JWT Authentication for WP REST API

Version Description

Initial Release.

Release Info

Developer	Tmeister
Plugin	JWT Authentication for WP REST API
Version	1.0.0
Comparing to
See all releases

Version 1.0.0

Files changed (36) hide show

LICENSE.txt +339 -0
README.md +330 -0
composer.json +8 -0
composer.lock +61 -0
includes/class-jwt-auth-i18n.php +59 -0
includes/class-jwt-auth-loader.php +125 -0
includes/class-jwt-auth.php +194 -0
includes/index.php +1 -0
includes/vendor/autoload.php +7 -0
includes/vendor/composer/ClassLoader.php +413 -0
includes/vendor/composer/autoload_classmap.php +9 -0
includes/vendor/composer/autoload_namespaces.php +9 -0
includes/vendor/composer/autoload_psr4.php +10 -0
includes/vendor/composer/autoload_real.php +50 -0
includes/vendor/composer/installed.json +47 -0
includes/vendor/firebase/php-jwt/.travis.yml +13 -0
includes/vendor/firebase/php-jwt/LICENSE +30 -0
includes/vendor/firebase/php-jwt/README.md +114 -0
includes/vendor/firebase/php-jwt/composer.json +27 -0
includes/vendor/firebase/php-jwt/composer.lock +19 -0
includes/vendor/firebase/php-jwt/package.xml +77 -0
includes/vendor/firebase/php-jwt/phpunit.xml.dist +19 -0
includes/vendor/firebase/php-jwt/run-tests.sh +38 -0
includes/vendor/firebase/php-jwt/src/BeforeValidException.php +7 -0
includes/vendor/firebase/php-jwt/src/ExpiredException.php +7 -0
includes/vendor/firebase/php-jwt/src/JWT.php +357 -0
includes/vendor/firebase/php-jwt/src/SignatureInvalidException.php +7 -0
includes/vendor/firebase/php-jwt/tests/JWTTest.php +264 -0
includes/vendor/firebase/php-jwt/tests/autoload.php.dist +17 -0
includes/vendor/firebase/php-jwt/tests/bootstrap.php +7 -0
index.php +1 -0
jwt-auth.php +52 -0
languages/jwt-auth.pot +0 -0
public/class-jwt-auth-public.php +314 -0
public/index.php +1 -0
readme.txt +347 -0

LICENSE.txt ADDED Viewed

	@@ -0,0 +1,339 @@


1	+ GNU GENERAL PUBLIC LICENSE
2	+ Version 2, June 1991
3	+
4	+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5	+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6	+ Everyone is permitted to copy and distribute verbatim copies
7	+ of this license document, but changing it is not allowed.
8	+
9	+ Preamble
10	+
11	+ The licenses for most software are designed to take away your
12	+ freedom to share and change it. By contrast, the GNU General Public
13	+ License is intended to guarantee your freedom to share and change free
14	+ software--to make sure the software is free for all its users. This
15	+ General Public License applies to most of the Free Software
16	+ Foundation's software and to any other program whose authors commit to
17	+ using it. (Some other Free Software Foundation software is covered by
18	+ the GNU Lesser General Public License instead.) You can apply it to
19	+ your programs, too.
20	+
21	+ When we speak of free software, we are referring to freedom, not
22	+ price. Our General Public Licenses are designed to make sure that you
23	+ have the freedom to distribute copies of free software (and charge for
24	+ this service if you wish), that you receive source code or can get it
25	+ if you want it, that you can change the software or use pieces of it
26	+ in new free programs; and that you know you can do these things.
27	+
28	+ To protect your rights, we need to make restrictions that forbid
29	+ anyone to deny you these rights or to ask you to surrender the rights.
30	+ These restrictions translate to certain responsibilities for you if you
31	+ distribute copies of the software, or if you modify it.
32	+
33	+ For example, if you distribute copies of such a program, whether
34	+ gratis or for a fee, you must give the recipients all the rights that
35	+ you have. You must make sure that they, too, receive or can get the
36	+ source code. And you must show them these terms so they know their
37	+ rights.
38	+
39	+ We protect your rights with two steps: (1) copyright the software, and
40	+ (2) offer you this license which gives you legal permission to copy,
41	+ distribute and/or modify the software.
42	+
43	+ Also, for each author's protection and ours, we want to make certain
44	+ that everyone understands that there is no warranty for this free
45	+ software. If the software is modified by someone else and passed on, we
46	+ want its recipients to know that what they have is not the original, so
47	+ that any problems introduced by others will not reflect on the original
48	+ authors' reputations.
49	+
50	+ Finally, any free program is threatened constantly by software
51	+ patents. We wish to avoid the danger that redistributors of a free
52	+ program will individually obtain patent licenses, in effect making the
53	+ program proprietary. To prevent this, we have made it clear that any
54	+ patent must be licensed for everyone's free use or not licensed at all.
55	+
56	+ The precise terms and conditions for copying, distribution and
57	+ modification follow.
58	+
59	+ GNU GENERAL PUBLIC LICENSE
60	+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61	+
62	+ 0. This License applies to any program or other work which contains
63	+ a notice placed by the copyright holder saying it may be distributed
64	+ under the terms of this General Public License. The "Program", below,
65	+ refers to any such program or work, and a "work based on the Program"
66	+ means either the Program or any derivative work under copyright law:
67	+ that is to say, a work containing the Program or a portion of it,
68	+ either verbatim or with modifications and/or translated into another
69	+ language. (Hereinafter, translation is included without limitation in
70	+ the term "modification".) Each licensee is addressed as "you".
71	+
72	+ Activities other than copying, distribution and modification are not
73	+ covered by this License; they are outside its scope. The act of
74	+ running the Program is not restricted, and the output from the Program
75	+ is covered only if its contents constitute a work based on the
76	+ Program (independent of having been made by running the Program).
77	+ Whether that is true depends on what the Program does.
78	+
79	+ 1. You may copy and distribute verbatim copies of the Program's
80	+ source code as you receive it, in any medium, provided that you
81	+ conspicuously and appropriately publish on each copy an appropriate
82	+ copyright notice and disclaimer of warranty; keep intact all the
83	+ notices that refer to this License and to the absence of any warranty;
84	+ and give any other recipients of the Program a copy of this License
85	+ along with the Program.
86	+
87	+ You may charge a fee for the physical act of transferring a copy, and
88	+ you may at your option offer warranty protection in exchange for a fee.
89	+
90	+ 2. You may modify your copy or copies of the Program or any portion
91	+ of it, thus forming a work based on the Program, and copy and
92	+ distribute such modifications or work under the terms of Section 1
93	+ above, provided that you also meet all of these conditions:
94	+
95	+ a) You must cause the modified files to carry prominent notices
96	+ stating that you changed the files and the date of any change.
97	+
98	+ b) You must cause any work that you distribute or publish, that in
99	+ whole or in part contains or is derived from the Program or any
100	+ part thereof, to be licensed as a whole at no charge to all third
101	+ parties under the terms of this License.
102	+
103	+ c) If the modified program normally reads commands interactively
104	+ when run, you must cause it, when started running for such
105	+ interactive use in the most ordinary way, to print or display an
106	+ announcement including an appropriate copyright notice and a
107	+ notice that there is no warranty (or else, saying that you provide
108	+ a warranty) and that users may redistribute the program under
109	+ these conditions, and telling the user how to view a copy of this
110	+ License. (Exception: if the Program itself is interactive but
111	+ does not normally print such an announcement, your work based on
112	+ the Program is not required to print an announcement.)
113	+
114	+ These requirements apply to the modified work as a whole. If
115	+ identifiable sections of that work are not derived from the Program,
116	+ and can be reasonably considered independent and separate works in
117	+ themselves, then this License, and its terms, do not apply to those
118	+ sections when you distribute them as separate works. But when you
119	+ distribute the same sections as part of a whole which is a work based
120	+ on the Program, the distribution of the whole must be on the terms of
121	+ this License, whose permissions for other licensees extend to the
122	+ entire whole, and thus to each and every part regardless of who wrote it.
123	+
124	+ Thus, it is not the intent of this section to claim rights or contest
125	+ your rights to work written entirely by you; rather, the intent is to
126	+ exercise the right to control the distribution of derivative or
127	+ collective works based on the Program.
128	+
129	+ In addition, mere aggregation of another work not based on the Program
130	+ with the Program (or with a work based on the Program) on a volume of
131	+ a storage or distribution medium does not bring the other work under
132	+ the scope of this License.
133	+
134	+ 3. You may copy and distribute the Program (or a work based on it,
135	+ under Section 2) in object code or executable form under the terms of
136	+ Sections 1 and 2 above provided that you also do one of the following:
137	+
138	+ a) Accompany it with the complete corresponding machine-readable
139	+ source code, which must be distributed under the terms of Sections
140	+ 1 and 2 above on a medium customarily used for software interchange; or,
141	+
142	+ b) Accompany it with a written offer, valid for at least three
143	+ years, to give any third party, for a charge no more than your
144	+ cost of physically performing source distribution, a complete
145	+ machine-readable copy of the corresponding source code, to be
146	+ distributed under the terms of Sections 1 and 2 above on a medium
147	+ customarily used for software interchange; or,
148	+
149	+ c) Accompany it with the information you received as to the offer
150	+ to distribute corresponding source code. (This alternative is
151	+ allowed only for noncommercial distribution and only if you
152	+ received the program in object code or executable form with such
153	+ an offer, in accord with Subsection b above.)
154	+
155	+ The source code for a work means the preferred form of the work for
156	+ making modifications to it. For an executable work, complete source
157	+ code means all the source code for all modules it contains, plus any
158	+ associated interface definition files, plus the scripts used to
159	+ control compilation and installation of the executable. However, as a
160	+ special exception, the source code distributed need not include
161	+ anything that is normally distributed (in either source or binary
162	+ form) with the major components (compiler, kernel, and so on) of the
163	+ operating system on which the executable runs, unless that component
164	+ itself accompanies the executable.
165	+
166	+ If distribution of executable or object code is made by offering
167	+ access to copy from a designated place, then offering equivalent
168	+ access to copy the source code from the same place counts as
169	+ distribution of the source code, even though third parties are not
170	+ compelled to copy the source along with the object code.
171	+
172	+ 4. You may not copy, modify, sublicense, or distribute the Program
173	+ except as expressly provided under this License. Any attempt
174	+ otherwise to copy, modify, sublicense or distribute the Program is
175	+ void, and will automatically terminate your rights under this License.
176	+ However, parties who have received copies, or rights, from you under
177	+ this License will not have their licenses terminated so long as such
178	+ parties remain in full compliance.
179	+
180	+ 5. You are not required to accept this License, since you have not
181	+ signed it. However, nothing else grants you permission to modify or
182	+ distribute the Program or its derivative works. These actions are
183	+ prohibited by law if you do not accept this License. Therefore, by
184	+ modifying or distributing the Program (or any work based on the
185	+ Program), you indicate your acceptance of this License to do so, and
186	+ all its terms and conditions for copying, distributing or modifying
187	+ the Program or works based on it.
188	+
189	+ 6. Each time you redistribute the Program (or any work based on the
190	+ Program), the recipient automatically receives a license from the
191	+ original licensor to copy, distribute or modify the Program subject to
192	+ these terms and conditions. You may not impose any further
193	+ restrictions on the recipients' exercise of the rights granted herein.
194	+ You are not responsible for enforcing compliance by third parties to
195	+ this License.
196	+
197	+ 7. If, as a consequence of a court judgment or allegation of patent
198	+ infringement or for any other reason (not limited to patent issues),
199	+ conditions are imposed on you (whether by court order, agreement or
200	+ otherwise) that contradict the conditions of this License, they do not
201	+ excuse you from the conditions of this License. If you cannot
202	+ distribute so as to satisfy simultaneously your obligations under this
203	+ License and any other pertinent obligations, then as a consequence you
204	+ may not distribute the Program at all. For example, if a patent
205	+ license would not permit royalty-free redistribution of the Program by
206	+ all those who receive copies directly or indirectly through you, then
207	+ the only way you could satisfy both it and this License would be to
208	+ refrain entirely from distribution of the Program.
209	+
210	+ If any portion of this section is held invalid or unenforceable under
211	+ any particular circumstance, the balance of the section is intended to
212	+ apply and the section as a whole is intended to apply in other
213	+ circumstances.
214	+
215	+ It is not the purpose of this section to induce you to infringe any
216	+ patents or other property right claims or to contest validity of any
217	+ such claims; this section has the sole purpose of protecting the
218	+ integrity of the free software distribution system, which is
219	+ implemented by public license practices. Many people have made
220	+ generous contributions to the wide range of software distributed
221	+ through that system in reliance on consistent application of that
222	+ system; it is up to the author/donor to decide if he or she is willing
223	+ to distribute software through any other system and a licensee cannot
224	+ impose that choice.
225	+
226	+ This section is intended to make thoroughly clear what is believed to
227	+ be a consequence of the rest of this License.
228	+
229	+ 8. If the distribution and/or use of the Program is restricted in
230	+ certain countries either by patents or by copyrighted interfaces, the
231	+ original copyright holder who places the Program under this License
232	+ may add an explicit geographical distribution limitation excluding
233	+ those countries, so that distribution is permitted only in or among
234	+ countries not thus excluded. In such case, this License incorporates
235	+ the limitation as if written in the body of this License.
236	+
237	+ 9. The Free Software Foundation may publish revised and/or new versions
238	+ of the General Public License from time to time. Such new versions will
239	+ be similar in spirit to the present version, but may differ in detail to
240	+ address new problems or concerns.
241	+
242	+ Each version is given a distinguishing version number. If the Program
243	+ specifies a version number of this License which applies to it and "any
244	+ later version", you have the option of following the terms and conditions
245	+ either of that version or of any later version published by the Free
246	+ Software Foundation. If the Program does not specify a version number of
247	+ this License, you may choose any version ever published by the Free Software
248	+ Foundation.
249	+
250	+ 10. If you wish to incorporate parts of the Program into other free
251	+ programs whose distribution conditions are different, write to the author
252	+ to ask for permission. For software which is copyrighted by the Free
253	+ Software Foundation, write to the Free Software Foundation; we sometimes
254	+ make exceptions for this. Our decision will be guided by the two goals
255	+ of preserving the free status of all derivatives of our free software and
256	+ of promoting the sharing and reuse of software generally.
257	+
258	+ NO WARRANTY
259	+
260	+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261	+ FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262	+ OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263	+ PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264	+ OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265	+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266	+ TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267	+ PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268	+ REPAIR OR CORRECTION.
269	+
270	+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271	+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272	+ REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273	+ INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274	+ OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275	+ TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276	+ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277	+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278	+ POSSIBILITY OF SUCH DAMAGES.
279	+
280	+ END OF TERMS AND CONDITIONS
281	+
282	+ How to Apply These Terms to Your New Programs
283	+
284	+ If you develop a new program, and you want it to be of the greatest
285	+ possible use to the public, the best way to achieve this is to make it
286	+ free software which everyone can redistribute and change under these terms.
287	+
288	+ To do so, attach the following notices to the program. It is safest
289	+ to attach them to the start of each source file to most effectively
290	+ convey the exclusion of warranty; and each file should have at least
291	+ the "copyright" line and a pointer to where the full notice is found.
292	+
293	+ <one line to give the program's name and a brief idea of what it does.>
294	+ Copyright (C) <year> <name of author>
295	+
296	+ This program is free software; you can redistribute it and/or modify
297	+ it under the terms of the GNU General Public License as published by
298	+ the Free Software Foundation; either version 2 of the License, or
299	+ (at your option) any later version.
300	+
301	+ This program is distributed in the hope that it will be useful,
302	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
303	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304	+ GNU General Public License for more details.
305	+
306	+ You should have received a copy of the GNU General Public License along
307	+ with this program; if not, write to the Free Software Foundation, Inc.,
308	+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309	+
310	+ Also add information on how to contact you by electronic and paper mail.
311	+
312	+ If the program is interactive, make it output a short notice like this
313	+ when it starts in an interactive mode:
314	+
315	+ Gnomovision version 69, Copyright (C) year name of author
316	+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317	+ This is free software, and you are welcome to redistribute it
318	+ under certain conditions; type `show c' for details.
319	+
320	+ The hypothetical commands `show w' and `show c' should show the appropriate
321	+ parts of the General Public License. Of course, the commands you use may
322	+ be called something other than `show w' and `show c'; they could even be
323	+ mouse-clicks or menu items--whatever suits your program.
324	+
325	+ You should also get your employer (if you work as a programmer) or your
326	+ school, if any, to sign a "copyright disclaimer" for the program, if
327	+ necessary. Here is a sample; alter the names:
328	+
329	+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330	+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
331	+
332	+ <signature of Ty Coon>, 1 April 1989
333	+ Ty Coon, President of Vice
334	+
335	+ This General Public License does not permit incorporating your program into
336	+ proprietary programs. If your program is a subroutine library, you may
337	+ consider it more useful to permit linking proprietary applications with the
338	+ library. If this is what you want to do, use the GNU Lesser General
339	+ Public License instead of this License.

