Add Gutenberg compatibility

- Fixed Maximun recursion error - Fix #126
Tmeister · Nov 7, 2018 · 3d61a66 · 3d61a66
1 parent c2cd963
commit 3d61a66
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.vscode
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ So, to use the **wp-api-jwt-auth** you need to install and activate [WP REST API
 
 **Minimum PHP version: 5.3.0**
 
-### Enable PHP HTTP Authorization Header 
+### Enable PHP HTTP Authorization Header
 
 #### Shared Hosts
 
@@ -84,10 +84,10 @@ When the plugin is activated, a new namespace is added.
 Also, two new endpoints are added to this namespace.
 
 
-Endpoint | HTTP Verb
---- | ---
-*/wp-json/jwt-auth/v1/token* | POST
-*/wp-json/jwt-auth/v1/token/validate* | POST
+| Endpoint                              | HTTP Verb |
+| ------------------------------------- | --------- |
+| */wp-json/jwt-auth/v1/token*          | POST      |
+| */wp-json/jwt-auth/v1/token/validate* | POST      |
 
 ## Usage
 ### /wp-json/jwt-auth/v1/token

diff --git a/includes/class-jwt-auth.php b/includes/class-jwt-auth.php
@@ -93,25 +93,25 @@ private function load_dependencies()
         /**
          * Load dependecies managed by composer.
          */
-        require_once plugin_dir_path(dirname(__FILE__)).'includes/vendor/autoload.php';
+        require_once plugin_dir_path(dirname(__FILE__)) . 'includes/vendor/autoload.php';
 
         /**
          * The class responsible for orchestrating the actions and filters of the
          * core plugin.
          */
-        require_once plugin_dir_path(dirname(__FILE__)).'includes/class-jwt-auth-loader.php';
+        require_once plugin_dir_path(dirname(__FILE__)) . 'includes/class-jwt-auth-loader.php';
 
         /**
          * The class responsible for defining internationalization functionality
          * of the plugin.
          */
-        require_once plugin_dir_path(dirname(__FILE__)).'includes/class-jwt-auth-i18n.php';
+        require_once plugin_dir_path(dirname(__FILE__)) . 'includes/class-jwt-auth-i18n.php';
 
         /**
          * The class responsible for defining all actions that occur in the public-facing
          * side of the site.
          */
-        require_once plugin_dir_path(dirname(__FILE__)).'public/class-jwt-auth-public.php';
+        require_once plugin_dir_path(dirname(__FILE__)) . 'public/class-jwt-auth-public.php';
 
         $this->loader = new Jwt_Auth_Loader();
     }
@@ -141,8 +141,27 @@ private function define_public_hooks()
         $plugin_public = new Jwt_Auth_Public($this->get_plugin_name(), $this->get_version());
         $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
         $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
-        $this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
-        $this->loader->add_filter( 'rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2 );
+        $this->loader->add_filter('rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2);
+        /**
+         * Gutenberg fix
+         * Now with Gutenberg the WP API usage is masive and most of the call are in the admin.
+         * The JWT token should be used only when the user is not logged in, aka remote calls.
+         * This validation search for the WordPress logged in cookie if exists the filter on
+         * the determine_current_user hook is not applied.
+         *
+         * @since 1.2.5
+         */
+        $is_user_logged_in = false;
+        foreach ($_COOKIE as $name => $value) {
+            if (strpos($name, 'wordpress_logged_in_') === 0) {
+                $is_user_logged_in = true;
+                break;
+            }
+        }
+        if (!$is_user_logged_in) {
+            $this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
+
+        }
     }
 
     /**

diff --git a/jwt-auth.php b/jwt-auth.php
@@ -15,7 +15,7 @@
  * Plugin Name:       JWT Authentication for WP-API
  * Plugin URI:        https://enriquechavez.co
  * Description:       Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
- * Version:           1.2.4
+ * Version:           1.2.5
  * Author:            Enrique Chavez
  * Author URI:        https://enriquechavez.co
  * License:           GPL-2.0+

diff --git a/public/class-jwt-auth-public.php b/public/class-jwt-auth-public.php
@@ -64,7 +64,7 @@ public function __construct($plugin_name, $version)
     {
         $this->plugin_name = $plugin_name;
         $this->version = $version;
-        $this->namespace = $this->plugin_name.'/v'.intval($this->version);
+        $this->namespace = $this->plugin_name . '/v' . intval($this->version);
     }
 
     /**
@@ -125,7 +125,7 @@ public function generate_token($request)
         if (is_wp_error($user)) {
             $error_code = $user->get_error_code();
             return new WP_Error(
-                '[jwt_auth] '.$error_code,
+                '[jwt_auth] ' . $error_code,
                 $user->get_error_message($error_code),
                 array(
                     'status' => 403,
@@ -184,7 +184,7 @@ public function determine_current_user($user)
          **/
         $rest_api_slug = rest_get_url_prefix();
         $valid_api_uri = strpos($_SERVER['REQUEST_URI'], $rest_api_slug);
-        if(!$valid_api_uri){
+        if (!$valid_api_uri) {
             return $user;
         }
 
@@ -226,12 +226,11 @@ public function validate_token($output = true)
          * Looking for the HTTP_AUTHORIZATION header, if not present just
          * return the user.
          */
-        $auth = isset($_SERVER['HTTP_AUTHORIZATION']) ?  $_SERVER['HTTP_AUTHORIZATION'] : false;
-
+        $auth = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : false;
 
         /* Double check for different auth header string (server dependent) */
         if (!$auth) {
-            $auth = isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ?  $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : false;
+            $auth = isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : false;
         }
 
         if (!$auth) {
@@ -301,22 +300,22 @@ public function validate_token($output = true)
                 return $token;
             }
             /** If the output is true return an answer to the request to show it */
-             return array(
-                 'code' => 'jwt_auth_valid_token',
-                 'data' => array(
-                     'status' => 200,
-                 ),
-             );
-         } catch (Exception $e) {
+            return array(
+                'code' => 'jwt_auth_valid_token',
+                'data' => array(
+                    'status' => 200,
+                ),
+            );
+        } catch (Exception $e) {
             /** Something is wrong trying to decode the token, send back the error */
-             return new WP_Error(
-                 'jwt_auth_invalid_token',
-                 $e->getMessage(),
-                 array(
-                     'status' => 403,
-                 )
-             );
-         }
+            return new WP_Error(
+                'jwt_auth_invalid_token',
+                $e->getMessage(),
+                array(
+                    'status' => 403,
+                )
+            );
+        }
     }
 
     /**

diff --git a/readme.txt b/readme.txt
@@ -4,9 +4,9 @@ Contributors: tmeister
 Donate link: https://enriquechavez.co
 Tags: wp-json, jwt, json web authentication, wp-api
 Requires at least: 4.2
-Tested up to: 4.8.1
+Tested up to: 5.0
 Requires PHP: 5.3.0
-Stable tag: 1.2.4
+Stable tag: 1.2.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html