Skip to content

Commit

Permalink
Improve REST authentication.
Browse files Browse the repository at this point in the history
  • Loading branch information
sergeymitr committed Sep 26, 2024
1 parent 549e826 commit a3cc273
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
23 changes: 16 additions & 7 deletions projects/plugins/jetpack/class.json-api-endpoints.php
Original file line number Diff line number Diff line change
Expand Up @@ -2645,10 +2645,9 @@ public function get_amp_cache_origins( $siteurl ) {
* @throws Exception The exception if something goes wrong.
*/
public function create_rest_route_for_endpoint() {
$version_prefix = $this->max_version ? 'v' . $this->max_version : '';
register_rest_route(
static::REST_NAMESPACE,
$version_prefix . $this->rest_route,
$this->build_rest_route(),
array(
'methods' => $this->method,
'callback' => array( $this, 'rest_callback' ),
Expand Down Expand Up @@ -2689,12 +2688,17 @@ final public function rest_permission_callback() {
}

$user_id = Rest_Authentication::init()->wp_rest_authenticate( false );
if ( $user_id ) {
wp_set_current_user( $user_id );
}

if ( ( $this->allow_fallback_to_jetpack_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || Rest_Authentication::is_signed_with_user_token() ) {
return $this->rest_permission_callback_custom();
$allow_blog_token = $this->allow_fallback_to_jetpack_blog_token || $this->allow_jetpack_site_auth;

if ( ( $allow_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || ( $user_id && Rest_Authentication::is_signed_with_user_token() ) ) {
$success = $this->rest_permission_callback_custom();

if ( $success && $user_id ) {
wp_set_current_user( $user_id );
}

return $success;

Check failure on line 2701 in projects/plugins/jetpack/class.json-api-endpoints.php

View workflow job for this annotation

GitHub Actions / Static analysis

TypeError PhanTypeMismatchReturnNullable Returning $success of type ?''|?'0'|?0|?0.0|?\WP_Error|?array{}|?bool but rest_permission_callback() is declared to return \WP_Error|true (expected returned value to be non-nullable)
}

$message = esc_html__(
Expand All @@ -2713,6 +2717,11 @@ public function rest_permission_callback_custom() {
return true;
}

public function build_rest_route() {

Check failure on line 2720 in projects/plugins/jetpack/class.json-api-endpoints.php

View workflow job for this annotation

GitHub Actions / PHP Code Sniffer (changes to excluded files only)

Missing doc comment for function build_rest_route() (Squiz.Commenting.FunctionComment.Missing)
$version_prefix = $this->max_version ? 'v' . $this->max_version : '';
return $version_prefix . $this->rest_route;
}

/**
* Return endpoint response
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ abstract class Jetpack_JSON_API_Plugins_Endpoint extends Jetpack_JSON_API_Endpoi
* @return array
*/
protected function result() {

$plugins = $this->get_plugins();

if ( ! $this->bulk && ! empty( $plugins ) ) {
Expand Down

0 comments on commit a3cc273

Please sign in to comment.