Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions inc/jwt/class-jwt-auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ private function includes() {
require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/version1/class-lp-rest-course-category-v1-controller.php';
require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/version1/class-lp-rest-sections-v1-controller.php';
require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/version1/class-lp-rest-section-items-v1-controller.php';
require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/version1/class-lp-rest-checkout-v1-controller.php';

require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/lp-rest-function.php';
require_once LP_PLUGIN_PATH . 'inc/jwt/rest-api/class-rest-api.php';
Expand Down
36 changes: 23 additions & 13 deletions inc/jwt/includes/class-jwt-public.php
Original file line number Diff line number Diff line change
Expand Up @@ -217,34 +217,44 @@ public function generate_token( WP_REST_Request $request ) {
* @return (int|bool)
*/
public function determine_current_user( $user_id ) {
$rest_prefix = trailingslashit( rest_get_url_prefix() );
$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
$valid_api_uri = strpos( $request_uri, $rest_prefix . $this->name . '/' );
if ( ! empty( $user_id ) ) {
return $user_id;
}

$rest_prefix = trailingslashit( rest_get_url_prefix() );
$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) );

/**
* Only check when rest url has wp-json/learnpress/.
* Only process REST requests.
*/
if ( ! empty( $user_id ) || $valid_api_uri === false ) {
if ( strpos( $request_uri, $rest_prefix ) === false ) {
return $user_id;
}

/*
* if the request URI is for validate the token don't do anything,
* this avoid double calls to the validate_token function.
* Skip the token endpoint itself to avoid double validation.
*/
$validate_token = strpos( $request_uri, '/token' );

/** All course is public so donot need token */
$is_rest_courses = strpos( $request_uri, '/courses' ) || strpos( $request_uri, '/reset-password' ) || strpos( $request_uri, '/course_category' ) || strpos( $request_uri, '/sections/' ) || strpos( $request_uri, '/section-items/' ) || strpos( $request_uri, '/users' );
if ( strpos( $request_uri, $rest_prefix . $this->namespace . '/token' ) !== false ) {
return $user_id;
}

if ( $validate_token > 0 ) {
/*
* No Authorization header → let other auth methods (cookie, app passwords) handle it.
*/
$has_auth = ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) || ! empty( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] );
if ( ! $has_auth ) {
return $user_id;
}

/** Public LP endpoints that should not surface auth errors. */
$is_public_lp = (bool) ( strpos( $request_uri, '/courses' ) || strpos( $request_uri, '/reset-password' ) || strpos( $request_uri, '/course_category' ) || strpos( $request_uri, '/sections/' ) || strpos( $request_uri, '/section-items/' ) || strpos( $request_uri, '/users' ) );

$is_lp_api = strpos( $request_uri, $rest_prefix . $this->name . '/' ) !== false;

$token = $this->validate_token( false );

if ( is_wp_error( $token ) ) {
if ( ! $is_rest_courses ) {
if ( $is_lp_api && ! $is_public_lp ) {
$this->jwt_error = $token;
}

Expand Down
1 change: 1 addition & 0 deletions inc/jwt/rest-api/class-rest-api.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ protected function get_v1_controllers() {
'course_category' => 'LP_Jwt_Course_Category_V1_Controller',
'sections' => 'LP_Jwt_Sections_V1_Controller',
'section-items' => 'LP_Jwt_Section_Items_V1_Controller',
'checkout' => 'LP_Jwt_Checkout_V1_Controller',
);
}

Expand Down
Loading
Loading