JWT Authentication for WP REST API - Version 1.2.6

Version Description

  • Cookies && Token compatibility
  • Fix the root problem with gutenberg infinite loops and allow the token validation/generation if the WP cookie exists.
  • More info (https://github.com/Tmeister/wp-api-jwt-auth/pull/138)
  • Props: https://github.com/andrzejpiotrowski
Download this release

Release Info

Developer Tmeister
Plugin Icon JWT Authentication for WP REST API
Version 1.2.6
Comparing to
See all releases

Code changes from version 1.2.5 to 1.2.6

Files changed (4) hide show
  1. includes/class-jwt-auth.php +1 -20
  2. jwt-auth.php +1 -1
  3. public/class-jwt-auth-public.php +5 -5
  4. readme.txt +42 -3
includes/class-jwt-auth.php CHANGED
@@ -142,26 +142,7 @@ class Jwt_Auth
142
  $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
143
  $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
144
  $this->loader->add_filter('rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2);
145
- /**
146
- * Gutenberg fix
147
- * Now with Gutenberg the WP API usage is masive and most of the call are in the admin.
148
- * The JWT token should be used only when the user is not logged in, aka remote calls.
149
- * This validation search for the WordPress logged in cookie if exists the filter on
150
- * the determine_current_user hook is not applied.
151
- *
152
- * @since 1.2.5
153
- */
154
- $is_user_logged_in = false;
155
- foreach ($_COOKIE as $name => $value) {
156
- if (strpos($name, 'wordpress_logged_in_') === 0) {
157
- $is_user_logged_in = true;
158
- break;
159
- }
160
- }
161
- if (!$is_user_logged_in) {
162
- $this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
163
-
164
- }
165
  }
166
 
167
  /**
142
  $this->loader->add_action('rest_api_init', $plugin_public, 'add_api_routes');
143
  $this->loader->add_filter('rest_api_init', $plugin_public, 'add_cors_support');
144
  $this->loader->add_filter('rest_pre_dispatch', $plugin_public, 'rest_pre_dispatch', 10, 2);
145
+ $this->loader->add_filter('determine_current_user', $plugin_public, 'determine_current_user', 10);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
146
  }
147
 
148
  /**
jwt-auth.php CHANGED
@@ -15,7 +15,7 @@
15
  * Plugin Name: JWT Authentication for WP-API
16
  * Plugin URI: https://enriquechavez.co
17
  * Description: Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
18
- * Version: 1.2.5
19
  * Author: Enrique Chavez
20
  * Author URI: https://enriquechavez.co
21
  * License: GPL-2.0+
15
  * Plugin Name: JWT Authentication for WP-API
16
  * Plugin URI: https://enriquechavez.co
17
  * Description: Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
18
+ * Version: 1.2.6
19
  * Author: Enrique Chavez
20
  * Author URI: https://enriquechavez.co
21
  * License: GPL-2.0+
public/class-jwt-auth-public.php CHANGED
@@ -236,7 +236,7 @@ class Jwt_Auth_Public
236
  if (!$auth) {
237
  return new WP_Error(
238
  'jwt_auth_no_auth_header',
239
- __('Authorization header not found.', 'wp-api-jwt-auth'),
240
  array(
241
  'status' => 403,
242
  )
@@ -251,7 +251,7 @@ class Jwt_Auth_Public
251
  if (!$token) {
252
  return new WP_Error(
253
  'jwt_auth_bad_auth_header',
254
- __('Authorization header malformed.', 'wp-api-jwt-auth'),
255
  array(
256
  'status' => 403,
257
  )
@@ -263,7 +263,7 @@ class Jwt_Auth_Public
263
  if (!$secret_key) {
264
  return new WP_Error(
265
  'jwt_auth_bad_config',
266
- __('JWT is not configurated properly, please contact the admin', 'wp-api-jwt-auth'),
267
  array(
268
  'status' => 403,
269
  )
@@ -278,7 +278,7 @@ class Jwt_Auth_Public
278
  /** The iss do not match, return error */
279
  return new WP_Error(
280
  'jwt_auth_bad_iss',
281
- __('The iss do not match with this server', 'wp-api-jwt-auth'),
282
  array(
283
  'status' => 403,
284
  )
@@ -289,7 +289,7 @@ class Jwt_Auth_Public
289
  /** No user id in the token, abort!! */
290
  return new WP_Error(
291
  'jwt_auth_bad_request',
292
- __('User ID not found in the token', 'wp-api-jwt-auth'),
293
  array(
294
  'status' => 403,
295
  )
236
  if (!$auth) {
237
  return new WP_Error(
238
  'jwt_auth_no_auth_header',
239
+ 'Authorization header not found.',
240
  array(
241
  'status' => 403,
242
  )
251
  if (!$token) {
252
  return new WP_Error(
253
  'jwt_auth_bad_auth_header',
254
+ 'Authorization header malformed.',
255
  array(
256
  'status' => 403,
257
  )
263
  if (!$secret_key) {
264
  return new WP_Error(
265
  'jwt_auth_bad_config',
266
+ 'JWT is not configurated properly, please contact the admin',
267
  array(
268
  'status' => 403,
269
  )
278
  /** The iss do not match, return error */
279
  return new WP_Error(
280
  'jwt_auth_bad_iss',
281
+ 'The iss do not match with this server',
282
  array(
283
  'status' => 403,
284
  )
289
  /** No user id in the token, abort!! */
290
  return new WP_Error(
291
  'jwt_auth_bad_request',
292
+ 'User ID not found in the token',
293
  array(
294
  'status' => 403,
295
  )
readme.txt CHANGED
@@ -1,12 +1,12 @@
1
  === JWT Authentication for WP REST API ===
2
 
