Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve REST authentication method when registering fields #7341

Merged
merged 3 commits into from
Aug 28, 2024
Merged

Improve REST authentication method when registering fields #7341

merged 3 commits into from
Aug 28, 2024

Conversation

JoryHogeveen
Copy link
Member

Instead of checking if the user is logged in it also checks if the user a basic auth for applications is used.

Description

Fixes #7340

@sc0ttkclark I'm not 100% sure this will be the best method. You could also already set the current WP user so WP core doesn't revalidate using the same method. I'll leave this up to your judgement.

Testing instructions

See #7340

Try the same with this patch and see it now works!

PR checklist

@JoryHogeveen JoryHogeveen added Type: Bug Component: REST API Issues related to the Pods REST API endpoints or integration with existing WP REST API endpoints labels Aug 22, 2024
@JoryHogeveen JoryHogeveen added this to the Pods 3.2.7 milestone Aug 22, 2024
@JoryHogeveen JoryHogeveen self-assigned this Aug 22, 2024
@what-the-diff What The Diff
Copy link

what-the-diff bot commented Aug 22, 2024
edited
Loading

PR Summary

  • Introduction of a New Validation Method
    A new method, is_rest_authenticated(), has been included in the PodsRESTFields class. This will help in verifying if a user or an application is properly logged in.

  • Method Replacement for Enhanced Security
    The method field_allowed_to_extend in the PodsRESTFields class, previously using is_user_logged_in(), will now utilize is_rest_authenticated(). This change ensures a more secure and accurate validation process.

  • Enhancement in Test Cleanup
    An update to the PodsRESTFieldsTest class has been made. After each test, the tearDown method will now invoke pods_static_cache_clear(). This helps in maintaining a clean slate for subsequent tests, improving the accuracy and reliability of the results.

@JoryHogeveen JoryHogeveen added Status: PR > Pending Code Review PR is pending code review by core developers Status: PR > QA pass QA passed labels Aug 22, 2024
@sc0ttkclark sc0ttkclark changed the base branch from main to release/3.2.7 August 28, 2024 19:36
sc0ttkclark
sc0ttkclark previously approved these changes Aug 28, 2024
View reviewed changes
JoryHogeveen and others added 3 commits August 28, 2024 14:37
@JoryHogeveen @sc0ttkclark
Improve REST authentication method
44e1cb0 
Instead of checking if the user is logged in it also checks if the user a basic auth for applications is used.

Signed-off-by: Jory Hogeveen <[email protected]>
@JoryHogeveen @sc0ttkclark
Fix phpcs
c7d542d 
Signed-off-by: Jory Hogeveen <[email protected]>
@sc0ttkclark
Use static cache so the REST user authenticated can be test-friendly
5d26a32
@sc0ttkclark sc0ttkclark force-pushed the feature/7340-rest-application-auth branch from 3724b20 to 5d26a32 Compare August 28, 2024 19:43
@sc0ttkclark sc0ttkclark merged commit 3a5cf0a into release/3.2.7 Aug 28, 2024
13 checks passed
@sc0ttkclark sc0ttkclark deleted the feature/7340-rest-application-auth branch August 28, 2024 19:47
@sc0ttkclark sc0ttkclark mentioned this pull request Aug 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sc0ttkclark sc0ttkclark sc0ttkclark approved these changes

Assignees

@JoryHogeveen JoryHogeveen

Labels
Component: REST API Issues related to the Pods REST API endpoints or integration with existing WP REST API endpoints Status: PR > Pending Code Review PR is pending code review by core developers Status: PR > QA pass QA passed Type: Bug
Projects
Pods Core - Maintenance
Status: Done
Milestone
Pods 3.2.7
Development

Successfully merging this pull request may close these issues.

Using REST API with application passwords not working with Pods fields (unless public)
2 participants
@JoryHogeveen @sc0ttkclark