Skip to content

Commit

Permalink
Merge pull request #138 from andrzejpiotrowski/gutenberg-infinite-loop
Browse files Browse the repository at this point in the history
Fix Gutenberg compat vel. infinite loop

Fix #133 
Fix #126
  • Loading branch information
Tmeister authored Mar 5, 2019
2 parents afd96f9 + 2f25794 commit a67b833
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 25 deletions.
21 changes: 1 addition & 20 deletions includes/class-jwt-auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -142,26 +142,7 @@ private function define_public_hooks()
$this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
$this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
$this->loader->add_filter('rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2);
/**
* Gutenberg fix
* Now with Gutenberg the WP API usage is masive and most of the call are in the admin.
* The JWT token should be used only when the user is not logged in, aka remote calls.
* This validation search for the WordPress logged in cookie if exists the filter on
* the determine_current_user hook is not applied.
*
* @since 1.2.5
*/
$is_user_logged_in = false;
foreach ($_COOKIE as $name => $value) {
if (strpos($name, 'wordpress_logged_in_') === 0) {
$is_user_logged_in = true;
break;
}
}
if (!$is_user_logged_in) {
$this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);

}
$this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
}

/**
Expand Down
10 changes: 5 additions & 5 deletions public/class-jwt-auth-public.php
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ public function validate_token($output = true)
if (!$auth) {
return new WP_Error(
'jwt_auth_no_auth_header',
__('Authorization header not found.', 'wp-api-jwt-auth'),
'Authorization header not found.',
array(
'status' => 403,
)
Expand All @@ -251,7 +251,7 @@ public function validate_token($output = true)
if (!$token) {
return new WP_Error(
'jwt_auth_bad_auth_header',
__('Authorization header malformed.', 'wp-api-jwt-auth'),
'Authorization header malformed.',
array(
'status' => 403,
)
Expand All @@ -263,7 +263,7 @@ public function validate_token($output = true)
if (!$secret_key) {
return new WP_Error(
'jwt_auth_bad_config',
__('JWT is not configurated properly, please contact the admin', 'wp-api-jwt-auth'),
'JWT is not configurated properly, please contact the admin',
array(
'status' => 403,
)
Expand All @@ -278,7 +278,7 @@ public function validate_token($output = true)
/** The iss do not match, return error */
return new WP_Error(
'jwt_auth_bad_iss',
__('The iss do not match with this server', 'wp-api-jwt-auth'),
'The iss do not match with this server',
array(
'status' => 403,
)
Expand All @@ -289,7 +289,7 @@ public function validate_token($output = true)
/** No user id in the token, abort!! */
return new WP_Error(
'jwt_auth_bad_request',
__('User ID not found in the token', 'wp-api-jwt-auth'),
'User ID not found in the token',
array(
'status' => 403,
)
Expand Down

0 comments on commit a67b833

Please sign in to comment.