README.md ADDED Viewed

	@@ -0,0 +1,330 @@


1	+ # JWT Authentication for the WP REST API
2	+
3	+ A simple plugin to add [JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519) Authentication to WP REST API.
4	+
5	+ To know more about the JSON Web Tokens, please visit [http://jwt.io](http://jwt.io).
6	+
7	+ ## Requirements
8	+
9	+ ### WP REST API V2
10	+
11	+ This plugin was conceived to extend the [WP REST API V2](https://github.com/WP-API/WP-API) plugin features and, of course, was built on top of it.
12	+
13	+ So, to use the wp-api-jwt-auth you need to install and activate [WP REST API](https://github.com/WP-API/WP-API).
14	+
15	+ ### PHP
16	+
17	+ Minimum PHP version: 5.3.0
18	+
19	+ ### PHP HTTP Authorization Header enable
20	+
21	+ #### Shared Hostings
22	+
23	+ Most of the shared hosting has disabled the HTTP Authorization Header by default.
24	+
25	+ To enable this option you'll need to edit your .htaccess file adding the follow
26	+
27	+ ```
28	+ RewriteEngine on
29	+ RewriteCond %{HTTP:Authorization} ^(.*)
30	+ RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
31	+ ```
32	+
33	+ #### WPEngine
34	+
35	+ To enable this option you'll need to edit your .htaccess file adding the follow
36	+
37	+ See https://github.com/Tmeister/wp-api-jwt-auth/issues/1
38	+
39	+ ```
40	+ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
41	+ ```
42	+
43	+ ## Installation & Configuration
44	+
45	+ [Download the zip file](https://github.com/Tmeister/wp-api-jwt-auth/archive/master.zip) and install it as any other WordPress plugin.
46	+
47	+ Or clone this repo into your WordPress installation under the wp-content/plugins folder.
48	+
49	+ ### Configurate the Secret Key
50	+
51	+ The JWT needs a secret key to sign the token this secret key must be unique and never revealed.
52	+
53	+ To add the secret key edit your wp-config.php file and add a new constant called JWT_AUTH_SECRET_KEY
54	+
55	+
56	+ ```php
57	+ define('JWT_AUTH_SECRET_KEY', 'your-top-secrect-key');
58	+ ```
59	+
60	+ You can use a string from here https://api.wordpress.org/secret-key/1.1/salt/
61	+
62	+ ### Configurate CORs Support
63	+
64	+ The wp-api-jwt-auth plugin has the option to activate [CORs](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) support.
65	+
66	+ To enable the CORs Support edit your wp-config.php file and add a new constant called JWT_AUTH_CORS_ENABLE
67	+
68	+
69	+ ```php
70	+ define('JWT_AUTH_CORS_ENABLE', true);
71	+ ```
72	+
73	+
74	+ Finally activate the plugin within your wp-admin.
75	+
76	+ ## Namespace and Endpoints
77	+
78	+ When the plugin is activated, a new namespace is added
79	+
80	+
81	+ ```
82	+ /jwt-auth/v1
83	+ ```
84	+
85	+
86	+ Also, two new endpoints are added to this namespace
87	+
88	+
89	+ Endpoint \| HTTP Verb
90	+ --- \| ---
91	+ /wp-json/jwt-auth/v1/token \| POST
92	+ /wp-json/jwt-auth/v1/token/validate \| POST
93	+
94	+ ##Usage
95	+ ### /wp-json/jwt-auth/v1/token
96	+
97	+ This is the entry point for the JWT Authentication.
98	+
99	+ Validates the user credentials, username and password, and returns a token to use in a future request to the API if the authentication is correct or error if the authentication fails.
100	+
101	+ ####Sample request using AngularJS
102	+
103	+ ```javascript
104	+
105	+ ( function() {
106	+ var app = angular.module( 'jwtAuth', [] );
107	+
108	+ app.controller( 'MainController', function( $scope, $http ) {
109	+
110	+ var apiHost = 'http://yourdomain.com/wp-json';
111	+
112	+ $http.post( apiHost + '/jwt-auth/v1/token', {
113	+ username: 'admin',
114	+ password: 'password'
115	+ } )
116	+
117	+ .then( function( response ) {
118	+ console.log( response.data )
119	+ } )
120	+
121	+ .catch( function( error ) {
122	+ console.error( 'Error', error.data[0] );
123	+ } );
124	+
125	+ } );
126	+
127	+ } )();
128	+
129	+
130	+ ```
131	+
132	+ Success response from the server
133	+
134	+ ```json
135	+ {
136	+ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8",
137	+ "user_display_name": "admin",
138	+ "user_email": "admin@localhost.dev",
139	+ "user_nicename": "admin"
140	+ }
141	+ ```
142	+
143	+ Error response from the server
144	+
145	+ ```json
146	+ {
147	+ "code": "jwt_auth_failed",
148	+ "data": {
149	+ "status": 403
150	+ },
151	+ "message": "Invalid Credentials."
152	+ }
153	+ ```
154	+
155	+ Once you get the token, you must store it somewhere in your application, ex. in a cookie or using localstorage.
156	+
157	+ From this point, you should pass this token to every API call
158	+
159	+ Sample call using the Authorization header using AngularJS
160	+
161	+ ```javascript
162	+ app.config( function( $httpProvider ) {
163	+ $httpProvider.interceptors.push( [ '$q', '$location', '$cookies', function( $q, $location, $cookies ) {
164	+ return {
165	+ 'request': function( config ) {
166	+ config.headers = config.headers \|\| {};
167	+ //Assume that you store the token in a cookie.
168	+ var globals = $cookies.getObject( 'globals' ) \|\| {};
169	+ //If the cookie has the CurrentUser and the token
170	+ //add the Authorization header in each request
171	+ if ( globals.currentUser && globals.currentUser.token ) {
172	+ config.headers.Authorization = 'Bearer ' + globals.currentUser.token;
173	+ }
174	+ return config;
175	+ }
176	+ };
177	+ } ] );
178	+ } );
179	+ ```
180	+
181	+ The wp-api-jwt-auth will intercept every call to the server and will look for the Authorization Header, if the Authorization header is present will try to decode the token and will set the user according with the data stored in it.
182	+
183	+ If the token is valid, the API call flow will continue as always.
184	+
185	+ Sample Headers
186	+
187	+ ```
188	+ POST /resource HTTP/1.1
189	+ Host: server.example.com
190	+ Authorization: Bearer mF_s9.B5f-4.1JqM
191	+ ```
192	+
193	+ ###Errors
194	+
195	+ If the token is invalid an error will be returned, here are some samples of errors.
196	+
197	+ Invalid Credentials
198	+
199	+ ```json
200	+ [
201	+ {
202	+ "code": "jwt_auth_failed",
203	+ "message": "Invalid Credentials.",
204	+ "data": {
205	+ "status": 403
206	+ }
207	+ }
208	+ ]
209	+ ```
210	+
211	+ Invalid Signature
212	+
213	+ ```json
214	+ [
215	+ {
216	+ "code": "jwt_auth_invalid_token",
217	+ "message": "Signature verification failed",
218	+ "data": {
219	+ "status": 403
220	+ }
221	+ }
222	+ ]
223	+ ```
224	+
225	+ Expired Token
226	+
227	+ ```json
228	+ [
229	+ {
230	+ "code": "jwt_auth_invalid_token",
231	+ "message": "Expired token",
232	+ "data": {
233	+ "status": 403
234	+ }
235	+ }
236	+ ]
237	+ ```
238	+
239	+ ### /wp-json/jwt-auth/v1/token/validate
240	+
241	+ This is a simple helper endpoint to validate a token; you only will need to make a POST request sending the Authorization header.
242	+
243	+ Valid Token Response
244	+
245	+ ```json
246	+ {
247	+ "code": "jwt_auth_valid_token",
248	+ "data": {
249	+ "status": 200
250	+ }
251	+ }
252	+ ```
253	+
254	+ ##Available Hooks
255	+
256	+ The wp-api-jwt-auth is dev friendly and has five filters available to override the default settings.
257	+
258	+ ####jwt_auth_cors_allow_headers
259	+
260	+ The jwt_auth_cors_allow_headers allows you to modify the available headers when the CORs support is enabled.
261	+
262	+ Default Value:
263	+
264	+ ```
265	+ 'Access-Control-Allow-Headers, Content-Type, Authorization'
266	+ ```
267	+
268	+ ###jwt_auth_not_before
269	+
270	+ The jwt_auth_not_before allows you to change the [nbf](https://tools.ietf.org/html/rfc7519#section-4.1.5) value before the token is created.
271	+
272	+ Default Value:
273	+
274	+ ```
275	+ Creation time - time()
276	+ ```
277	+
278	+ ###jwt_auth_expire
279	+
280	+ The jwt_auth_expire allows you to change the value [exp](https://tools.ietf.org/html/rfc7519#section-4.1.4) before the token is created.
281	+
282	+ Default Value:
283	+
284	+ ```
285	+ time() + (DAY_IN_SECONDS * 7)
286	+ ```
287	+
288	+ ###jwt_auth_token_before_sign
289	+
290	+ The jwt_auth_token_before_sign allows you to modify all the token data before to be encoded and signed.
291	+
292	+ Default Value
293	+
294	+ ```php
295	+ <?php
296	+ $token = array(
297	+ 'iss' => get_bloginfo('url'),
298	+ 'iat' => $issuedAt,
299	+ 'nbf' => $notBefore,
300	+ 'exp' => $expire,
301	+ 'data' => array(
302	+ 'user' => array(
303	+ 'id' => $user->data->ID,
304	+ )
305	+ )
306	+ );
307	+ ```
308	+
309	+ ###jwt_auth_token_before_dispatch
310	+ The jwt_auth_token_before_dispatch allows you to modify all the response array before to dispatch it to the client.
311	+
312	+ Default Value:
313	+
314	+ ```php
315	+ <?php
316	+ $data = array(
317	+ 'token' => $token,
318	+ 'user_email' => $user->data->user_email,
319	+ 'user_nicename' => $user->data->user_nicename,
320	+ 'user_display_name' => $user->data->display_name,
321	+ );
322	+ ```
323	+
324	+ ##Credits
325	+ [WP REST API V2](http://v2.wp-api.org/)
326	+
327	+ [PHP-JWT from firebase](https://github.com/firebase/php-jwt)
328	+
329	+ ##Licence
330	+ [GPLv2](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)

composer.json ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ {
2	+ "config": {
3	+ "vendor-dir": "includes/vendor"
4	+ },
5	+ "require": {
6	+ "firebase/php-jwt": "^3.0"
7	+ }
8	+ }

composer.lock ADDED Viewed

	@@ -0,0 +1,61 @@


1	+ {
2	+ "_readme": [
3	+ "This file locks the dependencies of your project to a known state",
4	+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
5	+ "This file is @generated automatically"
6	+ ],
7	+ "hash": "ed805bddf241eb374d3684456d1182bf",
8	+ "packages": [
9	+ {
10	+ "name": "firebase/php-jwt",
11	+ "version": "v3.0.0",
12	+ "source": {
13	+ "type": "git",
14	+ "url": "https://github.com/firebase/php-jwt.git",
15	+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
16	+ },
17	+ "dist": {
18	+ "type": "zip",
19	+ "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
20	+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
21	+ "shasum": ""
22	+ },
23	+ "require": {
24	+ "php": ">=5.3.0"
25	+ },
26	+ "type": "library",
27	+ "autoload": {
28	+ "psr-4": {
29	+ "Firebase\\JWT\\": "src"
30	+ }
31	+ },
32	+ "notification-url": "https://packagist.org/downloads/",
33	+ "license": [
34	+ "BSD-3-Clause"
35	+ ],
36	+ "authors": [
37	+ {
38	+ "name": "Neuman Vong",
39	+ "email": "neuman+pear@twilio.com",
40	+ "role": "Developer"
41	+ },
42	+ {
43	+ "name": "Anant Narayanan",
44	+ "email": "anant@php.net",
45	+ "role": "Developer"
46	+ }
47	+ ],
48	+ "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
49	+ "homepage": "https://github.com/firebase/php-jwt",
50	+ "time": "2015-07-22 18:31:08"
51	+ }
52	+ ],
53	+ "packages-dev": [],
54	+ "aliases": [],
55	+ "minimum-stability": "stable",
56	+ "stability-flags": [],
57	+ "prefer-stable": false,
58	+ "prefer-lowest": false,
59	+ "platform": [],
60	+ "platform-dev": []
61	+ }

