Skip to content

Commit

Permalink
Merge pull request #5 from alleyinteractive/fix/add_permission_callbacks
Browse files Browse the repository at this point in the history
Add permission callbacks to REST API endpoints
  • Loading branch information
Joe McGill authored Nov 10, 2020
2 parents 5ca835e + afac56e commit 02414d5
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 23 deletions.
33 changes: 18 additions & 15 deletions wp-includes/rest-api/auth/class-wp-rest-key-pair.php
Original file line number Diff line number Diff line change
Expand Up @@ -92,33 +92,35 @@ public static function get_rest_uri() {
*/
public function register_routes() {
$args = array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'generate_key_pair' ),
'args' => array(
'name' => array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'generate_key_pair' ),
'permission_callback' => '__return_true',
'args' => array(
'name' => array(
'description' => esc_html__( 'The name of the key-pair.', 'jwt-auth' ),
'type' => 'string',
'required' => true,
'sanitize_callback' => 'sanitize_text_field',
'validate_callback' => 'rest_validate_request_arg',
),
'user_id' => array(
'user_id' => array(
'description' => esc_html__( 'The ID of the user.', 'jwt-auth' ),
'type' => 'integer',
'required' => true,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
),
),
'schema' => array( $this, 'get_item_schema' ),
'schema' => array( $this, 'get_item_schema' ),
);
register_rest_route( self::_NAMESPACE_, '/' . self::_REST_BASE_ . '/(?P<user_id>[\d]+)', $args );

$args = array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_all_key_pairs' ),
'args' => array(
'user_id' => array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_all_key_pairs' ),
'permission_callback' => '__return_true',
'args' => array(
'user_id' => array(
'description' => esc_html__( 'The ID of the user.', 'jwt-auth' ),
'type' => 'integer',
'required' => true,
Expand All @@ -130,17 +132,18 @@ public function register_routes() {
register_rest_route( self::_NAMESPACE_, '/' . self::_REST_BASE_ . '/(?P<user_id>[\d]+)/revoke-all', $args );

$args = array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_key_pair' ),
'args' => array(
'user_id' => array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_key_pair' ),
'permission_callback' => '__return_true',
'args' => array(
'user_id' => array(
'description' => esc_html__( 'The ID of the user.', 'jwt-auth' ),
'type' => 'integer',
'required' => true,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
),
'api_key' => array(
'api_key' => array(
'description' => esc_html__( 'The API key being revoked.', 'jwt-auth' ),
'type' => 'string',
'required' => true,
Expand Down
18 changes: 10 additions & 8 deletions wp-includes/rest-api/auth/class-wp-rest-token.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,29 +98,31 @@ public static function get_rest_uri() {
*/
public function register_routes() {
$args = array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'validate' ),
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'validate' ),
'permission_callback' => '__return_true'
);
register_rest_route( self::_NAMESPACE_, '/' . self::_REST_BASE_ . '/validate', $args );

$args = array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'generate_token' ),
'args' => array(
'api_key' => array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'generate_token' ),
'permission_callback' => '__return_true',
'args' => array(
'api_key' => array(
'description' => __( 'The API key of the user; requires also setting the api_secret.', 'jwt-auth' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'validate_callback' => 'rest_validate_request_arg',
),
'api_secret' => array(
'api_secret' => array(
'description' => __( 'The API secret of the user; requires also setting the api_key.', 'jwt-auth' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'validate_callback' => 'rest_validate_request_arg',
),
),
'schema' => array( $this, 'get_item_schema' ),
'schema' => array( $this, 'get_item_schema' ),
);
register_rest_route( self::_NAMESPACE_, '/' . self::_REST_BASE_, $args );
}
Expand Down

0 comments on commit 02414d5

Please sign in to comment.