WordPress.org
Get WordPress

Plugin Directory

Changeset 1168653


Ignore:
Timestamp:
05/27/2015 03:30:37 PM (11 years ago)
Author:
glena
Message:

Release new version

Location:
wp-jwt-auth/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • wp-jwt-auth/trunk/JWT_AUTH.php

    r1160505 r1168653  
    33 * Plugin Name: Wordpress JWT Authentication
    44 * Description: Implements JWT Authentication for APIs
    5  * Version: 1.0.1
     5 * Version: 1.1.0
    66 * Author: Auth0
    77 * Author URI: https://auth0.com
     
    2222        add_filter("plugin_action_links_$plugin", array(__CLASS__, 'wp_add_plugin_settings_link'));
    2323
     24        add_action( 'init', array( __CLASS__, 'add_headers' ), 99 );       
     25
     26        JWT_AUTH_UsersRepo::init();
    2427        JWT_AUTH_UserProcessor::init();
    2528        JWT_AUTH_Settings_Section::init();
    2629        JWT_AUTH_Admin::init();
     30    }
     31
     32    public static function add_headers() {
     33        header('Access-Control-Allow-Origin:'. get_http_origin());
     34        header('Access-Control-Allow-Credentials: true');
     35
     36        if ( 'OPTIONS' == $_SERVER['REQUEST_METHOD'] ) {
     37            if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] ) ) {
     38                header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
     39            }
     40            if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] ) ) {
     41                header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
     42            }
     43            die('options');
     44        }
     45    }
     46    public static function send_cors_headers( $headers ) {
     47        $headers['Access-Control-Allow-Origin']      = get_http_origin(); // Can't use wildcard origin for credentials requests, instead set it to the requesting origin
     48        $headers['Access-Control-Allow-Credentials'] = 'true';
     49        // Access-Control headers are received during OPTIONS requests
     50        if ( 'OPTIONS' == $_SERVER['REQUEST_METHOD'] ) {
     51            if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] ) ) {
     52                $headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS';
     53            }
     54            if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] ) ) {
     55                $headers['Access-Control-Allow-Headers'] = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'];
     56            }
     57        }
     58        return $headers;
    2759    }
    2860

  • wp-jwt-auth/trunk/README.md

    r1156142 r1168653  
    99- **User Property**: is the property which much match with the JWT attribute to determine the user.
    1010- **JWT Attribute**: should match the User Property to determine the user.
    11 - **User Repository**: by default it should be empty. If you want to override the way the user matching is made (ie: you need to look to another table in the database) you can create your own User Repostory and match the user as you need. The user repository should expose one static method called `getUser` that receives the decoded JWT and should receive a `WP_User` object.
     11
     12##Overriding the User Repository logic
     13The user repository is the responsible of retriving the user based on the JWT. By default, it looks in the user database to match the *User Property* and the *JWT Attribute*.
     14
     15If you need to override the way the user matching is made (ie: you need to look to another table in the database) you can create your own User Repostory and match the user as you need.
     16
     17To accomplish this, you need to add a filter:
     18
     19```
     20    add_filter( 'wp_jwt_auth_get_user', array( __CLASS__, 'getUser' ),10);
     21```
     22
     23To see an example, check the [UsersRepo](https://github.com/auth0/wp-jwt-auth/blob/master/lib/JWT_AUTH_UsersRepo.php).
    1224
    1325> When the plugin is using a User Repository the *User Property* and *JWT Property* settings are ignored.   

  • wp-jwt-auth/trunk/lib/JWT_AUTH_Admin.php

    r1160505 r1168653  
    5454            array('id' => 'jwt_auth_user_property', 'name' => 'User Property', 'function' => 'render_user_property'),
    5555            array('id' => 'jwt_auth_jwt_attribute', 'name' => 'JWT Attribute', 'function' => 'render_jwt_attribute'),
    56             array('id' => 'jwt_auth_override_user_repo', 'name' => 'User Repository', 'function' => 'render_override_user_repo'),
    5756
    5857        ));
     
    9089        echo '<br/><span class="description">' . __('JWT Attribute the plugin should use to match the users.', JWT_AUTH_LANG) . '</span>';
    9190    }
    92     public static function render_override_user_repo(){
    93         $v = JWT_AUTH_Options::get( 'override_user_repo' );
    94         echo '<input type="text" name="' . JWT_AUTH_Options::OPTIONS_NAME . '[override_user_repo]" id="jwt_auth_override_user_repo" value="' . esc_attr( $v ) . '"/>';
    95         echo '<br/><span class="description">' . __('The User Repository is how this plugin looks for the users related to the token. When it is empty, it will work searching for a user which matchs the User Property and the JWT Attribute. If it is not empty, a custom repository is configured (probably from another plugin or custom configruation) and will ignore the User Property setting.', JWT_AUTH_LANG) . '</span>';
    96     }
    9791
    9892    public static function render_settings_page(){