includes/class-jwt-auth-i18n.php ADDED Viewed

	@@ -0,0 +1,59 @@


1	+ <?php
2	+
3	+ /**
4	+ * Define the internationalization functionality.
5	+ *
6	+ * Loads and defines the internationalization files for this plugin
7	+ * so that it is ready for translation.
8	+ *
9	+ * @link https://enriquechavez.co
10	+ * @since 1.0.0
11	+ */
12	+
13	+ /**
14	+ * Define the internationalization functionality.
15	+ *
16	+ * Loads and defines the internationalization files for this plugin
17	+ * so that it is ready for translation.
18	+ *
19	+ * @since 1.0.0
20	+ *
21	+ * @author Enrique Chavez <noone@tmeister.net>
22	+ */
23	+ class Jwt_Auth_i18n
24	+ {
25	+ /**
26	+ * The domain specified for this plugin.
27	+ *
28	+ * @since 1.0.0
29	+ *
30	+ * @var string The domain identifier for this plugin.
31	+ */
32	+ private $domain;
33	+
34	+ /**
35	+ * Load the plugin text domain for translation.
36	+ *
37	+ * @since 1.0.0
38	+ */
39	+ public function load_plugin_textdomain()
40	+ {
41	+ load_plugin_textdomain(
42	+ $this->domain,
43	+ false,
44	+ dirname(dirname(plugin_basename(__FILE__))).'/languages/'
45	+ );
46	+ }
47	+
48	+ /**
49	+ * Set the domain equal to that of the specified domain.
50	+ *
51	+ * @since 1.0.0
52	+ *
53	+ * @param string $domain The domain that represents the locale of this plugin.
54	+ */
55	+ public function set_domain($domain)
56	+ {
57	+ $this->domain = $domain;
58	+ }
59	+ }

includes/class-jwt-auth-loader.php ADDED Viewed

	@@ -0,0 +1,125 @@


1	+ <?php
2	+
3	+ /**
4	+ * Register all actions and filters for the plugin.
5	+ *
6	+ * @link https://enriquechavez.co
7	+ * @since 1.0.0
8	+ */
9	+
10	+ /**
11	+ * Register all actions and filters for the plugin.
12	+ *
13	+ * Maintain a list of all hooks that are registered throughout
14	+ * the plugin, and register them with the WordPress API. Call the
15	+ * run function to execute the list of actions and filters.
16	+ *
17	+ * @author Enrique Chavez <noone@tmeister.net>
18	+ */
19	+ class Jwt_Auth_Loader
20	+ {
21	+ /**
22	+ * The array of actions registered with WordPress.
23	+ *
24	+ * @since 1.0.0
25	+ *
26	+ * @var array The actions registered with WordPress to fire when the plugin loads.
27	+ */
28	+ protected $actions;
29	+
30	+ /**
31	+ * The array of filters registered with WordPress.
32	+ *
33	+ * @since 1.0.0
34	+ *
35	+ * @var array The filters registered with WordPress to fire when the plugin loads.
36	+ */
37	+ protected $filters;
38	+
39	+ /**
40	+ * Initialize the collections used to maintain the actions and filters.
41	+ *
42	+ * @since 1.0.0
43	+ */
44	+ public function __construct()
45	+ {
46	+ $this->actions = array();
47	+ $this->filters = array();
48	+ }
49	+
50	+ /**
51	+ * Add a new action to the collection to be registered with WordPress.
52	+ *
53	+ * @since 1.0.0
54	+ *
55	+ * @param string $hook The name of the WordPress action that is being registered.
56	+ * @param object $component A reference to the instance of the object on which the action is defined.
57	+ * @param string $callback The name of the function definition on the $component.
58	+ * @param int Optional $priority The priority at which the function should be fired.
59	+ * @param int Optional $accepted_args The number of arguments that should be passed to the $callback.
60	+ */
61	+ public function add_action($hook, $component, $callback, $priority = 10, $accepted_args = 1)
62	+ {
63	+ $this->actions = $this->add($this->actions, $hook, $component, $callback, $priority, $accepted_args);
64	+ }
65	+
66	+ /**
67	+ * Add a new filter to the collection to be registered with WordPress.
68	+ *
69	+ * @since 1.0.0
70	+ *
71	+ * @param string $hook The name of the WordPress filter that is being registered.
72	+ * @param object $component A reference to the instance of the object on which the filter is defined.
73	+ * @param string $callback The name of the function definition on the $component.
74	+ * @param int Optional $priority The priority at which the function should be fired.
75	+ * @param int Optional $accepted_args The number of arguments that should be passed to the $callback.
76	+ */
77	+ public function add_filter($hook, $component, $callback, $priority = 10, $accepted_args = 1)
78	+ {
79	+ $this->filters = $this->add($this->filters, $hook, $component, $callback, $priority, $accepted_args);
80	+ }
81	+
82	+ /**
83	+ * A utility function that is used to register the actions and hooks into a single
84	+ * collection.
85	+ *
86	+ * @since 1.0.0
87	+ *
88	+ * @param array $hooks The collection of hooks that is being registered (that is, actions or filters).
89	+ * @param string $hook The name of the WordPress filter that is being registered.
90	+ * @param object $component A reference to the instance of the object on which the filter is defined.
91	+ * @param string $callback The name of the function definition on the $component.
92	+ * @param int Optional $priority The priority at which the function should be fired.
93	+ * @param int Optional $accepted_args The number of arguments that should be passed to the $callback.
94	+ *
95	+ * @return type The collection of actions and filters registered with WordPress.
96	+ */
97	+ private function add($hooks, $hook, $component, $callback, $priority, $accepted_args)
98	+ {
99	+ $hooks[] = array(
100	+ 'hook' => $hook,
101	+ 'component' => $component,
102	+ 'callback' => $callback,
103	+ 'priority' => $priority,
104	+ 'accepted_args' => $accepted_args,
105	+ );
106	+
107	+ return $hooks;
108	+ }
109	+
110	+ /**
111	+ * Register the filters and actions with WordPress.
112	+ *
113	+ * @since 1.0.0
114	+ */
115	+ public function run()
116	+ {
117	+ foreach ($this->filters as $hook) {
118	+ add_filter($hook['hook'], array($hook['component'], $hook['callback']), $hook['priority'], $hook['accepted_args']);
119	+ }
120	+
121	+ foreach ($this->actions as $hook) {
122	+ add_action($hook['hook'], array($hook['component'], $hook['callback']), $hook['priority'], $hook['accepted_args']);
123	+ }
124	+ }
125	+ }

includes/class-jwt-auth.php ADDED Viewed

	@@ -0,0 +1,194 @@


1	+ <?php
2	+
3	+ /**
4	+ * The file that defines the core plugin class.
5	+ *
6	+ * A class definition that includes attributes and functions used across both the
7	+ * public-facing side of the site and the admin area.
8	+ *
9	+ * @link https://enriquechavez.co
10	+ * @since 1.0.0
11	+ */
12	+
13	+ /**
14	+ * The core plugin class.
15	+ *
16	+ * This is used to define internationalization, admin-specific hooks, and
17	+ * public-facing site hooks.
18	+ *
19	+ * Also maintains the unique identifier of this plugin as well as the current
20	+ * version of the plugin.
21	+ *
22	+ * @since 1.0.0
23	+ *
24	+ * @author Enrique Chavez <noone@tmeister.net>
25	+ */
26	+ class Jwt_Auth
27	+ {
28	+ /**
29	+ * The loader that's responsible for maintaining and registering all hooks that power
30	+ * the plugin.
31	+ *
32	+ * @since 1.0.0
33	+ *
34	+ * @var Jwt_Auth_Loader Maintains and registers all hooks for the plugin.
35	+ */
36	+ protected $loader;
37	+
38	+ /**
39	+ * The unique identifier of this plugin.
40	+ *
41	+ * @since 1.0.0
42	+ *
43	+ * @var string The string used to uniquely identify this plugin.
44	+ */
45	+ protected $plugin_name;
46	+
47	+ /**
48	+ * The current version of the plugin.
49	+ *
50	+ * @since 1.0.0
51	+ *
52	+ * @var string The current version of the plugin.
53	+ */
54	+ protected $version;
55	+
56	+ /**
57	+ * Define the core functionality of the plugin.
58	+ *
59	+ * Set the plugin name and the plugin version that can be used throughout the plugin.
60	+ * Load the dependencies, define the locale, and set the hooks for the admin area and
61	+ * the public-facing side of the site.
62	+ *
63	+ * @since 1.0.0
64	+ */
65	+ public function __construct()
66	+ {
67	+ $this->plugin_name = 'jwt-auth';
68	+ $this->version = '1.0.0';
69	+
70	+ $this->load_dependencies();
71	+ $this->set_locale();
72	+ $this->define_public_hooks();
73	+ }
74	+
75	+ /**
76	+ * Load the required dependencies for this plugin.
77	+ *
78	+ * Include the following files that make up the plugin:
79	+ *
80	+ * - Jwt_Auth_Loader. Orchestrates the hooks of the plugin.
81	+ * - Jwt_Auth_i18n. Defines internationalization functionality.
82	+ * - Jwt_Auth_Admin. Defines all hooks for the admin area.
83	+ * - Jwt_Auth_Public. Defines all hooks for the public side of the site.
84	+ *
85	+ * Create an instance of the loader which will be used to register the hooks
86	+ * with WordPress.
87	+ *
88	+ * @since 1.0.0
89	+ */
90	+ private function load_dependencies()
91	+ {
92	+
93	+ /**
94	+ * Load dependecies managed by composer.
95	+ */
96	+ require_once plugin_dir_path(dirname(__FILE__)).'includes/vendor/autoload.php';
97	+
98	+ /**
99	+ * The class responsible for orchestrating the actions and filters of the
100	+ * core plugin.
101	+ */
102	+ require_once plugin_dir_path(dirname(__FILE__)).'includes/class-jwt-auth-loader.php';
103	+
104	+ /**
105	+ * The class responsible for defining internationalization functionality
106	+ * of the plugin.
107	+ */
108	+ require_once plugin_dir_path(dirname(__FILE__)).'includes/class-jwt-auth-i18n.php';
109	+
110	+ /**
111	+ * The class responsible for defining all actions that occur in the public-facing
112	+ * side of the site.
113	+ */
114	+ require_once plugin_dir_path(dirname(__FILE__)).'public/class-jwt-auth-public.php';
115	+
116	+ $this->loader = new Jwt_Auth_Loader();
117	+ }
118	+
119	+ /**
120	+ * Define the locale for this plugin for internationalization.
121	+ *
122	+ * Uses the Jwt_Auth_i18n class in order to set the domain and to register the hook
123	+ * with WordPress.
124	+ *
125	+ * @since 1.0.0
126	+ */
127	+ private function set_locale()
128	+ {
129	+ $plugin_i18n = new Jwt_Auth_i18n();
130	+ $plugin_i18n->set_domain($this->get_plugin_name());
131	+ $this->loader->add_action('plugins_loaded', $plugin_i18n, 'load_plugin_textdomain');
132	+ }
133	+ /**
134	+ * Register all of the hooks related to the public-facing functionality
135	+ * of the plugin.
136	+ *
137	+ * @since 1.0.0
138	+ */
139	+ private function define_public_hooks()
140	+ {
141	+ $plugin_public = new Jwt_Auth_Public($this->get_plugin_name(), $this->get_version());
142	+ $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
143	+ $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
144	+ $this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 99);
145	+ $this->loader->add_filter( 'rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2 );
146	+ }
147	+
148	+ /**
149	+ * Run the loader to execute all of the hooks with WordPress.
150	+ *
151	+ * @since 1.0.0
152	+ */
153	+ public function run()
154	+ {
155	+ $this->loader->run();
156	+ }
157	+
158	+ /**
159	+ * The name of the plugin used to uniquely identify it within the context of
160	+ * WordPress and to define internationalization functionality.
161	+ *
162	+ * @since 1.0.0
163	+ *
164	+ * @return string The name of the plugin.
165	+ */
166	+ public function get_plugin_name()
167	+ {
168	+ return $this->plugin_name;
169	+ }
170	+
171	+ /**
172	+ * The reference to the class that orchestrates the hooks with the plugin.
173	+ *
174	+ * @since 1.0.0
175	+ *
176	+ * @return Jwt_Auth_Loader Orchestrates the hooks of the plugin.
177	+ */
178	+ public function get_loader()
179	+ {
180	+ return $this->loader;
181	+ }
182	+
183	+ /**
184	+ * Retrieve the version number of the plugin.
185	+ *
186	+ * @since 1.0.0
187	+ *
188	+ * @return string The version number of the plugin.
189	+ */
190	+ public function get_version()
191	+ {
192	+ return $this->version;
193	+ }
194	+ }

includes/index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

includes/vendor/autoload.php ADDED Viewed

	@@ -0,0 +1,7 @@


1	+ <?php
2	+
3	+ // autoload.php @generated by Composer
4	+
5	+ require_once __DIR__ . '/composer' . '/autoload_real.php';
6	+
7	+ return ComposerAutoloaderInit6ba6ee55693d165c056f65e51c5383a5::getLoader();

