Skip to content

Release v0.5.0 #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Apr 15, 2022
Merged

Release v0.5.0 #153

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6f4c18a
Fix the filter code snippet
henrikwirth Aug 27, 2020
f86c679
Fix incorrect error message on invalid secret
markspolakovs Feb 26, 2021
1addb37
Added the action graphql_jwt_auth_before_authenticate and the filter …
clopez-logica May 9, 2021
ce631f3
Set a 400+ status when throwing WP_Errors
pcraciunoiu Jul 14, 2021
d81b24d
Link to issue w comment
pcraciunoiu Jul 14, 2021
3bf4572
Allow multiple iss domains
fjobeir Oct 6, 2021
413c09d
Merge pull request #137 from UpliftAgency/jwt-wperror-400-status
jasonbahl Apr 15, 2022
4412c3f
Merge branch 'develop' into develop
jasonbahl Apr 15, 2022
89d897c
Merge pull request #141 from fjobeir/develop
jasonbahl Apr 15, 2022
38ed240
Merge pull request #135 from spiralni/develop
jasonbahl Apr 15, 2022
e09174b
Merge pull request #126 from markspolakovs/patch-1
jasonbahl Apr 15, 2022
2736333
- updating composer dependencies
jasonbahl Apr 15, 2022
f451835
- update config
jasonbahl Apr 15, 2022
44f7e1d
- update firebase/php-jwt to v6.1.0
jasonbahl Apr 15, 2022
3db9287
- update version for release
jasonbahl Apr 15, 2022
51ca240
Merge commit '7905ab9e3658e6e79be510070b9e7aaf26d47009' into release/…
jasonbahl Apr 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Link to issue w comment
  • Loading branch information
@pcraciunoiu
pcraciunoiu authored Jul 14, 2021
commit d81b24d66461f7f58799f94f90ac5b1001b1d4f8
6 changes: 6 additions & 0 deletions src/Auth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ protected static function get_signed_token( $user, $cap_check = true ) {
* Only allow the currently signed in user access to a JWT token
*/
if ( true === $cap_check && get_current_user_id() !== $user->ID || 0 === $user->ID ) {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status(400);
return new \WP_Error( 'graphql-jwt-no-permissions', __( 'Only the user requesting a token can get a token issued for them', 'wp-graphql-jwt-authentication' ) );
}
Expand Down Expand Up @@ -455,6 +456,7 @@ public static function revoke_user_secret( $user_id ) {
return true;

} else {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status(401);
return new \WP_Error( 'graphql-jwt-auth-cannot-revoke-secret', __( 'The JWT Auth Secret cannot be revoked for this user', 'wp-graphql-jwt-authentication' ) );

Expand Down Expand Up @@ -495,6 +497,7 @@ public static function unrevoke_user_secret( int $user_id ) {
return true;

} else {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status(401);
return new \WP_Error( 'graphql-jwt-auth-cannot-unrevoke-secret', __( 'The JWT Auth Secret cannot be unrevoked for this user', 'wp-graphql-jwt-authentication' ) );

Expand Down Expand Up @@ -556,6 +559,7 @@ public static function validate_token( $token = null, $refresh = false ) {
* If there's no secret key, throw an error as there needs to be a secret key for Auth to work properly
*/
if ( ! self::get_secret_key() ) {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status( 403 );
return new \WP_Error( 'invalid-secret-key', __( 'JWT is not configured properly', 'wp-graphql-jwt-authentication' ) );
}
Expand Down Expand Up @@ -596,6 +600,7 @@ public static function validate_token( $token = null, $refresh = false ) {
* So far so good, validate the user id in the token
*/
if ( ! isset( $token->data->user->id ) ) {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status(401);
return new \WP_Error( 'invalid-jwt', __( 'User ID not found in the token', 'wp-graphql-jwt-authentication' ) );
}
Expand All @@ -606,6 +611,7 @@ public static function validate_token( $token = null, $refresh = false ) {
if ( isset( $token->data->user->user_secret ) ) {

if ( Auth::is_jwt_secret_revoked( $token->data->user->id ) ) {
// See https://github.com/wp-graphql/wp-graphql-jwt-authentication/issues/111
self::set_status(401);
return new \WP_Error( 'invalid-jwt', __( 'The User Secret does not match or has been revoked for this user', 'wp-graphql-jwt-authentication' ) );
}
Expand Down