forked from WP-API/Basic-Auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbasic-auth.php
More file actions
68 lines (53 loc) · 2.12 KB
/
basic-auth.php
File metadata and controls
68 lines (53 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler($user) {
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
/**
* Don't authenticate twice if X-WP-FORCE-REAUTH header is not set or if it is false
* This allow you to re-authenticate user which might be required when working with node-wpapi
* (such as in case of allowing user to change his password using REST API)
*/
$forceReauth = (isset($_SERVER['HTTP_X_WP_FORCE_REAUTH']) && $_SERVER['HTTP_X_WP_FORCE_REAUTH']);
if (!empty($user) && !$forceReauth) {
return $user;
}
// Check that we're trying to authenticate
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return $user;
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
remove_filter('determine_current_user', 'json_basic_auth_handler', 10);
$user = wp_authenticate($username, $password);
add_filter('determine_current_user', 'json_basic_auth_handler', 10);
if (is_wp_error($user)) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
return $user->ID;
}
add_filter('determine_current_user', 'json_basic_auth_handler', 10);
function json_basic_auth_error($error) {
// Passthrough other errors
if (!empty($error)) {
return $error;
}
global $wp_json_basic_auth_error;
return $wp_json_basic_auth_error;
}
add_filter('rest_authentication_errors', 'json_basic_auth_error');