includes/vendor/composer/ClassLoader.php ADDED Viewed

	@@ -0,0 +1,413 @@


1	+ <?php
2	+
3	+ /*
4	+ * This file is part of Composer.
5	+ *
6	+ * (c) Nils Adermann <naderman@naderman.de>
7	+ * Jordi Boggiano <j.boggiano@seld.be>
8	+ *
9	+ * For the full copyright and license information, please view the LICENSE
10	+ * file that was distributed with this source code.
11	+ */
12	+
13	+ namespace Composer\Autoload;
14	+
15	+ /**
16	+ * ClassLoader implements a PSR-0 class loader
17	+ *
18	+ * See https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md
19	+ *
20	+ * $loader = new \Composer\Autoload\ClassLoader();
21	+ *
22	+ * // register classes with namespaces
23	+ * $loader->add('Symfony\Component', __DIR__.'/component');
24	+ * $loader->add('Symfony', __DIR__.'/framework');
25	+ *
26	+ * // activate the autoloader
27	+ * $loader->register();
28	+ *
29	+ * // to enable searching the include path (eg. for PEAR packages)
30	+ * $loader->setUseIncludePath(true);
31	+ *
32	+ * In this example, if you try to use a class in the Symfony\Component
33	+ * namespace or one of its children (Symfony\Component\Console for instance),
34	+ * the autoloader will first look for the class under the component/
35	+ * directory, and it will then fallback to the framework/ directory if not
36	+ * found before giving up.
37	+ *
38	+ * This class is loosely based on the Symfony UniversalClassLoader.
39	+ *
40	+ * @author Fabien Potencier <fabien@symfony.com>
41	+ * @author Jordi Boggiano <j.boggiano@seld.be>
42	+ */
43	+ class ClassLoader
44	+ {
45	+ // PSR-4
46	+ private $prefixLengthsPsr4 = array();
47	+ private $prefixDirsPsr4 = array();
48	+ private $fallbackDirsPsr4 = array();
49	+
50	+ // PSR-0
51	+ private $prefixesPsr0 = array();
52	+ private $fallbackDirsPsr0 = array();
53	+
54	+ private $useIncludePath = false;
55	+ private $classMap = array();
56	+
57	+ private $classMapAuthoritative = false;
58	+
59	+ public function getPrefixes()
60	+ {
61	+ if (!empty($this->prefixesPsr0)) {
62	+ return call_user_func_array('array_merge', $this->prefixesPsr0);
63	+ }
64	+
65	+ return array();
66	+ }
67	+
68	+ public function getPrefixesPsr4()
69	+ {
70	+ return $this->prefixDirsPsr4;
71	+ }
72	+
73	+ public function getFallbackDirs()
74	+ {
75	+ return $this->fallbackDirsPsr0;
76	+ }
77	+
78	+ public function getFallbackDirsPsr4()
79	+ {
80	+ return $this->fallbackDirsPsr4;
81	+ }
82	+
83	+ public function getClassMap()
84	+ {
85	+ return $this->classMap;
86	+ }
87	+
88	+ /**
89	+ * @param array $classMap Class to filename map
90	+ */
91	+ public function addClassMap(array $classMap)
92	+ {
93	+ if ($this->classMap) {
94	+ $this->classMap = array_merge($this->classMap, $classMap);
95	+ } else {
96	+ $this->classMap = $classMap;
97	+ }
98	+ }
99	+
100	+ /**
101	+ * Registers a set of PSR-0 directories for a given prefix, either
102	+ * appending or prepending to the ones previously set for this prefix.
103	+ *
104	+ * @param string $prefix The prefix
105	+ * @param array\|string $paths The PSR-0 root directories
106	+ * @param bool $prepend Whether to prepend the directories
107	+ */
108	+ public function add($prefix, $paths, $prepend = false)
109	+ {
110	+ if (!$prefix) {
111	+ if ($prepend) {
112	+ $this->fallbackDirsPsr0 = array_merge(
113	+ (array) $paths,
114	+ $this->fallbackDirsPsr0
115	+ );
116	+ } else {
117	+ $this->fallbackDirsPsr0 = array_merge(
118	+ $this->fallbackDirsPsr0,
119	+ (array) $paths
120	+ );
121	+ }
122	+
123	+ return;
124	+ }
125	+
126	+ $first = $prefix[0];
127	+ if (!isset($this->prefixesPsr0[$first][$prefix])) {
128	+ $this->prefixesPsr0[$first][$prefix] = (array) $paths;
129	+
130	+ return;
131	+ }
132	+ if ($prepend) {
133	+ $this->prefixesPsr0[$first][$prefix] = array_merge(
134	+ (array) $paths,
135	+ $this->prefixesPsr0[$first][$prefix]
136	+ );
137	+ } else {
138	+ $this->prefixesPsr0[$first][$prefix] = array_merge(
139	+ $this->prefixesPsr0[$first][$prefix],
140	+ (array) $paths
141	+ );
142	+ }
143	+ }
144	+
145	+ /**
146	+ * Registers a set of PSR-4 directories for a given namespace, either
147	+ * appending or prepending to the ones previously set for this namespace.
148	+ *
149	+ * @param string $prefix The prefix/namespace, with trailing '\\'
150	+ * @param array\|string $paths The PSR-0 base directories
151	+ * @param bool $prepend Whether to prepend the directories
152	+ *
153	+ * @throws \InvalidArgumentException
154	+ */
155	+ public function addPsr4($prefix, $paths, $prepend = false)
156	+ {
157	+ if (!$prefix) {
158	+ // Register directories for the root namespace.
159	+ if ($prepend) {
160	+ $this->fallbackDirsPsr4 = array_merge(
161	+ (array) $paths,
162	+ $this->fallbackDirsPsr4
163	+ );
164	+ } else {
165	+ $this->fallbackDirsPsr4 = array_merge(
166	+ $this->fallbackDirsPsr4,
167	+ (array) $paths
168	+ );
169	+ }
170	+ } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
171	+ // Register directories for a new namespace.
172	+ $length = strlen($prefix);
173	+ if ('\\' !== $prefix[$length - 1]) {
174	+ throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
175	+ }
176	+ $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
177	+ $this->prefixDirsPsr4[$prefix] = (array) $paths;
178	+ } elseif ($prepend) {
179	+ // Prepend directories for an already registered namespace.
180	+ $this->prefixDirsPsr4[$prefix] = array_merge(
181	+ (array) $paths,
182	+ $this->prefixDirsPsr4[$prefix]
183	+ );
184	+ } else {
185	+ // Append directories for an already registered namespace.
186	+ $this->prefixDirsPsr4[$prefix] = array_merge(
187	+ $this->prefixDirsPsr4[$prefix],
188	+ (array) $paths
189	+ );
190	+ }
191	+ }
192	+
193	+ /**
194	+ * Registers a set of PSR-0 directories for a given prefix,
195	+ * replacing any others previously set for this prefix.
196	+ *
197	+ * @param string $prefix The prefix
198	+ * @param array\|string $paths The PSR-0 base directories
199	+ */
200	+ public function set($prefix, $paths)
201	+ {
202	+ if (!$prefix) {
203	+ $this->fallbackDirsPsr0 = (array) $paths;
204	+ } else {
205	+ $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
206	+ }
207	+ }
208	+
209	+ /**
210	+ * Registers a set of PSR-4 directories for a given namespace,
211	+ * replacing any others previously set for this namespace.
212	+ *
213	+ * @param string $prefix The prefix/namespace, with trailing '\\'
214	+ * @param array\|string $paths The PSR-4 base directories
215	+ *
216	+ * @throws \InvalidArgumentException
217	+ */
218	+ public function setPsr4($prefix, $paths)
219	+ {
220	+ if (!$prefix) {
221	+ $this->fallbackDirsPsr4 = (array) $paths;
222	+ } else {
223	+ $length = strlen($prefix);
224	+ if ('\\' !== $prefix[$length - 1]) {
225	+ throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
226	+ }
227	+ $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
228	+ $this->prefixDirsPsr4[$prefix] = (array) $paths;
229	+ }
230	+ }
231	+
232	+ /**
233	+ * Turns on searching the include path for class files.
234	+ *
235	+ * @param bool $useIncludePath
236	+ */
237	+ public function setUseIncludePath($useIncludePath)
238	+ {
239	+ $this->useIncludePath = $useIncludePath;
240	+ }
241	+
242	+ /**
243	+ * Can be used to check if the autoloader uses the include path to check
244	+ * for classes.
245	+ *
246	+ * @return bool
247	+ */
248	+ public function getUseIncludePath()
249	+ {
250	+ return $this->useIncludePath;
251	+ }
252	+
253	+ /**
254	+ * Turns off searching the prefix and fallback directories for classes
255	+ * that have not been registered with the class map.
256	+ *
257	+ * @param bool $classMapAuthoritative
258	+ */
259	+ public function setClassMapAuthoritative($classMapAuthoritative)
260	+ {
261	+ $this->classMapAuthoritative = $classMapAuthoritative;
262	+ }
263	+
264	+ /**
265	+ * Should class lookup fail if not found in the current class map?
266	+ *
267	+ * @return bool
268	+ */
269	+ public function isClassMapAuthoritative()
270	+ {
271	+ return $this->classMapAuthoritative;
272	+ }
273	+
274	+ /**
275	+ * Registers this instance as an autoloader.
276	+ *
277	+ * @param bool $prepend Whether to prepend the autoloader or not
278	+ */
279	+ public function register($prepend = false)
280	+ {
281	+ spl_autoload_register(array($this, 'loadClass'), true, $prepend);
282	+ }
283	+
284	+ /**
285	+ * Unregisters this instance as an autoloader.
286	+ */
287	+ public function unregister()
288	+ {
289	+ spl_autoload_unregister(array($this, 'loadClass'));
290	+ }
291	+
292	+ /**
293	+ * Loads the given class or interface.
294	+ *
295	+ * @param string $class The name of the class
296	+ * @return bool\|null True if loaded, null otherwise
297	+ */
298	+ public function loadClass($class)
299	+ {
300	+ if ($file = $this->findFile($class)) {
301	+ includeFile($file);
302	+
303	+ return true;
304	+ }
305	+ }
306	+
307	+ /**
308	+ * Finds the path to the file where the class is defined.
309	+ *
310	+ * @param string $class The name of the class
311	+ *
312	+ * @return string\|false The path if found, false otherwise
313	+ */
314	+ public function findFile($class)
315	+ {
316	+ // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
317	+ if ('\\' == $class[0]) {
318	+ $class = substr($class, 1);
319	+ }
320	+
321	+ // class map lookup
322	+ if (isset($this->classMap[$class])) {
323	+ return $this->classMap[$class];
324	+ }
325	+ if ($this->classMapAuthoritative) {
326	+ return false;
327	+ }
328	+
329	+ $file = $this->findFileWithExtension($class, '.php');
330	+
331	+ // Search for Hack files if we are running on HHVM
332	+ if ($file === null && defined('HHVM_VERSION')) {
333	+ $file = $this->findFileWithExtension($class, '.hh');
334	+ }
335	+
336	+ if ($file === null) {
337	+ // Remember that this class does not exist.
338	+ return $this->classMap[$class] = false;
339	+ }
340	+
341	+ return $file;
342	+ }
343	+
344	+ private function findFileWithExtension($class, $ext)
345	+ {
346	+ // PSR-4 lookup
347	+ $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
348	+
349	+ $first = $class[0];
350	+ if (isset($this->prefixLengthsPsr4[$first])) {
351	+ foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
352	+ if (0 === strpos($class, $prefix)) {
353	+ foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
354	+ if (is_file($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
355	+ return $file;
356	+ }
357	+ }
358	+ }
359	+ }
360	+ }
361	+
362	+ // PSR-4 fallback dirs
363	+ foreach ($this->fallbackDirsPsr4 as $dir) {
364	+ if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
365	+ return $file;
366	+ }
367	+ }
368	+
369	+ // PSR-0 lookup
370	+ if (false !== $pos = strrpos($class, '\\')) {
371	+ // namespaced class name
372	+ $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
373	+ . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
374	+ } else {
375	+ // PEAR-like class name
376	+ $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
377	+ }
378	+
379	+ if (isset($this->prefixesPsr0[$first])) {
380	+ foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
381	+ if (0 === strpos($class, $prefix)) {
382	+ foreach ($dirs as $dir) {
383	+ if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
384	+ return $file;
385	+ }
386	+ }
387	+ }
388	+ }
389	+ }
390	+
391	+ // PSR-0 fallback dirs
392	+ foreach ($this->fallbackDirsPsr0 as $dir) {
393	+ if (is_file($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
394	+ return $file;
395	+ }
396	+ }
397	+
398	+ // PSR-0 include paths.
399	+ if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
400	+ return $file;
401	+ }
402	+ }
403	+ }
404	+
405	+ /**
406	+ * Scope isolated include.
407	+ *
408	+ * Prevents access to $this/self from included files.
409	+ */
410	+ function includeFile($file)
411	+ {
412	+ include $file;
413	+ }

includes/vendor/composer/autoload_classmap.php ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ <?php
2	+
3	+ // autoload_classmap.php @generated by Composer
4	+
5	+ $vendorDir = dirname(dirname(__FILE__));
6	+ $baseDir = dirname(dirname($vendorDir));
7	+
8	+ return array(
9	+ );

includes/vendor/composer/autoload_namespaces.php ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ <?php
2	+
3	+ // autoload_namespaces.php @generated by Composer
4	+
5	+ $vendorDir = dirname(dirname(__FILE__));
6	+ $baseDir = dirname(dirname($vendorDir));
7	+
8	+ return array(
9	+ );

includes/vendor/composer/autoload_psr4.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+
3	+ // autoload_psr4.php @generated by Composer
4	+
5	+ $vendorDir = dirname(dirname(__FILE__));
6	+ $baseDir = dirname(dirname($vendorDir));
7	+
8	+ return array(
9	+ 'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
10	+ );

includes/vendor/composer/autoload_real.php ADDED Viewed

	@@ -0,0 +1,50 @@


1	+ <?php
2	+
3	+ // autoload_real.php @generated by Composer
4	+
5	+ class ComposerAutoloaderInit6ba6ee55693d165c056f65e51c5383a5
6	+ {
7	+ private static $loader;
8	+
9	+ public static function loadClassLoader($class)
10	+ {
11	+ if ('Composer\Autoload\ClassLoader' === $class) {
12	+ require __DIR__ . '/ClassLoader.php';
13	+ }
14	+ }
15	+
16	+ public static function getLoader()
17	+ {
18	+ if (null !== self::$loader) {
19	+ return self::$loader;
20	+ }
21	+
22	+ spl_autoload_register(array('ComposerAutoloaderInit6ba6ee55693d165c056f65e51c5383a5', 'loadClassLoader'), true, true);
23	+ self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24	+ spl_autoload_unregister(array('ComposerAutoloaderInit6ba6ee55693d165c056f65e51c5383a5', 'loadClassLoader'));
25	+
26	+ $map = require __DIR__ . '/autoload_namespaces.php';
27	+ foreach ($map as $namespace => $path) {
28	+ $loader->set($namespace, $path);
29	+ }
30	+
31	+ $map = require __DIR__ . '/autoload_psr4.php';
32	+ foreach ($map as $namespace => $path) {
33	+ $loader->setPsr4($namespace, $path);
34	+ }
35	+
36	+ $classMap = require __DIR__ . '/autoload_classmap.php';
37	+ if ($classMap) {
38	+ $loader->addClassMap($classMap);
39	+ }
40	+
41	+ $loader->register(true);
42	+
43	+ return $loader;
44	+ }
45	+ }
46	+
47	+ function composerRequire6ba6ee55693d165c056f65e51c5383a5($file)
48	+ {
49	+ require $file;
50	+ }

includes/vendor/composer/installed.json ADDED Viewed

	@@ -0,0 +1,47 @@


1	+ [
2	+ {
3	+ "name": "firebase/php-jwt",
4	+ "version": "v3.0.0",
5	+ "version_normalized": "3.0.0.0",
6	+ "source": {
7	+ "type": "git",
8	+ "url": "https://github.com/firebase/php-jwt.git",
9	+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
10	+ },
11	+ "dist": {
12	+ "type": "zip",
13	+ "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
14	+ "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
15	+ "shasum": ""
16	+ },
17	+ "require": {
18	+ "php": ">=5.3.0"
19	+ },
20	+ "time": "2015-07-22 18:31:08",
21	+ "type": "library",
22	+ "installation-source": "dist",
23	+ "autoload": {
24	+ "psr-4": {
25	+ "Firebase\\JWT\\": "src"
26	+ }
27	+ },
28	+ "notification-url": "https://packagist.org/downloads/",
29	+ "license": [
30	+ "BSD-3-Clause"
31	+ ],
32	+ "authors": [
33	+ {
34	+ "name": "Neuman Vong",
35	+ "email": "neuman+pear@twilio.com",
36	+ "role": "Developer"
37	+ },
38	+ {
39	+ "name": "Anant Narayanan",
40	+ "email": "anant@php.net",
41	+ "role": "Developer"
42	+ }
43	+ ],
44	+ "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
45	+ "homepage": "https://github.com/firebase/php-jwt"
46	+ }
47	+ ]

includes/vendor/firebase/php-jwt/.travis.yml ADDED Viewed

	@@ -0,0 +1,13 @@


1	+ language: php
2	+
3	+ php:
4	+ - 5.3
5	+ - 5.4
6	+ - 5.5
7	+ - hhvm
8	+
9	+ before_script:
10	+ - wget -nc http://getcomposer.org/composer.phar
11	+ - php composer.phar install
12	+
13	+ script: phpunit --configuration phpunit.xml.dist

