription is more expensive than the post's tier price...
479	}
480
481	/**
482	* Decode the given token.
483	*
484	* @param string $token Token to decode.
485	*
486	* @return array\|false
487	*/
488	public function decode_token( $token ) {
489	if ( empty( $token ) ) {
490	return false;
491	}
492
493	try {
494	$key = $this->get_key();
495	return $key ? (array) JWT::decode( $token, $key, array( 'HS256' ) ) : false;
496	} catch ( \Exception $exception ) {
497	return false;
498	}
499	}
500
501	/**
502	* Get the key for decoding the auth token.
503	*
504	* @return string\|false
505	*/
506	abstract public function get_key();
507
508	// phpcs:disable
509	/**
510	* Get the URL to access the protected content.
511	*
512	* @param string $mode Access mode (either "subscribe" or "login").
513	*/
514	public function access_url( $mode = 'subscribe', $permalink = null ) {
515	global $wp;
516	if ( empty( $permalink ) ) {
517	$permalink = get_permalink();
518	if ( empty( $permalink ) ) {
519	$permalink = add_query_arg( $wp->query_vars, home_url( $wp->request ) );
520	}
521	}
522
523	$login_url = $this->get_rest_api_token_url( $this->get_site_id(), $permalink );
524	return $login_url;
525	}
526	// phpcs:enable
527
528	/**
529	* Get the token stored in the auth cookie.
530	*
531	* @return ?string
532	*/
533	private function token_from_cookie() {
534	if ( isset( $_COOKIE[ self::JWT_AUTH_TOKEN_COOKIE_NAME ] ) ) {
535	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
536	return $_COOKIE[ self::JWT_AUTH_TOKEN_COOKIE_NAME ];
537	}
538	}
539
540	/**
541	* Check whether the JWT_TOKEN cookie is set
542	*
543	* @return bool
544	*/
545	public static function has_token_from_cookie() {
546	return isset( $_COOKIE[ self::JWT_AUTH_TOKEN_COOKIE_NAME ] ) && ! empty( $_COOKIE[ self::JWT_AUTH_TOKEN_COOKIE_NAME ] );
547	}
548
549	/**
550	* Store the auth cookie.
551	*
552	* @param string $token Auth token.
553	* @return void
554	*/
555	private function set_token_cookie( $token ) {
556	if ( defined( 'TESTING_IN_JETPACK' ) && TESTING_IN_JETPACK ) {
557	return;
558	}
559
560	if ( ! empty( $token ) && ! headers_sent() ) {
561	// phpcs:ignore Jetpack.Functions.SetCookie.FoundNonHTTPOnlyFalse
562	setcookie( self::JWT_AUTH_TOKEN_COOKIE_NAME, $token, strtotime( '+1 month' ), '/', '', is_ssl(), false );
563	}
564	}
565
566	/**
567	* Clear the auth cookie.
568	*/
569	public static function clear_token_cookie() {
570	if ( defined( 'TESTING_IN_JETPACK' ) && TESTING_IN_JETPACK ) {
571	return;
572	}
573
574	if ( ! self::has_token_from_cookie() ) {
575	return;
576	}
577
578	unset( $_COOKIE[ self::JWT_AUTH_TOKEN_COOKIE_NAME ] );
579
580	if ( ! headers_sent() ) {
581	// phpcs:ignore Jetpack.Functions.SetCookie.FoundNonHTTPOnlyFalse
582	setcookie( self::JWT_AUTH_TOKEN_COOKIE_NAME, '', 1, '/', '', is_ssl(), false );
583	}
584	}
585
586	/**
587	* Get the token if present in the current request.
588	*
589	* @return ?string
590	*/
591	private function token_from_request() {
592	$token = null;
593	// phpcs:ignore WordPress.Security.NonceVerification.Recommended
594	if ( isset( $_GET['token'] ) && is_string( $_GET['token'] ) ) {
595	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended
596	if ( preg_match( '/^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/', $_GET['token'], $matches ) ) {
597	// token matches a valid JWT token pattern.
598	$token = reset( $matches );
599	}
600	}
601	return $token;
602	}
603
604	/**
605	* Return true if any ID/date pairs are valid. Otherwise false.
606	*
607	* @param int[] $valid_plan_ids List of valid plan IDs.
608	* @param object[] $token_subscriptions : ID must exist in the provided <code>$valid_subscriptions</code> parameter.
609	* The provided end date needs to be greater than <code>now()</code>.
610	*
611	* @return bool
612	*/
613	public static function validate_subscriptions( array $valid_plan_ids, array $token_subscriptions ) {
614	// Create a list of product_ids to compare against.
615	$product_ids = array();
616	foreach ( $valid_plan_ids as $plan_id ) {
617	$product_id = (int) get_post_meta( $plan_id, 'jetpack_memberships_product_id', true );
618	if ( isset( $product_id ) ) {
619	$product_ids[] = $product_id;
620	}
621	}
622
623	foreach ( $token_subscriptions as $product_id => $token_subscription ) {
624	if ( in_array( intval( $product_id ), $product_ids, true ) ) {
625	$end = is_int( $token_subscription->end_date ) ? $token_subscription->end_date : strtotime( $token_subscription->end_date );
626	if ( $end > time() ) {
627	return true;
628	}
629	}
630	}
631	return false;
632	}
633
634	/**
635	* Get the URL of the JWT endpoint.
636	*
637	* @param int $site_id Site ID.
638	* @param string $redirect_url URL to redirect after checking the token validity.
639	* @return string URL of the JWT endpoint.
640	*/
641	private function get_rest_api_token_url( $site_id, $redirect_url ) {
642	// The redirect url might have a part URL encoded but not the whole URL.
643	$redirect_url = rawurldecode( $redirect_url );
644	return sprintf( '%smemberships/jwt?site_id=%d&redirect_url=%s', self::REST_URL_ORIGIN, $site_id, rawurlencode( $redirect_url ) );
645	}
646
647	/**
648	* Report the subscriptions as an ID => [ 'end_date' => ]. mapping
649	*
650	* @param array $subscriptions_from_bd List of subscriptions from BD.
651	*
652	* @return array<int, array>
653	*/
654	public static function abbreviate_subscriptions( $subscriptions_from_bd ) {
655
656	if ( empty( $subscriptions_from_bd ) ) {
657	return array();
658	}
659
660	$subscriptions = array();
661	foreach ( $subscriptions_from_bd as $subscription ) {
662	// We are picking the expiry date that is the most in the future.
663	if (
664	'active' === $subscription['status'] && (
665	! isset( $subscriptions[ $subscription['product_id'] ] ) \|\|
666	empty( $subscription['end_date'] ) \|\| // Special condition when subscription has no expiry date - we will default to a year from now for the purposes of the token.
667	strtotime( $subscription['end_date'] ) > strtotime( (string) $subscriptions[ $subscription['product_id'] ]->end_date )
668	)
669	) {
670	$subscriptions[ $subscription['product_id'] ] = new \stdClass();
671	$subscriptions[ $subscription['product_id'] ]->end_date = empty( $subscription['end_date'] ) ? ( time() + 365 * 24 * 3600 ) : $subscription['end_date'];
672	}
673	}
674	return $subscriptions;
675	}
676	}