3
  Contributors: tmeister
4
- Donate link: https://enriquechavez.co
5
  Tags: wp-json, jwt, json web authentication, wp-api
6
  Requires at least: 4.2
7
- Tested up to: 5.0
8
  Requires PHP: 5.3.0
9
- Stable tag: 1.2.5
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -321,6 +321,27 @@ $data = array(
321
  );
322
  `
323
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
324
  ==Installation==
325
 
326
  = Using The WordPress Dashboard =
@@ -341,6 +362,24 @@ $data = array(
341
  ###Please read how to configured the plugin https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/
342
 
343
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
344
  = 1.2.4 =
345
  * Update firebase/php-jwt to v5.0.0 ( https://github.com/firebase/php-jwt )
346
  * Add Requires PHP Tag
1
  === JWT Authentication for WP REST API ===
2
 
3
  Contributors: tmeister
4
+ Donate link: https://www.paypal.me/wpchavez
5
  Tags: wp-json, jwt, json web authentication, wp-api
6
  Requires at least: 4.2
7
+ Tested up to: 6.0.2
8
  Requires PHP: 5.3.0
9
+ Stable tag: 1.2.6
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
321
  );
322
  `
323
 
324
+ ### jwt_auth_algorithm
325
+ The **jwt_auth_algorithm** allows you to modify the signing algorithm.
326
+
327
+ Default value:
328
+
329
+ `
330
+ <?php
331
+ $token = JWT::encode(
332
+ apply_filters('jwt_auth_token_before_sign', $token, $user),
333
+ $secret_key,
334
+ apply_filters('jwt_auth_algorithm', 'HS256')
335
+ );
336
+
337
+ // ...
338
+
339
+ $token = JWT::decode(
340
+ $token,
341
+ new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))
342
+ );
343
+ `
344
+
345
  ==Installation==
346
 
347
  = Using The WordPress Dashboard =
362
  ###Please read how to configured the plugin https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/
363
 
364
  == Changelog ==
365
+ = 1.3.0 =
366
+ * Update firebase/php-jwt to 6.3
367
+ * Fix warning, register_rest_route was called incorrectly
368
+ * Allow for Basic Auth, by not attempting to validate Authentication Headers if a valid user has already been determined (see: https://github.com/Tmeister/wp-api-jwt-auth/issues/241)
369
+ * Added a new filter (jwt_auth_algorithm) to allow for customizing the algorithm used for signing the token
370
+ * Props: https://github.com/bradmkjr
371
+
372
+ = 1.2.6 =
373
+ * Cookies && Token compatibility
374
+ * Fix the root problem with gutenberg infinite loops and allow the token validation/generation if the WP cookie exists.
375
+ * More info (https://github.com/Tmeister/wp-api-jwt-auth/pull/138)
376
+ * Props: https://github.com/andrzejpiotrowski
377
+
378
+
379
+ = 1.2.5 =
380
+ * Add Gutenberg Compatibility
381
+ * More info (https://github.com/Tmeister/wp-api-jwt-auth/issues/126)
382
+
383
  = 1.2.4 =
384
  * Update firebase/php-jwt to v5.0.0 ( https://github.com/firebase/php-jwt )
385
  * Add Requires PHP Tag