includes/vendor/firebase/php-jwt/LICENSE ADDED Viewed

	@@ -0,0 +1,30 @@


1	+ Copyright (c) 2011, Neuman Vong
2	+
3	+ All rights reserved.
4	+
5	+ Redistribution and use in source and binary forms, with or without
6	+ modification, are permitted provided that the following conditions are met:
7	+
8	+ * Redistributions of source code must retain the above copyright
9	+ notice, this list of conditions and the following disclaimer.
10	+
11	+ * Redistributions in binary form must reproduce the above
12	+ copyright notice, this list of conditions and the following
13	+ disclaimer in the documentation and/or other materials provided
14	+ with the distribution.
15	+
16	+ * Neither the name of Neuman Vong nor the names of other
17	+ contributors may be used to endorse or promote products derived
18	+ from this software without specific prior written permission.
19	+
20	+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21	+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22	+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23	+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24	+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25	+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26	+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27	+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28	+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29	+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30	+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

includes/vendor/firebase/php-jwt/README.md ADDED Viewed

	@@ -0,0 +1,114 @@


1	+ [![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt)
2	+ [![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
3	+ [![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
4	+ [![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)
5	+
6	+ PHP-JWT
7	+ =======
8	+ A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should
9	+ conform to the [current spec](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06)
10	+
11	+ Installation
12	+ ------------
13	+
14	+ Use composer to manage your dependencies and download PHP-JWT:
15	+
16	+ ```bash
17	+ composer require firebase/php-jwt
18	+ ```
19	+
20	+ Example
21	+ -------
22	+ ```php
23	+ <?php
24	+ use \Firebase\JWT\JWT;
25	+
26	+ $key = "example_key";
27	+ $token = array(
28	+ "iss" => "http://example.org",
29	+ "aud" => "http://example.com",
30	+ "iat" => 1356999524,
31	+ "nbf" => 1357000000
32	+ );
33	+
34	+ /**
35	+ * IMPORTANT:
36	+ * You must specify supported algorithms for your application. See
37	+ * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
38	+ * for a list of spec-compliant algorithms.
39	+ */
40	+ $jwt = JWT::encode($token, $key);
41	+ $decoded = JWT::decode($jwt, $key, array('HS256'));
42	+
43	+ print_r($decoded);
44	+
45	+ /*
46	+ NOTE: This will now be an object instead of an associative array. To get
47	+ an associative array, you will need to cast it as such:
48	+ */
49	+
50	+ $decoded_array = (array) $decoded;
51	+
52	+ /**
53	+ * You can add a leeway to account for when there is a clock skew times between
54	+ * the signing and verifying servers. It is recommended that this leeway should
55	+ * not be bigger than a few minutes.
56	+ *
57	+ * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
58	+ */
59	+ JWT::$leeway = 60; // $leeway in seconds
60	+ $decoded = JWT::decode($jwt, $key, array('HS256'));
61	+
62	+ ?>
63	+ ```
64	+
65	+ Changelog
66	+ ---------
67	+
68	+ #### 3.0.0 / 2015-07-22
69	+ - Minimum PHP version updated from `5.2.0` to `5.3.0`.
70	+ - Add `\Firebase\JWT` namespace. See
71	+ [#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
72	+ [@Dashron](https://github.com/Dashron)!
73	+ - Require a non-empty key to decode and verify a JWT. See
74	+ [#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
75	+ [@sjones608](https://github.com/sjones608)!
76	+ - Cleaner documentation blocks in the code. See
77	+ [#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
78	+ [@johanderuijter](https://github.com/johanderuijter)!
79	+
80	+ #### 2.2.0 / 2015-06-22
81	+ - Add support for adding custom, optional JWT headers to `JWT::encode()`. See
82	+ [#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
83	+ [@mcocaro](https://github.com/mcocaro)!
84	+
85	+ #### 2.1.0 / 2015-05-20
86	+ - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
87	+ between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
88	+ - Add support for passing an object implementing the `ArrayAccess` interface for
89	+ `$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
90	+
91	+ #### 2.0.0 / 2015-04-01
92	+ - Note: It is strongly recommended that you update to > v2.0.0 to address
93	+ known security vulnerabilities in prior versions when both symmetric and
94	+ asymmetric keys are used together.
95	+ - Update signature for `JWT::decode(...)` to require an array of supported
96	+ algorithms to use when verifying token signatures.
97	+
98	+
99	+ Tests
100	+ -----
101	+ Run the tests using phpunit:
102	+
103	+ ```bash
104	+ $ pear install PHPUnit
105	+ $ phpunit --configuration phpunit.xml.dist
106	+ PHPUnit 3.7.10 by Sebastian Bergmann.
107	+ .....
108	+ Time: 0 seconds, Memory: 2.50Mb
109	+ OK (5 tests, 5 assertions)
110	+ ```
111	+
112	+ License
113	+ -------
114	+ [3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).

includes/vendor/firebase/php-jwt/composer.json ADDED Viewed

	@@ -0,0 +1,27 @@


1	+ {
2	+ "name": "firebase/php-jwt",
3	+ "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
4	+ "homepage": "https://github.com/firebase/php-jwt",
5	+ "authors": [
6	+ {
7	+ "name": "Neuman Vong",
8	+ "email": "neuman+pear@twilio.com",
9	+ "role": "Developer"
10	+ },
11	+ {
12	+ "name": "Anant Narayanan",
13	+ "email": "anant@php.net",
14	+ "role": "Developer"
15	+ }
16	+ ],
17	+ "license": "BSD-3-Clause",
18	+ "require": {
19	+ "php": ">=5.3.0"
20	+ },
21	+ "autoload": {
22	+ "psr-4": {
23	+ "Firebase\\JWT\\": "src"
24	+ }
25	+ },
26	+ "minimum-stability": "dev"
27	+ }

includes/vendor/firebase/php-jwt/composer.lock ADDED Viewed

	@@ -0,0 +1,19 @@


1	+ {
2	+ "_readme": [
3	+ "This file locks the dependencies of your project to a known state",
4	+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
5	+ "This file is @generated automatically"
6	+ ],
7	+ "hash": "60a5df5d283a7ae9000173248eba8909",
8	+ "packages": [],
9	+ "packages-dev": [],
10	+ "aliases": [],
11	+ "minimum-stability": "dev",
12	+ "stability-flags": [],
13	+ "prefer-stable": false,
14	+ "prefer-lowest": false,
15	+ "platform": {
16	+ "php": ">=5.2.0"
17	+ },
18	+ "platform-dev": []
19	+ }

includes/vendor/firebase/php-jwt/package.xml ADDED Viewed

	@@ -0,0 +1,77 @@


1	+ <?xml version="1.0" encoding="UTF-8"?>
2	+ <package packagerversion="1.9.2" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0
3	+ http://pear.php.net/dtd/tasks-1.0.xsd
4	+ http://pear.php.net/dtd/package-2.0
5	+ http://pear.php.net/dtd/package-2.0.xsd">
6	+ <name>JWT</name>
7	+ <channel>pear.php.net</channel>
8	+ <summary>A JWT encoder/decoder.</summary>
9	+ <description>A JWT encoder/decoder library for PHP.</description>
10	+ <lead>
11	+ <name>Neuman Vong</name>
12	+ <user>lcfrs</user>
13	+ <email>neuman+pear@twilio.com</email>
14	+ <active>yes</active>
15	+ </lead>
16	+ <lead>
17	+ <name>Firebase Operations</name>
18	+ <user>firebase</user>
19	+ <email>operations@firebase.com</email>
20	+ <active>yes</active>
21	+ </lead>
22	+ <date>2015-07-22</date>
23	+ <version>
24	+ <release>3.0.0</release>
25	+ <api>3.0.0</api>
26	+ </version>
27	+ <stability>
28	+ <release>beta</release>
29	+ <api>beta</api>
30	+ </stability>
31	+ <license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
32	+ <notes>
33	+ Initial release with basic support for JWT encoding, decoding and signature verification.
34	+ </notes>
35	+ <contents>
36	+ <dir baseinstalldir="/" name="/">
37	+ <dir name="tests">
38	+ <file name="JWTTest.php" role="test" />
39	+ </dir>
40	+ <file name="Authentication/JWT.php" role="php" />
41	+ </dir>
42	+ </contents>
43	+ <dependencies>
44	+ <required>
45	+ <php>
46	+ <min>5.1</min>
47	+ </php>
48	+ <pearinstaller>
49	+ <min>1.7.0</min>
50	+ </pearinstaller>
51	+ <extension>
52	+ <name>json</name>
53	+ </extension>
54	+ <extension>
55	+ <name>hash</name>
56	+ </extension>
57	+ </required>
58	+ </dependencies>
59	+ <phprelease />
60	+ <changelog>
61	+ <release>
62	+ <version>
63	+ <release>0.1.0</release>
64	+ <api>0.1.0</api>
65	+ </version>
66	+ <stability>
67	+ <release>beta</release>
68	+ <api>beta</api>
69	+ </stability>
70	+ <date>2015-04-01</date>
71	+ <license uri="http://opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</license>
72	+ <notes>
73	+ Initial release with basic support for JWT encoding, decoding and signature verification.
74	+ </notes>
75	+ </release>
76	+ </changelog>
77	+ </package>

includes/vendor/firebase/php-jwt/phpunit.xml.dist ADDED Viewed

	@@ -0,0 +1,19 @@


1	+ <?xml version="1.0" encoding="UTF-8"?>
2	+
3	+ <phpunit backupGlobals="false"
4	+ backupStaticAttributes="false"
5	+ colors="true"
6	+ convertErrorsToExceptions="true"
7	+ convertNoticesToExceptions="true"
8	+ convertWarningsToExceptions="true"
9	+ processIsolation="false"
10	+ stopOnFailure="false"
11	+ syntaxCheck="false"
12	+ bootstrap="tests/bootstrap.php"
13	+ >
14	+ <testsuites>
15	+ <testsuite name="PHP JSON Web Token Test Suite">
16	+ <directory>./tests</directory>
17	+ </testsuite>
18	+ </testsuites>
19	+ </phpunit>

includes/vendor/firebase/php-jwt/run-tests.sh ADDED Viewed

	@@ -0,0 +1,38 @@


1	+
2	+ #!/usr/bin/env bash
3	+ gpg --fingerprint D8406D0D82947747293778314AA394086372C20A
4	+ if [ $? -ne 0 ]; then
5	+ echo -e "\033[33mDownloading PGP Public Key...\033[0m"
6	+ gpg --recv-keys D8406D0D82947747293778314AA394086372C20A
7	+ # Sebastian Bergmann <sb@sebastian-bergmann.de>
8	+ gpg --fingerprint D8406D0D82947747293778314AA394086372C20A
9	+ if [ $? -ne 0 ]; then
10	+ echo -e "\033[31mCould not download PGP public key for verification\033[0m"
11	+ exit
12	+ fi
13	+ fi
14	+
15	+ # Let's grab the latest release and its signature
16	+ if [ ! -f phpunit.phar ]; then
17	+ wget https://phar.phpunit.de/phpunit.phar
18	+ fi
19	+ if [ ! -f phpunit.phar.asc ]; then
20	+ wget https://phar.phpunit.de/phpunit.phar.asc
21	+ fi
22	+
23	+ # Verify before running
24	+ gpg --verify phpunit.phar.asc phpunit.phar
25	+ if [ $? -eq 0 ]; then
26	+ echo
27	+ echo -e "\033[33mBegin Unit Testing\033[0m"
28	+ # Run the testing suite
29	+ php --version
30	+ php phpunit.phar --configuration phpunit.xml.dist
31	+ else
32	+ echo
33	+ chmod -x phpunit.phar
34	+ mv phpunit.phar /tmp/bad-phpunit.phar
35	+ mv phpunit.phar.asc /tmp/bad-phpunit.phar.asc
36	+ echo -e "\033[31mSignature did not match! PHPUnit has been moved to /tmp/bad-phpunit.phar\033[0m"
37	+ exit 1
38	+ fi

includes/vendor/firebase/php-jwt/src/BeforeValidException.php ADDED Viewed

	@@ -0,0 +1,7 @@


1	+ <?php
2	+ namespace Firebase\JWT;
3	+
4	+ class BeforeValidException extends \UnexpectedValueException
5	+ {
6	+
7	+ }

includes/vendor/firebase/php-jwt/src/ExpiredException.php ADDED Viewed

	@@ -0,0 +1,7 @@


1	+ <?php
2	+ namespace Firebase\JWT;
3	+
4	+ class ExpiredException extends \UnexpectedValueException
5	+ {
6	+
7	+ }

