Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow GET requests to use tokens, if provided #5

Merged

Conversation

jkmassel
Copy link
Collaborator

@jkmassel jkmassel commented Mar 28, 2019

Some GET requests need to use tokens. Consider the following request:

GET /wp-json/wp/v2/posts?post_status=draft

Before:
It'll return an error saying Invalid parameter(s): status

After
It'll correctly return any draft posts

This PR addresses this by treating the presence of a valid Bearer token as an indication that the request should proceed as a logged-in user. If an invalid Bearer token is passed, the request proceeds as if it weren't present. This may be incorrect behaviour – we may wish to always treat the presence of a token, valid or not, as an indication that it's required.

@ocean90
Copy link
Contributor

ocean90 commented Apr 11, 2019

I think a token should be always verified if provided. If the token is invalid the API should bail no matter what the request method was. An example would be a request for GET /wp-json/wp/v2/users/me.

@jkmassel
Copy link
Collaborator Author

Sounds good – I'll update this PR to reflect that behaviour.

@jkmassel
Copy link
Collaborator Author

@ocean90 – this has been updated per your suggestion.

@jkmassel jkmassel force-pushed the fix/privileged-get-requests-not-working branch from d1122b6 to 38ce884 Compare May 9, 2019 17:41
@jkmassel jkmassel force-pushed the fix/privileged-get-requests-not-working branch from 38ce884 to 2e28eb5 Compare May 9, 2019 17:46
@valendesigns valendesigns merged commit 9259df0 into WP-API:develop May 10, 2019
@joemcgill joemcgill mentioned this pull request Nov 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants