From a3cc27372126d9156f58b0c48b63f8420ee91913 Mon Sep 17 00:00:00 2001 From: sergeymitr Date: Thu, 26 Sep 2024 16:52:35 -0400 Subject: [PATCH] Improve REST authentication. --- .../jetpack/class.json-api-endpoints.php | 23 +++++++++++++------ ...lass.jetpack-json-api-plugins-endpoint.php | 1 + 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/projects/plugins/jetpack/class.json-api-endpoints.php b/projects/plugins/jetpack/class.json-api-endpoints.php index 9414c208c8610..73de4e2609bd0 100644 --- a/projects/plugins/jetpack/class.json-api-endpoints.php +++ b/projects/plugins/jetpack/class.json-api-endpoints.php @@ -2645,10 +2645,9 @@ public function get_amp_cache_origins( $siteurl ) { * @throws Exception The exception if something goes wrong. */ public function create_rest_route_for_endpoint() { - $version_prefix = $this->max_version ? 'v' . $this->max_version : ''; register_rest_route( static::REST_NAMESPACE, - $version_prefix . $this->rest_route, + $this->build_rest_route(), array( 'methods' => $this->method, 'callback' => array( $this, 'rest_callback' ), @@ -2689,12 +2688,17 @@ final public function rest_permission_callback() { } $user_id = Rest_Authentication::init()->wp_rest_authenticate( false ); - if ( $user_id ) { - wp_set_current_user( $user_id ); - } - if ( ( $this->allow_fallback_to_jetpack_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || Rest_Authentication::is_signed_with_user_token() ) { - return $this->rest_permission_callback_custom(); + $allow_blog_token = $this->allow_fallback_to_jetpack_blog_token || $this->allow_jetpack_site_auth; + + if ( ( $allow_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || ( $user_id && Rest_Authentication::is_signed_with_user_token() ) ) { + $success = $this->rest_permission_callback_custom(); + + if ( $success && $user_id ) { + wp_set_current_user( $user_id ); + } + + return $success; } $message = esc_html__( @@ -2713,6 +2717,11 @@ public function rest_permission_callback_custom() { return true; } + public function build_rest_route() { + $version_prefix = $this->max_version ? 'v' . $this->max_version : ''; + return $version_prefix . $this->rest_route; + } + /** * Return endpoint response * diff --git a/projects/plugins/jetpack/json-endpoints/jetpack/class.jetpack-json-api-plugins-endpoint.php b/projects/plugins/jetpack/json-endpoints/jetpack/class.jetpack-json-api-plugins-endpoint.php index 668066d6889d1..c7d8efeb0af57 100644 --- a/projects/plugins/jetpack/json-endpoints/jetpack/class.jetpack-json-api-plugins-endpoint.php +++ b/projects/plugins/jetpack/json-endpoints/jetpack/class.jetpack-json-api-plugins-endpoint.php @@ -99,6 +99,7 @@ abstract class Jetpack_JSON_API_Plugins_Endpoint extends Jetpack_JSON_API_Endpoi * @return array */ protected function result() { + $plugins = $this->get_plugins(); if ( ! $this->bulk && ! empty( $plugins ) ) {