includes/vendor/firebase/php-jwt/src/JWT.php ADDED Viewed

	@@ -0,0 +1,357 @@


1	+ <?php
2	+
3	+ namespace Firebase\JWT;
4	+ use \DomainException;
5	+ use \InvalidArgumentException;
6	+ use \UnexpectedValueException;
7	+ use \DateTime;
8	+
9	+ /**
10	+ * JSON Web Token implementation, based on this spec:
11	+ * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06
12	+ *
13	+ * PHP version 5
14	+ *
15	+ * @category Authentication
16	+ * @package Authentication_JWT
17	+ * @author Neuman Vong <neuman@twilio.com>
18	+ * @author Anant Narayanan <anant@php.net>
19	+ * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
20	+ * @link https://github.com/firebase/php-jwt
21	+ */
22	+ class JWT
23	+ {
24	+
25	+ /**
26	+ * When checking nbf, iat or expiration times,
27	+ * we want to provide some extra leeway time to
28	+ * account for clock skew.
29	+ */
30	+ public static $leeway = 0;
31	+
32	+ public static $supported_algs = array(
33	+ 'HS256' => array('hash_hmac', 'SHA256'),
34	+ 'HS512' => array('hash_hmac', 'SHA512'),
35	+ 'HS384' => array('hash_hmac', 'SHA384'),
36	+ 'RS256' => array('openssl', 'SHA256'),
37	+ );
38	+
39	+ /**
40	+ * Decodes a JWT string into a PHP object.
41	+ *
42	+ * @param string $jwt The JWT
43	+ * @param string\|array\|null $key The key, or map of keys.
44	+ * If the algorithm used is asymmetric, this is the public key
45	+ * @param array $allowed_algs List of supported verification algorithms
46	+ * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
47	+ *
48	+ * @return object The JWT's payload as a PHP object
49	+ *
50	+ * @throws DomainException Algorithm was not provided
51	+ * @throws UnexpectedValueException Provided JWT was invalid
52	+ * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
53	+ * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
54	+ * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat'
55	+ * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim
56	+ *
57	+ * @uses jsonDecode
58	+ * @uses urlsafeB64Decode
59	+ */
60	+ public static function decode($jwt, $key, $allowed_algs = array())
61	+ {
62	+ if (empty($key)) {
63	+ throw new InvalidArgumentException('Key may not be empty');
64	+ }
65	+ $tks = explode('.', $jwt);
66	+ if (count($tks) != 3) {
67	+ throw new UnexpectedValueException('Wrong number of segments');
68	+ }
69	+ list($headb64, $bodyb64, $cryptob64) = $tks;
70	+ if (null === ($header = JWT::jsonDecode(JWT::urlsafeB64Decode($headb64)))) {
71	+ throw new UnexpectedValueException('Invalid header encoding');
72	+ }
73	+ if (null === $payload = JWT::jsonDecode(JWT::urlsafeB64Decode($bodyb64))) {
74	+ throw new UnexpectedValueException('Invalid claims encoding');
75	+ }
76	+ $sig = JWT::urlsafeB64Decode($cryptob64);
77	+
78	+ if (empty($header->alg)) {
79	+ throw new DomainException('Empty algorithm');
80	+ }
81	+ if (empty(self::$supported_algs[$header->alg])) {
82	+ throw new DomainException('Algorithm not supported');
83	+ }
84	+ if (!is_array($allowed_algs) \|\| !in_array($header->alg, $allowed_algs)) {
85	+ throw new DomainException('Algorithm not allowed');
86	+ }
87	+ if (is_array($key) \|\| $key instanceof \ArrayAccess) {
88	+ if (isset($header->kid)) {
89	+ $key = $key[$header->kid];
90	+ } else {
91	+ throw new DomainException('"kid" empty, unable to lookup correct key');
92	+ }
93	+ }
94	+
95	+ // Check the signature
96	+ if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
97	+ throw new SignatureInvalidException('Signature verification failed');
98	+ }
99	+
100	+ // Check if the nbf if it is defined. This is the time that the
101	+ // token can actually be used. If it's not yet that time, abort.
102	+ if (isset($payload->nbf) && $payload->nbf > (time() + self::$leeway)) {
103	+ throw new BeforeValidException(
104	+ 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf)
105	+ );
106	+ }
107	+
108	+ // Check that this token has been created before 'now'. This prevents
109	+ // using tokens that have been created for later use (and haven't
110	+ // correctly used the nbf claim).
111	+ if (isset($payload->iat) && $payload->iat > (time() + self::$leeway)) {
112	+ throw new BeforeValidException(
113	+ 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat)
114	+ );
115	+ }
116	+
117	+ // Check if this token has expired.
118	+ if (isset($payload->exp) && (time() - self::$leeway) >= $payload->exp) {
119	+ throw new ExpiredException('Expired token');
120	+ }
121	+
122	+ return $payload;
123	+ }
124	+
125	+ /**
126	+ * Converts and signs a PHP object or array into a JWT string.
127	+ *
128	+ * @param object\|array $payload PHP object or array
129	+ * @param string $key The secret key.
130	+ * If the algorithm used is asymmetric, this is the private key
131	+ * @param string $alg The signing algorithm.
132	+ * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
133	+ * @param array $head An array with header elements to attach
134	+ *
135	+ * @return string A signed JWT
136	+ *
137	+ * @uses jsonEncode
138	+ * @uses urlsafeB64Encode
139	+ */
140	+ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
141	+ {
142	+ $header = array('typ' => 'JWT', 'alg' => $alg);
143	+ if ($keyId !== null) {
144	+ $header['kid'] = $keyId;
145	+ }
146	+ if ( isset($head) && is_array($head) ) {
147	+ $header = array_merge($head, $header);
148	+ }
149	+ $segments = array();
150	+ $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));
151	+ $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload));
152	+ $signing_input = implode('.', $segments);
153	+
154	+ $signature = JWT::sign($signing_input, $key, $alg);
155	+ $segments[] = JWT::urlsafeB64Encode($signature);
156	+
157	+ return implode('.', $segments);
158	+ }
159	+
160	+ /**
161	+ * Sign a string with a given key and algorithm.
162	+ *
163	+ * @param string $msg The message to sign
164	+ * @param string\|resource $key The secret key
165	+ * @param string $alg The signing algorithm.
166	+ * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
167	+ *
168	+ * @return string An encrypted message
169	+ *
170	+ * @throws DomainException Unsupported algorithm was specified
171	+ */
172	+ public static function sign($msg, $key, $alg = 'HS256')
173	+ {
174	+ if (empty(self::$supported_algs[$alg])) {
175	+ throw new DomainException('Algorithm not supported');
176	+ }
177	+ list($function, $algorithm) = self::$supported_algs[$alg];
178	+ switch($function) {
179	+ case 'hash_hmac':
180	+ return hash_hmac($algorithm, $msg, $key, true);
181	+ case 'openssl':
182	+ $signature = '';
183	+ $success = openssl_sign($msg, $signature, $key, $algorithm);
184	+ if (!$success) {
185	+ throw new DomainException("OpenSSL unable to sign data");
186	+ } else {
187	+ return $signature;
188	+ }
189	+ }
190	+ }
191	+
192	+ /**
193	+ * Verify a signature with the message, key and method. Not all methods
194	+ * are symmetric, so we must have a separate verify and sign method.
195	+ *
196	+ * @param string $msg The original message (header and body)
197	+ * @param string $signature The original signature
198	+ * @param string\|resource $key For HS, a string key works. for RS, must be a resource of an openssl public key
199	+ * @param string $alg The algorithm
200	+ *
201	+ * @return bool
202	+ *
203	+ * @throws DomainException Invalid Algorithm or OpenSSL failure
204	+ */
205	+ private static function verify($msg, $signature, $key, $alg)
206	+ {
207	+ if (empty(self::$supported_algs[$alg])) {
208	+ throw new DomainException('Algorithm not supported');
209	+ }
210	+
211	+ list($function, $algorithm) = self::$supported_algs[$alg];
212	+ switch($function) {
213	+ case 'openssl':
214	+ $success = openssl_verify($msg, $signature, $key, $algorithm);
215	+ if (!$success) {
216	+ throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
217	+ } else {
218	+ return $signature;
219	+ }
220	+ case 'hash_hmac':
221	+ default:
222	+ $hash = hash_hmac($algorithm, $msg, $key, true);
223	+ if (function_exists('hash_equals')) {
224	+ return hash_equals($signature, $hash);
225	+ }
226	+ $len = min(self::safeStrlen($signature), self::safeStrlen($hash));
227	+
228	+ $status = 0;
229	+ for ($i = 0; $i < $len; $i++) {
230	+ $status \|= (ord($signature[$i]) ^ ord($hash[$i]));
231	+ }
232	+ $status \|= (self::safeStrlen($signature) ^ self::safeStrlen($hash));
233	+
234	+ return ($status === 0);
235	+ }
236	+ }
237	+
238	+ /**
239	+ * Decode a JSON string into a PHP object.
240	+ *
241	+ * @param string $input JSON string
242	+ *
243	+ * @return object Object representation of JSON string
244	+ *
245	+ * @throws DomainException Provided string was invalid JSON
246	+ */
247	+ public static function jsonDecode($input)
248	+ {
249	+ if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) {
250	+ /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you
251	+ * to specify that large ints (like Steam Transaction IDs) should be treated as
252	+ * strings, rather than the PHP default behaviour of converting them to floats.
253	+ */
254	+ $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
255	+ } else {
256	+ /** Not all servers will support that, however, so for older versions we must
257	+ * manually detect large ints in the JSON string and quote them (thus converting
258	+ *them to strings) before decoding, hence the preg_replace() call.
259	+ */
260	+ $max_int_length = strlen((string) PHP_INT_MAX) - 1;
261	+ $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input);
262	+ $obj = json_decode($json_without_bigints);
263	+ }
264	+
265	+ if (function_exists('json_last_error') && $errno = json_last_error()) {
266	+ JWT::handleJsonError($errno);
267	+ } elseif ($obj === null && $input !== 'null') {
268	+ throw new DomainException('Null result with non-null input');
269	+ }
270	+ return $obj;
271	+ }
272	+
273	+ /**
274	+ * Encode a PHP object into a JSON string.
275	+ *
276	+ * @param object\|array $input A PHP object or array
277	+ *
278	+ * @return string JSON representation of the PHP object or array
279	+ *
280	+ * @throws DomainException Provided object could not be encoded to valid JSON
281	+ */
282	+ public static function jsonEncode($input)
283	+ {
284	+ $json = json_encode($input);
285	+ if (function_exists('json_last_error') && $errno = json_last_error()) {
286	+ JWT::handleJsonError($errno);
287	+ } elseif ($json === 'null' && $input !== null) {
288	+ throw new DomainException('Null result with non-null input');
289	+ }
290	+ return $json;
291	+ }
292	+
293	+ /**
294	+ * Decode a string with URL-safe Base64.
295	+ *
296	+ * @param string $input A Base64 encoded string
297	+ *
298	+ * @return string A decoded string
299	+ */
300	+ public static function urlsafeB64Decode($input)
301	+ {
302	+ $remainder = strlen($input) % 4;
303	+ if ($remainder) {
304	+ $padlen = 4 - $remainder;
305	+ $input .= str_repeat('=', $padlen);
306	+ }
307	+ return base64_decode(strtr($input, '-_', '+/'));
308	+ }
309	+
310	+ /**
311	+ * Encode a string with URL-safe Base64.
312	+ *
313	+ * @param string $input The string you want encoded
314	+ *
315	+ * @return string The base64 encode of what you passed in
316	+ */
317	+ public static function urlsafeB64Encode($input)
318	+ {
319	+ return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
320	+ }
321	+
322	+ /**
323	+ * Helper method to create a JSON error.
324	+ *
325	+ * @param int $errno An error number from json_last_error()
326	+ *
327	+ * @return void
328	+ */
329	+ private static function handleJsonError($errno)
330	+ {
331	+ $messages = array(
332	+ JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
333	+ JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
334	+ JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON'
335	+ );
336	+ throw new DomainException(
337	+ isset($messages[$errno])
338	+ ? $messages[$errno]
339	+ : 'Unknown JSON error: ' . $errno
340	+ );
341	+ }
342	+
343	+ /**
344	+ * Get the number of bytes in cryptographic strings.
345	+ *
346	+ * @param string
347	+ *
348	+ * @return int
349	+ */
350	+ private static function safeStrlen($str)
351	+ {
352	+ if (function_exists('mb_strlen')) {
353	+ return mb_strlen($str, '8bit');
354	+ }
355	+ return strlen($str);
356	+ }
357	+ }

includes/vendor/firebase/php-jwt/src/SignatureInvalidException.php ADDED Viewed

	@@ -0,0 +1,7 @@


1	+ <?php
2	+ namespace Firebase\JWT;
3	+
4	+ class SignatureInvalidException extends \UnexpectedValueException
5	+ {
6	+
7	+ }

