WordPress.org
Get WordPress

Plugin Directory

Changeset 3423676


Ignore:
Timestamp:
12/19/2025 12:57:39 PM (3 months ago)
Author:
bigshiptech
Message:
  • Fixed issue where API authentication token was unintentionally invalidated during WooCommerce key revocation.
  • Ensured user context is preserved when regenerating keys after revocation.
  • No changes to existing API contracts or permissions.
Location:
bigship-rest-api/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • bigship-rest-api/trunk/Bigship-admin-rest-api.php

    r3423652 r3423676  
    157157    }
    158158
    159     // ✅ RESTORED ORIGINAL LOGIC
    160159    if ($existing && !$force_regenerate) {
    161160        return new WP_REST_Response([
     
    169168    }
    170169
    171     // Regeneration: delete old key if exists
    172170    if ($force_regenerate && $existing) {
    173171        // phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     
    177175            ['%d']
    178176        );
    179         // phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     177        // phpcs:enable
    180178    }
    181179
     
    195193        ]
    196194    );
    197     // phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     195    // phpcs:enable
    198196
    199197    $key_id = $wpdb->insert_id;
     
    229227        ['%d']
    230228    );
    231     // phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     229    // phpcs:enable
    232230
    233231    wp_cache_delete('bigship_wc_keys_' . $user_id);
     
    235233    delete_user_meta($user_id, 'bigship_consumer_secret');
    236234    delete_user_meta($user_id, 'bigship_key_id');
    237     delete_user_meta($user_id, 'bigshiprestapi_api_token');
     235    // ✅ DO NOT delete bigshiprestapi_api_token here
    238236
    239237    return new WP_REST_Response([
     
    244242}
    245243
    246 // Flush rewrites
    247244register_activation_hook(__FILE__, 'flush_rewrite_rules');
    248245register_deactivation_hook(__FILE__, 'flush_rewrite_rules');

  • bigship-rest-api/trunk/readme.txt

    r3423652 r3423676  
    55Tested up to: 6.9
    66Requires PHP: 7.4
    7 Stable tag: 1.0.5
     7Stable tag: 1.0.6
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    2727
    2828== Changelog ==
     29
     30= 1.0.6 =
     31* Fixed issue where API authentication token was unintentionally invalidated during WooCommerce key revocation.
     32* Ensured user context is preserved when regenerating keys after revocation.
     33* No changes to existing API contracts or permissions.
    2934
    3035= 1.0.5 =
Note: See TracChangeset for help on using the changeset viewer.