  • wp-jwt-auth/trunk/lib/JWT_AUTH_Options.php

    r1156142 r1168653  
    3939            'user_property' => 'id',
    4040            'jwt_attribute' => 'sub',
    41             'override_user_repo' => false,
    4241            'secret_base64_encoded' => false,
    4342        );

  • wp-jwt-auth/trunk/lib/JWT_AUTH_UserProcessor.php

    r1156142 r1168653  
    55    public static function init() {
    66
     7        add_filter( 'woocommerce_api_check_authentication', array(__CLASS__, 'determine_current_user_for_wc'), 10);
    78        add_filter( 'determine_current_user', array(__CLASS__, 'determine_current_user'), 10);
    89        add_filter( 'json_authentication_errors', array(__CLASS__, 'json_authentication_errors'));
     
    4041    }
    4142
    42     protected static function findUser($jwt) {
     43    protected static function findUser($jwt, $encodedJWT) {
    4344        $overrideUserRepo = JWT_AUTH_Options::get('override_user_repo');
    4445
    45         if ($overrideUserRepo) {
    46             return call_user_func(array($overrideUserRepo, 'getUser'), $jwt);
    47         }
    48         else {
    49             return JWT_AUTH_UsersRepo::getUser($jwt);
    50         }
     46        return apply_filters( 'wp_jwt_auth_get_user', $jwt, $encodedJWT );
    5147    }
    5248
    53     public static function determine_current_user ($user)
     49    public static function determine_current_user_for_wc($user) {
     50        return self::determine_current_user_generic($user, true);
     51    }
     52
     53    public static function determine_current_user ($user) {
     54        return self::determine_current_user_generic($user, false);
     55    }
     56    public static function determine_current_user_generic ($user, $returnUserObj)
    5457    {
    5558        global $wp_json_basic_auth_error;
     
    5962        $authorization = self::getAuthorizationHeader();
    6063
    61         if ($authorization !== false) {
     64        $authorization = str_replace('Bearer ', '', $authorization);
     65
     66        if ($authorization !== '') {
    6267
    6368            try {
     
    6974            }
    7075
    71             $objuser = self::findUser($token);
     76            $objuser = self::findUser($token, $authorization);
    7277
    7378            if (!$objuser) {
    7479                $wp_json_basic_auth_error = 'Invalid user';
     80                return null;
    7581            }
    7682
    77             $user = $objuser->ID;
     83            if ($returnUserObj) {
     84                $user = $objuser;
     85            }
     86            else {
     87                $user = $objuser->ID;
     88            }
    7889        }
    7990
     
    8394    }
    8495
    85     protected static function decodeJWT($authorization)
     96    protected static function decodeJWT($encUser)
    8697    {
    8798        require_once JWT_AUTH_PLUGIN_DIR . 'lib/php-jwt/Exceptions/BeforeValidException.php';
     
    98109        }
    99110
    100         $encUser = str_replace('Bearer ', '', $authorization);
    101 
    102111        try {
    103112            // Decode the user
     
    109118            }
    110119        } catch(\UnexpectedValueException $e) {
    111             die($e->getMessage());
    112120            throw new Exception($e->getMessage());
    113121        }

  • wp-jwt-auth/trunk/lib/JWT_AUTH_UsersRepo.php

    r1156142 r1168653  
    33class JWT_AUTH_UsersRepo {
    44
    5     public static function getUser($jwt) {
     5    public static function init() {
     6        add_filter( 'wp_jwt_auth_get_user', array( __CLASS__, 'getUser' ),10);
     7    }
     8
     9    public static function getUser($jwt) {
    610        global $wpdb;
    711
     12        if ($jwt instanceof WP_User) return $jwt;
     13
     14        $user_property = esc_sql(JWT_AUTH_Options::get('user_property'));
    815        $jwt_attribute = JWT_AUTH_Options::get('jwt_attribute');
    916
     17        if (trim($user_property) == '' || trim($jwt_attribute) == '') return;
     18
    1019        $id = $jwt->$jwt_attribute;
    11 
    12         $user_property = esc_sql(JWT_AUTH_Options::get('user_property'));
    1320
    1421        $sql = 'SELECT u.*
Note: See TracChangeset for help on using the changeset viewer.