includes/vendor/firebase/php-jwt/tests/JWTTest.php ADDED Viewed

	@@ -0,0 +1,264 @@


1	+ <?php
2	+ use \Firebase\JWT\JWT;
3	+
4	+ class JWTTest extends PHPUnit_Framework_TestCase
5	+ {
6	+ public function testEncodeDecode()
7	+ {
8	+ $msg = JWT::encode('abc', 'my_key');
9	+ $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc');
10	+ }
11	+
12	+ public function testDecodeFromPython()
13	+ {
14	+ $msg = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.Iio6aHR0cDovL2FwcGxpY2F0aW9uL2NsaWNreT9ibGFoPTEuMjMmZi5vbz00NTYgQUMwMDAgMTIzIg.E_U8X2YpMT5K1cEiT_3-IvBYfrdIFIeVYeOqre_Z5Cg';
15	+ $this->assertEquals(
16	+ JWT::decode($msg, 'my_key', array('HS256')),
17	+ '*:http://application/clicky?blah=1.23&f.oo=456 AC000 123'
18	+ );
19	+ }
20	+
21	+ public function testUrlSafeCharacters()
22	+ {
23	+ $encoded = JWT::encode('f?', 'a');
24	+ $this->assertEquals('f?', JWT::decode($encoded, 'a', array('HS256')));
25	+ }
26	+
27	+ public function testMalformedUtf8StringsFail()
28	+ {
29	+ $this->setExpectedException('DomainException');
30	+ JWT::encode(pack('c', 128), 'a');
31	+ }
32	+
33	+ public function testMalformedJsonThrowsException()
34	+ {
35	+ $this->setExpectedException('DomainException');
36	+ JWT::jsonDecode('this is not valid JSON string');
37	+ }
38	+
39	+ public function testExpiredToken()
40	+ {
41	+ $this->setExpectedException('Firebase\JWT\ExpiredException');
42	+ $payload = array(
43	+ "message" => "abc",
44	+ "exp" => time() - 20); // time in the past
45	+ $encoded = JWT::encode($payload, 'my_key');
46	+ JWT::decode($encoded, 'my_key', array('HS256'));
47	+ }
48	+
49	+ public function testBeforeValidTokenWithNbf()
50	+ {
51	+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
52	+ $payload = array(
53	+ "message" => "abc",
54	+ "nbf" => time() + 20); // time in the future
55	+ $encoded = JWT::encode($payload, 'my_key');
56	+ JWT::decode($encoded, 'my_key', array('HS256'));
57	+ }
58	+
59	+ public function testBeforeValidTokenWithIat()
60	+ {
61	+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
62	+ $payload = array(
63	+ "message" => "abc",
64	+ "iat" => time() + 20); // time in the future
65	+ $encoded = JWT::encode($payload, 'my_key');
66	+ JWT::decode($encoded, 'my_key', array('HS256'));
67	+ }
68	+
69	+ public function testValidToken()
70	+ {
71	+ $payload = array(
72	+ "message" => "abc",
73	+ "exp" => time() + JWT::$leeway + 20); // time in the future
74	+ $encoded = JWT::encode($payload, 'my_key');
75	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
76	+ $this->assertEquals($decoded->message, 'abc');
77	+ }
78	+
79	+ public function testValidTokenWithLeeway()
80	+ {
81	+ JWT::$leeway = 60;
82	+ $payload = array(
83	+ "message" => "abc",
84	+ "exp" => time() - 20); // time in the past
85	+ $encoded = JWT::encode($payload, 'my_key');
86	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
87	+ $this->assertEquals($decoded->message, 'abc');
88	+ JWT::$leeway = 0;
89	+ }
90	+
91	+ public function testExpiredTokenWithLeeway()
92	+ {
93	+ JWT::$leeway = 60;
94	+ $payload = array(
95	+ "message" => "abc",
96	+ "exp" => time() - 70); // time far in the past
97	+ $this->setExpectedException('Firebase\JWT\ExpiredException');
98	+ $encoded = JWT::encode($payload, 'my_key');
99	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
100	+ $this->assertEquals($decoded->message, 'abc');
101	+ JWT::$leeway = 0;
102	+ }
103	+
104	+ public function testValidTokenWithList()
105	+ {
106	+ $payload = array(
107	+ "message" => "abc",
108	+ "exp" => time() + 20); // time in the future
109	+ $encoded = JWT::encode($payload, 'my_key');
110	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256', 'HS512'));
111	+ $this->assertEquals($decoded->message, 'abc');
112	+ }
113	+
114	+ public function testValidTokenWithNbf()
115	+ {
116	+ $payload = array(
117	+ "message" => "abc",
118	+ "iat" => time(),
119	+ "exp" => time() + 20, // time in the future
120	+ "nbf" => time() - 20);
121	+ $encoded = JWT::encode($payload, 'my_key');
122	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
123	+ $this->assertEquals($decoded->message, 'abc');
124	+ }
125	+
126	+ public function testValidTokenWithNbfLeeway()
127	+ {
128	+ JWT::$leeway = 60;
129	+ $payload = array(
130	+ "message" => "abc",
131	+ "nbf" => time() + 20); // not before in near (leeway) future
132	+ $encoded = JWT::encode($payload, 'my_key');
133	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
134	+ $this->assertEquals($decoded->message, 'abc');
135	+ JWT::$leeway = 0;
136	+ }
137	+
138	+ public function testInvalidTokenWithNbfLeeway()
139	+ {
140	+ JWT::$leeway = 60;
141	+ $payload = array(
142	+ "message" => "abc",
143	+ "nbf" => time() + 65); // not before too far in future
144	+ $encoded = JWT::encode($payload, 'my_key');
145	+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
146	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
147	+ JWT::$leeway = 0;
148	+ }
149	+
150	+ public function testValidTokenWithIatLeeway()
151	+ {
152	+ JWT::$leeway = 60;
153	+ $payload = array(
154	+ "message" => "abc",
155	+ "iat" => time() + 20); // issued in near (leeway) future
156	+ $encoded = JWT::encode($payload, 'my_key');
157	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
158	+ $this->assertEquals($decoded->message, 'abc');
159	+ JWT::$leeway = 0;
160	+ }
161	+
162	+ public function testInvalidTokenWithIatLeeway()
163	+ {
164	+ JWT::$leeway = 60;
165	+ $payload = array(
166	+ "message" => "abc",
167	+ "iat" => time() + 65); // issued too far in future
168	+ $encoded = JWT::encode($payload, 'my_key');
169	+ $this->setExpectedException('Firebase\JWT\BeforeValidException');
170	+ $decoded = JWT::decode($encoded, 'my_key', array('HS256'));
171	+ JWT::$leeway = 0;
172	+ }
173	+
174	+ public function testInvalidToken()
175	+ {
176	+ $payload = array(
177	+ "message" => "abc",
178	+ "exp" => time() + 20); // time in the future
179	+ $encoded = JWT::encode($payload, 'my_key');
180	+ $this->setExpectedException('Firebase\JWT\SignatureInvalidException');
181	+ $decoded = JWT::decode($encoded, 'my_key2', array('HS256'));
182	+ }
183	+
184	+ public function testNullKeyFails()
185	+ {
186	+ $payload = array(
187	+ "message" => "abc",
188	+ "exp" => time() + JWT::$leeway + 20); // time in the future
189	+ $encoded = JWT::encode($payload, 'my_key');
190	+ $this->setExpectedException('InvalidArgumentException');
191	+ $decoded = JWT::decode($encoded, null, array('HS256'));
192	+ }
193	+
194	+ public function testEmptyKeyFails()
195	+ {
196	+ $payload = array(
197	+ "message" => "abc",
198	+ "exp" => time() + JWT::$leeway + 20); // time in the future
199	+ $encoded = JWT::encode($payload, 'my_key');
200	+ $this->setExpectedException('InvalidArgumentException');
201	+ $decoded = JWT::decode($encoded, '', array('HS256'));
202	+ }
203	+
204	+ public function testRSEncodeDecode()
205	+ {
206	+ $privKey = openssl_pkey_new(array('digest_alg' => 'sha256',
207	+ 'private_key_bits' => 1024,
208	+ 'private_key_type' => OPENSSL_KEYTYPE_RSA));
209	+ $msg = JWT::encode('abc', $privKey, 'RS256');
210	+ $pubKey = openssl_pkey_get_details($privKey);
211	+ $pubKey = $pubKey['key'];
212	+ $decoded = JWT::decode($msg, $pubKey, array('RS256'));
213	+ $this->assertEquals($decoded, 'abc');
214	+ }
215	+
216	+ public function testKIDChooser()
217	+ {
218	+ $keys = array('1' => 'my_key', '2' => 'my_key2');
219	+ $msg = JWT::encode('abc', $keys['1'], 'HS256', '1');
220	+ $decoded = JWT::decode($msg, $keys, array('HS256'));
221	+ $this->assertEquals($decoded, 'abc');
222	+ }
223	+
224	+ public function testArrayAccessKIDChooser()
225	+ {
226	+ $keys = new ArrayObject(array('1' => 'my_key', '2' => 'my_key2'));
227	+ $msg = JWT::encode('abc', $keys['1'], 'HS256', '1');
228	+ $decoded = JWT::decode($msg, $keys, array('HS256'));
229	+ $this->assertEquals($decoded, 'abc');
230	+ }
231	+
232	+ public function testNoneAlgorithm()
233	+ {
234	+ $msg = JWT::encode('abc', 'my_key');
235	+ $this->setExpectedException('DomainException');
236	+ JWT::decode($msg, 'my_key', array('none'));
237	+ }
238	+
239	+ public function testIncorrectAlgorithm()
240	+ {
241	+ $msg = JWT::encode('abc', 'my_key');
242	+ $this->setExpectedException('DomainException');
243	+ JWT::decode($msg, 'my_key', array('RS256'));
244	+ }
245	+
246	+ public function testMissingAlgorithm()
247	+ {
248	+ $msg = JWT::encode('abc', 'my_key');
249	+ $this->setExpectedException('DomainException');
250	+ JWT::decode($msg, 'my_key');
251	+ }
252	+
253	+ public function testAdditionalHeaders()
254	+ {
255	+ $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' => 'test-eit;v=1'));
256	+ $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc');
257	+ }
258	+
259	+ public function testInvalidSegmentCount()
260	+ {
261	+ $this->setExpectedException('UnexpectedValueException');
262	+ JWT::decode('brokenheader.brokenbody', 'my_key', array('HS256'));
263	+ }
264	+ }

includes/vendor/firebase/php-jwt/tests/autoload.php.dist ADDED Viewed

	@@ -0,0 +1,17 @@


1	+ <?php
2	+
3	+ // if the library is the project, try to use the composer's autoload for the tests
4	+ $composerAutoload = __DIR__ . '/../vendor/autoload.php';
5	+
6	+ if (is_file($composerAutoload)) {
7	+ include $composerAutoload;
8	+ } else {
9	+ die('Unable to find autoload.php file, please use composer to load dependencies:
10	+
11	+ wget http://getcomposer.org/composer.phar
12	+ php composer.phar install
13	+
14	+ Visit http://getcomposer.org/ for more information.
15	+
16	+ ');
17	+ }

includes/vendor/firebase/php-jwt/tests/bootstrap.php ADDED Viewed

	@@ -0,0 +1,7 @@


1	+ <?php
2	+
3	+ if (file_exists($file = __DIR__ . '/autoload.php')) {
4	+ require_once $file;
5	+ } elseif (file_exists($file = __DIR__ . '/autoload.php.dist')) {
6	+ require_once $file;
7	+ }

index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

jwt-auth.php ADDED Viewed

	@@ -0,0 +1,52 @@


1	+ <?php
2	+
3	+ /**
4	+ * The plugin bootstrap file.
5	+ *
6	+ * This file is read by WordPress to generate the plugin information in the plugin
7	+ * admin area. This file also includes all of the dependencies used by the plugin,
8	+ * registers the activation and deactivation functions, and defines a function
9	+ * that starts the plugin.
10	+ *
11	+ * @link https://enriquechavez.co
12	+ * @since 1.0.0
13	+ *
14	+ * @wordpress-plugin
15	+ * Plugin Name: JWT Authentication for WP-API
16	+ * Plugin URI: https://enriquechavez.co
17	+ * Description: Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
18	+ * Version: 1.0.0
19	+ * Author: Enrique Chavez
20	+ * Author URI: https://enriquechavez.co
21	+ * License: GPL-2.0+
22	+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
23	+ * Text Domain: jwt-auth
24	+ * Domain Path: /languages
25	+ */
26	+
27	+ // If this file is called directly, abort.
28	+ if (!defined('WPINC')) {
29	+ die;
30	+ }
31	+
32	+ /**
33	+ * The core plugin class that is used to define internationalization,
34	+ * admin-specific hooks, and public-facing site hooks.
35	+ */
36	+ require plugin_dir_path(__FILE__) . 'includes/class-jwt-auth.php';
37	+
38	+ /**
39	+ * Begins execution of the plugin.
40	+ *
41	+ * Since everything within the plugin is registered via hooks,
42	+ * then kicking off the plugin from this point in the file does
43	+ * not affect the page life cycle.
44	+ *
45	+ * @since 1.0.0
46	+ */
47	+ function run_jwt_auth()
48	+ {
49	+ $plugin = new Jwt_Auth();
50	+ $plugin->run();
51	+ }
52	+ run_jwt_auth();

languages/jwt-auth.pot ADDED Viewed

File without changes

public/class-jwt-auth-public.php ADDED Viewed

	@@ -0,0 +1,314 @@


1	+ <?php
2	+
3	+ /** Requiere the JWT library. */
4	+ use \Firebase\JWT\JWT;
5	+
6	+ /**
7	+ * The public-facing functionality of the plugin.
8	+ *
9	+ * @link https://enriquechavez.co
10	+ * @since 1.0.0
11	+ */
12	+
13	+ /**
14	+ * The public-facing functionality of the plugin.
15	+ *
16	+ * Defines the plugin name, version, and two examples hooks for how to
17	+ * enqueue the admin-specific stylesheet and JavaScript.
18	+ *
19	+ * @author Enrique Chavez <noone@tmeister.net>
20	+ */
21	+ class Jwt_Auth_Public
22	+ {
23	+ /**
24	+ * The ID of this plugin.
25	+ *
26	+ * @since 1.0.0
27	+ *
28	+ * @var string The ID of this plugin.
29	+ */
30	+ private $plugin_name;
31	+
32	+ /**
33	+ * The version of this plugin.
34	+ *
35	+ * @since 1.0.0
36	+ *
37	+ * @var string The current version of this plugin.
38	+ */
39	+ private $version;
40	+
41	+ /**
42	+ * The namespace to add to the api calls.
43	+ *
44	+ * @var string The namespace to add to the api call
45	+ */
46	+ private $namespace;
47	+
48	+ /**
49	+ * Store errors to display if the JWT is wrong
50	+ *
51	+ * @var WP_Error
52	+ */
53	+ private $jwt_error = null;
54	+
55	+ /**
56	+ * Initialize the class and set its properties.
57	+ *
58	+ * @since 1.0.0
59	+ *
60	+ * @param string $plugin_name The name of the plugin.
61	+ * @param string $version The version of this plugin.
62	+ */
63	+ public function __construct($plugin_name, $version)
64	+ {
65	+ $this->plugin_name = $plugin_name;
66	+ $this->version = $version;
67	+ $this->namespace = $this->plugin_name.'/v'.intval($this->version);
68	+ }
69	+
70	+ /**
71	+ * Add the endpoints to the API
72	+ */
73	+ public function add_api_routes()
74	+ {
75	+ register_rest_route($this->namespace, 'token', [
76	+ 'methods' => 'POST',
77	+ 'callback' => array($this, 'generate_token'),
78	+ ]);
79	+
80	+ register_rest_route($this->namespace, 'token/validate', array(
81	+ 'methods' => 'POST',
82	+ 'callback' => array($this, 'validate_token'),
83	+ ));
84	+ }
85	+
86	+ /**
87	+ * Add CORs suppot to the request.
88	+ */
89	+ public function add_cors_support()
90	+ {
91	+ $enable_cors = defined('JWT_AUTH_CORS_ENABLE') ? JWT_AUTH_CORS_ENABLE : false;
92	+ if ($enable_cors) {
93	+ $headers = apply_filters('jwt_auth_cors_allow_headers', 'Access-Control-Allow-Headers, Content-Type, Authorization');
94	+ header(sprintf('Access-Control-Allow-Headers: %s', $headers));
95	+ }
96	+ }
97	+
98	+ /**
99	+ * Get the user and password in the request body and generate a JWT
100	+ *
101	+ * @param [type] $request [description]
102	+ *
103	+ * @return [type] [description]
104	+ */
105	+ public function generate_token($request)
106	+ {
107	+ $secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
108	+ $username = $request->get_param('username');
109	+ $password = $request->get_param('password');
110	+
111	+ /** First thing, check the secret key if not exist return a error*/
112	+ if (!$secret_key) {
113	+ return new WP_Error(
114	+ 'jwt_auth_bad_config',
115	+ __('JWT is not configurated properly, please contact the admin', 'wp-api-jwt-auth'),
116	+ array(
117	+ 'status' => 403,
118	+ )
119	+ );
120	+ }
121	+ /** Try to authenticate the user with the passed credentials*/
122	+ $user = wp_authenticate($username, $password);
123	+
124	+ /** If the authentication fails return a error*/
125	+ if (is_wp_error($user)) {
126	+ return new WP_Error(
127	+ 'jwt_auth_failed',
128	+ __('Invalid Credentials.', 'wp-api-jwt-auth'),
129	+ array(
130	+ 'status' => 403,
131	+ )
132	+ );
133	+ }
134	+
135	+ /** Valid credentials, the user exists create the according Token */
136	+ $issuedAt = time();
137	+ $notBefore = apply_filters('jwt_auth_not_before', $issuedAt, $issuedAt);
138	+ $expire = apply_filters('jwt_auth_expire', $issuedAt + (DAY_IN_SECONDS * 7), $issuedAt);
139	+
140	+ $token = array(
141	+ 'iss' => get_bloginfo('url'),
142	+ 'iat' => $issuedAt,
143	+ 'nbf' => $notBefore,
144	+ 'exp' => $expire,
145	+ 'data' => array(
146	+ 'user' => array(
147	+ 'id' => $user->data->ID,
148	+ ),
149	+ ),
150	+ );
151	+
152	+ /** Let the user modify the token data before the sign. */
153	+ $token = JWT::encode(apply_filters('jwt_auth_token_before_sign', $token), $secret_key);
154	+
155	+ /** The token is signed, now create the object with no sensible user data to the client*/
156	+ $data = array(
157	+ 'token' => $token,
158	+ 'user_email' => $user->data->user_email,
159	+ 'user_nicename' => $user->data->user_nicename,
160	+ 'user_display_name' => $user->data->display_name,
161	+ );
162	+
163	+ /** Let the user modify the data before send it back */
164	+ return apply_filters('jwt_auth_token_before_dispatch', $data, $user);
165	+ }
166	+
167	+ /**
168	+ * This is our Middleware to try to authenticate the user according to the
169	+ * token send.
170	+ *
171	+ * @param (int\|bool) $user Logged User ID
172	+ *
173	+ * @return (int\|bool)
174	+ */
175	+ public function determine_current_user($user)
176	+ {
177	+ /*
178	+ * if the request URI is for validate the token don't do anything,
179	+ * this avoid double calls to the validate_token function.
180	+ */
181	+ $validate_uri = strpos($_SERVER['REQUEST_URI'], 'token/validate');
182	+ if ($validate_uri > 0) {
183	+ return $user;
184	+ }
185	+
186	+ $token = $this->validate_token(false);
187	+
188	+ if (is_wp_error($token)) {
189	+ if ($token->get_error_code() != 'jwt_auth_no_auth_header') {
190	+ /** If there is a error, store it to show it after see rest_pre_dispatch */
191	+ $this->jwt_error = $token;
192	+ return $user;
193	+ } else {
194	+ return $user;
195	+ }
196	+ }
197	+ /** Everything is ok, return the user ID stored in the token*/
198	+ return $token->data->user->id;
199	+ }
200	+
201	+ /**
202	+ * Main validation function, this function try to get the Autentication
203	+ * headers and decoded.
204	+ *
205	+ * @param bool $output
206	+ *
207	+ * @return WP_Error \| Object
208	+ */
209	+ public function validate_token($output = true)
210	+ {
211	+ /*
212	+ * Looking for the HTTP_AUTHORIZATION header, if not present just
213	+ * return the user.
214	+ */
215	+ $auth = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : false;
216	+ if (!$auth) {
217	+ return new WP_Error(
218	+ 'jwt_auth_no_auth_header',
219	+ __('Authorization header not found.', 'wp-api-jwt-auth'),
220	+ array(
221	+ 'status' => 403,
222	+ )
223	+ );
224	+ }
225	+
226	+ /*
227	+ * The HTTP_AUTHORIZATION is present verify the format
228	+ * if the format is wrong return the user.
229	+ */
230	+ list($token) = sscanf($auth, 'Bearer %s');
231	+ if (!$token) {
232	+ return new WP_Error(
233	+ 'jwt_auth_bad_auth_header',
234	+ __('Authorization header malformed.', 'wp-api-jwt-auth'),
235	+ array(
236	+ 'status' => 403,
237	+ )
238	+ );
239	+ }
240	+
241	+ /** Get the Secret Key */
242	+ $secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
243	+ if (!$secret_key) {
244	+ return new WP_Error(
245	+ 'jwt_auth_bad_config',
246	+ __('JWT is not configurated properly, please contact the admin', 'wp-api-jwt-auth'),
247	+ array(
248	+ 'status' => 403,
249	+ )
250	+ );
251	+ }
252	+
253	+ /** Try to decode the token */
254	+ try {
255	+ $token = JWT::decode($token, $secret_key, array('HS256'));
256	+ /** The Token is decoded now validate the iss */
257	+ if ($token->iss != get_bloginfo('url')) {
258	+ /** The iss do not match, return error */
259	+ return new WP_Error(
260	+ 'jwt_auth_bad_iss',
261	+ __('The iss do not match with this server', 'wp-api-jwt-auth'),
262	+ array(
263	+ 'status' => 403,
264	+ )
265	+ );
266	+ }
267	+ /** So far so good, validate the user id in the token */
268	+ if (!isset($token->data->user->id)) {
269	+ /** No user id in the token, abort!! */
270	+ return new WP_Error(
271	+ 'jwt_auth_bad_request',
272	+ __('User ID not found in the token', 'wp-api-jwt-auth'),
273	+ array(
274	+ 'status' => 403,
275	+ )
276	+ );
277	+ }
278	+ /** Everything looks good return the decoded token if the $output is false */
279	+ if (!$output) {
280	+ return $token;
281	+ }
282	+ /** If the output is true return an answer to the request to show it */
283	+ return array(
284	+ 'code' => 'jwt_auth_valid_token',
285	+ 'data' => array(
286	+ 'status' => 200,
287	+ ),
288	+ );
289	+ } catch (Exception $e) {
290	+ /** Something is wrong trying to decode the token, send back the error */
291	+ return new WP_Error(
292	+ 'jwt_auth_invalid_token',
293	+ $e->getMessage(),
294	+ array(
295	+ 'status' => 403,
296	+ )
297	+ );
298	+ }
299	+ }
300	+
301	+ /**
302	+ * Filter to hook the rest_pre_dispatch, if the is an error in the request
303	+ * send it, if there is no error just continue with the current request.
304	+ *
305	+ * @param $request
306	+ */
307	+ public function rest_pre_dispatch($request)
308	+ {
309	+ if (is_wp_error($this->jwt_error)) {
310	+ return $this->jwt_error;
311	+ }
312	+ return $request;
313	+ }
314	+ }

