Store tokens in user meta, not post meta

rmccue · rmccue · commit 7e582a9f10bf · 2017-07-01T22:33:26.000+10:00
diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php
@@ -4,8 +4,8 @@
 
 use WP_Error;
 use WP\OAuth2\Client;
-use WP_Query;
 use WP_User;
+use WP_User_Query;
 
 class Access_Token extends Token {
 	const META_PREFIX = '_oauth2_access_';
@@ -19,21 +19,12 @@ protected function get_meta_prefix() {
 	}
 
 	/**
-	 * Get the ID for the user that the token represents.
+	 * Get client for the token.
 	 *
-	 * @return int
+	 * @return Client|null
 	 */
-	public function get_user_id() {
-		return (int) $this->value['user'];
-	}
-
-	/**
-	 * Get the user that the token represents.
-	 *
-	 * @return WP_User|null
-	 */
-	public function get_user() {
-		return get_user_by( 'id', $this->get_user_id() );
+	public function get_client() {
+		return Client::get_by_id( $this->value['client'] );
 	}
 
 	/**
@@ -45,28 +36,28 @@ public function get_user() {
 	public static function get_by_id( $id ) {
 		$key = static::META_PREFIX . $id;
 		$args = array(
-			'post_type'      => Client::POST_TYPE,
-			'post_status'    => 'publish',
-			'posts_per_page' => 1,
-			'no_found_rows'  => true,
-			'meta_query'     => array(
+			'number'      => 1,
+			'count_total' => false,
+			'meta_query'  => array(
 				array(
 					'key'     => $key,
 					'compare' => 'EXISTS',
 				),
 			),
 		);
-		$query = new WP_Query( $args );
-		if ( empty( $query->posts ) ) {
+		$query = new WP_User_Query( $args );
+		$results = $query->get_results();
+		if ( empty( $results ) ) {
 			return null;
 		}
 
-		$value = get_post_meta( $query->posts[0]->ID, wp_slash( $key ), false );
+		$user = $results[0];
+		$value = get_user_meta( $user->ID, wp_slash( $key ), false );
 		if ( empty( $value ) ) {
 			return null;
 		}
 
-		return new static( $key, $value[0] );
+		return new static( $user, $key, $value[0] );
 	}
 
 	/**
@@ -86,20 +77,20 @@ public static function create( Client $client, WP_User $user ) {
 		}
 
 		$data = array(
-			'user' => (int) $user->ID,
+			'client' => $client->get_id(),
 		);
 		$key = wp_generate_password( static::KEY_LENGTH, false );
 		$meta_key = static::META_PREFIX . $key;
 
-		$result = add_post_meta( $client->get_post_id(), wp_slash( $meta_key ), wp_slash( $data ), true );
+		$result = add_user_meta( $user->ID, wp_slash( $meta_key ), wp_slash( $data ), true );
 		if ( ! $result ) {
 			return new WP_Error(
 				'oauth2.tokens.access_token.create.could_not_create',
 				__( 'Unable to create token.', 'oauth2' )
 			);
 		}
 
-		return new static( $key, $data );
+		return new static( $user, $key, $data );
 	}
 
 	/**
diff --git a/inc/tokens/class-token.php b/inc/tokens/class-token.php
@@ -2,7 +2,15 @@
 
 namespace WP\OAuth2\Tokens;
 
+use WP_User;
+
 abstract class Token {
+	/**
+	 * User the token belongs to.
+	 *
+	 * @var WP_User
+	 */
+	protected $user;
 
 	/**
 	 * @var string
@@ -18,11 +26,30 @@ abstract class Token {
 	 * @param string $key
 	 * @param mixed $value
 	 */
-	protected function __construct( $key, $value ) {
+	protected function __construct( WP_User $user, $key, $value ) {
+		$this->user = $user;
 		$this->key = $key;
 		$this->value = $value;
 	}
 
+	/**
+	 * Get the ID for the user that the token represents.
+	 *
+	 * @return int
+	 */
+	public function get_user_id() {
+		return $this->user->ID;
+	}
+
+	/**
+	 * Get the user that the token represents.
+	 *
+	 * @return WP_User
+	 */
+	public function get_user() {
+		return $this->user;
+	}
+
 	/**
 	 * Get the meta prefix.
 	 *