public/index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

readme.txt ADDED Viewed

	@@ -0,0 +1,347 @@


1	+ === JWT Authentication for WP REST API ===
2	+
3	+ Contributors: tmeister
4	+ Donate link: https://enriquechavez.co
5	+ Tags: wp-json, jwt, json web authentication, wp-api
6	+ Requires at least: 4.2
7	+ Tested up to: 4.3
8	+ Stable tag: 1.0
9	+ License: GPLv2 or later
10	+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
11	+
12	+ Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
13	+
14	+ == Description ==
15	+
16	+ Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
17	+
18	+ JSON Web Tokens are an open, industry standard [RFC 7519](https://tools.ietf.org/html/rfc7519) method for representing claims securely between two parties.
19	+
20	+ Support and Requests please in Github: https://github.com/Tmeister/wp-api-jwt-auth
21	+
22	+ ### REQUIREMENTS
23	+
24	+ #### WP REST API V2
25	+
26	+ This plugin was conceived to extend the [WP REST API V2](https://github.com/WP-API/WP-API) plugin features and, of course, was built on top of it.
27	+
28	+ So, to use the wp-api-jwt-auth you need to install and activate [WP REST API](https://github.com/WP-API/WP-API).
29	+
30	+ ### PHP
31	+
32	+ Minimum PHP version: 5.3.0
33	+
34	+ ### PHP HTTP Authorization Header enable
35	+
36	+ Most of the shared hosting has disabled the HTTP Authorization Header by default.
37	+
38	+ To enable this option you'll need to edit your .htaccess file adding the follow
39	+
40	+ `
41	+ RewriteEngine on
42	+ RewriteCond %{HTTP:Authorization} ^(.*)
43	+ RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
44	+ `
45	+
46	+ #### WPENGINE
47	+
48	+ To enable this option you'll need to edit your .htaccess file adding the follow
49	+
50	+ See https://github.com/Tmeister/wp-api-jwt-auth/issues/1
51	+
52	+ `
53	+ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
54	+ `
55	+
56	+ ### CONFIGURATION
57	+ ### Configurate the Secret Key
58	+
59	+ The JWT needs a secret key to sign the token this secret key must be unique and never revealed.
60	+
61	+ To add the secret key edit your wp-config.php file and add a new constant called JWT_AUTH_SECRET_KEY
62	+
63	+ `
64	+ define('JWT_AUTH_SECRET_KEY', 'your-top-secrect-key');
65	+ `
66	+
67	+ You can use a string from here https://api.wordpress.org/secret-key/1.1/salt/
68	+
69	+ ### Configurate CORs Support
70	+
71	+ The wp-api-jwt-auth plugin has the option to activate [CORs](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) support.
72	+
73	+ To enable the CORs Support edit your wp-config.php file and add a new constant called JWT_AUTH_CORS_ENABLE
74	+
75	+ `
76	+ define('JWT_AUTH_CORS_ENABLE', true);
77	+ `
78	+
79	+ Finally activate the plugin within your wp-admin.
80	+
81	+ ### Namespace and Endpoints
82	+
83	+ When the plugin is activated, a new namespace is added
84	+
85	+ `
86	+ /jwt-auth/v1
87	+ `
88	+
89	+ Also, two new endpoints are added to this namespace
90	+
91	+ Endpoint \| HTTP Verb
92	+ /wp-json/jwt-auth/v1/token \| POST
93	+ /wp-json/jwt-auth/v1/token/validate \| POST
94	+
95	+ ###USAGE
96	+ ### /wp-json/jwt-auth/v1/token
97	+
98	+ This is the entry point for the JWT Authentication.
99	+
100	+ Validates the user credentials, username and password, and returns a token to use in a future request to the API if the authentication is correct or error if the authentication fails.
101	+
102	+ ####Sample request using AngularJS
103	+
104	+ ( function() {
105	+
106	+ var app = angular.module( 'jwtAuth', [] );
107	+
108	+ app.controller( 'MainController', function( $scope, $http ) {
109	+
110	+ var apiHost = 'http://yourdomain.com/wp-json';
111	+
112	+ $http.post( apiHost + '/jwt-auth/v1/token', {
113	+ username: 'admin',
114	+ password: 'password'
115	+ } )
116	+
117	+ .then( function( response ) {
118	+ console.log( response.data )
119	+ } )
120	+
121	+ .catch( function( error ) {
122	+ console.error( 'Error', error.data[0] );
123	+ } );
124	+
125	+ } );
126	+
127	+ } )();
128	+
129	+
130	+
131	+ Success response from the server
132	+
133	+ `
134	+ {
135	+ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8",
136	+ "user_display_name": "admin",
137	+ "user_email": "admin@localhost.dev",
138	+ "user_nicename": "admin"
139	+ }
140	+ `
141	+
142	+ Error response from the server
143	+
144	+ `
145	+ {
146	+ "code": "jwt_auth_failed",
147	+ "data": {
148	+ "status": 403
149	+ },
150	+ "message": "Invalid Credentials."
151	+ }
152	+ `
153	+
154	+ Once you get the token, you must store it somewhere in your application, ex. in a cookie or using localstorage.
155	+
156	+ From this point, you should pass this token to every API call
157	+
158	+ Sample call using the Authorization header using AngularJS
159	+
160	+ `
161	+ app.config( function( $httpProvider ) {
162	+ $httpProvider.interceptors.push( [ '$q', '$location', '$cookies', function( $q, $location, $cookies ) {
163	+ return {
164	+ 'request': function( config ) {
165	+ config.headers = config.headers \|\| {};
166	+ //Assume that you store the token in a cookie.
167	+ var globals = $cookies.getObject( 'globals' ) \|\| {};
168	+ //If the cookie has the CurrentUser and the token
169	+ //add the Authorization header in each request
170	+ if ( globals.currentUser && globals.currentUser.token ) {
171	+ config.headers.Authorization = 'Bearer ' + globals.currentUser.token;
172	+ }
173	+ return config;
174	+ }
175	+ };
176	+ } ] );
177	+ } );
178	+ `
179	+
180	+ The wp-api-jwt-auth will intercept every call to the server and will look for the Authorization Header, if the Authorization header is present will try to decode the token and will set the user according with the data stored in it.
181	+
182	+ If the token is valid, the API call flow will continue as always.
183	+
184	+ Sample Headers
185	+
186	+ `
187	+ POST /resource HTTP/1.1
188	+ Host: server.example.com
189	+ Authorization: Bearer mF_s9.B5f-4.1JqM
190	+ `
191	+
192	+ ###ERRORS
193	+
194	+ If the token is invalid an error will be returned, here are some samples of errors.
195	+
196	+ Invalid Credentials
197	+
198	+ `
199	+ [
200	+ {
201	+ "code": "jwt_auth_failed",
202	+ "message": "Invalid Credentials.",
203	+ "data": {
204	+ "status": 403
205	+ }
206	+ }
207	+ ]
208	+ `
209	+
210	+ Invalid Signature
211	+
212	+ `
213	+ [
214	+ {
215	+ "code": "jwt_auth_invalid_token",
216	+ "message": "Signature verification failed",
217	+ "data": {
218	+ "status": 403
219	+ }
220	+ }
221	+ ]
222	+ `
223	+
224	+ Expired Token
225	+
226	+ `
227	+ [
228	+ {
229	+ "code": "jwt_auth_invalid_token",
230	+ "message": "Expired token",
231	+ "data": {
232	+ "status": 403
233	+ }
234	+ }
235	+ ]
236	+ `
237	+
238	+ ### /wp-json/jwt-auth/v1/token/validate
239	+
240	+ This is a simple helper endpoint to validate a token; you only will need to make a POST request sending the Authorization header.
241	+
242	+ Valid Token Response
243	+
244	+ `
245	+ {
246	+ "code": "jwt_auth_valid_token",
247	+ "data": {
248	+ "status": 200
249	+ }
250	+ }
251	+ `
252	+
253	+ ###AVAILABLE HOOKS
254	+
255	+ The wp-api-jwt-auth is dev friendly and has five filters available to override the default settings.
256	+
257	+ ####jwt_auth_cors_allow_headers
258	+
259	+ The jwt_auth_cors_allow_headers allows you to modify the available headers when the CORs support is enabled.
260	+
261	+ Default Value:
262	+
263	+ `
264	+ 'Access-Control-Allow-Headers, Content-Type, Authorization'
265	+ `
266	+
267	+ ###jwt_auth_not_before
268	+
269	+ The jwt_auth_not_before allows you to change the [nbf](https://tools.ietf.org/html/rfc7519#section-4.1.5) value before the token is created.
270	+
271	+ Default Value:
272	+
273	+ `
274	+ Creation time - time()
275	+ `
276	+
277	+ ###jwt_auth_expire
278	+
279	+ The jwt_auth_expire allows you to change the value [exp](https://tools.ietf.org/html/rfc7519#section-4.1.4) before the token is created.
280	+
281	+ Default Value:
282	+
283	+ `
284	+ time() + (DAY_IN_SECONDS * 7)
285	+ `
286	+
287	+ ###jwt_auth_token_before_sign
288	+
289	+ The jwt_auth_token_before_sign allows you to modify all the token data before to be encoded and signed.
290	+
291	+ Default Value
292	+
293	+ `
294	+ <?php
295	+ $token = array(
296	+ 'iss' => get_bloginfo('url'),
297	+ 'iat' => $issuedAt,
298	+ 'nbf' => $notBefore,
299	+ 'exp' => $expire,
300	+ 'data' => array(
301	+ 'user' => array(
302	+ 'id' => $user->data->ID,
303	+ )
304	+ )
305	+ );
306	+ `
307	+
308	+ ###jwt_auth_token_before_dispatch
309	+ The jwt_auth_token_before_dispatch allows you to modify all the response array before to dispatch it to the client.
310	+
311	+ Default Value:
312	+
313	+ `
314	+ <?php
315	+ $data = array(
316	+ 'token' => $token,
317	+ 'user_email' => $user->data->user_email,
318	+ 'user_nicename' => $user->data->user_nicename,
319	+ 'user_display_name' => $user->data->display_name,
320	+ );
321	+ `
322	+
323	+ ==Installation==
324	+
325	+ = Using The WordPress Dashboard =
326	+
327	+ 1. Navigate to the 'Add New' in the plugins dashboard
328	+ 2. Search for 'jwt-authentication-for-wp-rest-api'
329	+ 3. Click 'Install Now'
330	+ 4. Activate the plugin on the Plugin dashboard
331	+
332	+ = Uploading in WordPress Dashboard =
333	+
334	+ 1. Navigate to the 'Add New' in the plugins dashboard
335	+ 2. Navigate to the 'Upload' area
336	+ 3. Select `jwt-authentication-for-wp-rest-api.zip` from your computer
337	+ 4. Click 'Install Now'
338	+ 5. Activate the plugin in the Plugin dashboard
339	+
340	+ ###Please read how to configured the plugin https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/
341	+
342	+ == Changelog ==
343	+ = 1.0.0 =
344	+ * Initial Release.
345	+
346	+ == Upgrade Notice ==
347	+ .

JWT Authentication for WP REST API - Version 1.0.0

Version Description

Release Info

Version 1.0.0