Fixed bug in requiring authentication for endpoints that accessed spe…

…cific items
RichCodesign · Feb 14, 2017 · 48b2659 · 48b2659
1 parent 18505aa
commit 48b2659
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 16 deletions.
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -17,14 +17,20 @@ engines:
     checks:
       Controversial/CamelCaseClassName:
         enabled: false
-      Controversial/CamelCasePropertyName:
+      Controversial/CamelCaseParameterName:
         enabled: false
       Controversial/CamelCaseVariableName:
         enabled: false
-      Controversial/CamelCaseFunctionName:
+      Controversial/CamelCaseMethodName:
+        enabled: false
+      Controversial/CamelCasePropertyName:
         enabled: false
       CleanCode/ElseExpression:
         enabled: false
+      CleanCode/StaticAccess:
+        enabled: false
+      Naming/ShortVariable:
+        enabled: false
 ratings:
   paths:
   - "**.css"

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 **Donate link:** https://petenelson.io/  
 **Requires at least:** 4.4  
 **Tested up to:** 4.7  
-**Stable tag:** 1.4.1  
+**Stable tag:** 1.4.2  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -49,6 +49,9 @@ Have any questions?  We can answer them here?
 
 ## Changelog ##
 
+### 1.4.2 February 13th, 2017 ###
+* Fixed bug in requiring authentication for endpoints that accessed specific items (ex: /wp/v2/users/1)
+
 ### 1.4.1 January 16th, 2017 ###
 * Added settings support for No Custom Post Types
 * Fixed undefined variable notice (props @funkolector)

diff --git a/includes/class-rest-api-toolbox-common.php b/includes/class-rest-api-toolbox-common.php
@@ -268,19 +268,45 @@ static public function endpoint_requires_authentication_filter( $result, $rest_s
 			// Combine the list.
 			$settings = array_merge( $core_settings, $cpt_settings );
 
-			$key = 'require-authentication|' . $route;
-
 			// See if this route is configured to require authentication and
 			// if there is a current user logged in.
-			if ( ! empty( $settings ) && isset( $settings[ $key ] ) && '1' === $settings[ $key ] && ! is_user_logged_in() ) {
-
-				// Return a WP_Error is authentication is required but there
-				// is no current user logged in.
-				$result = new WP_Error(
-					'rest_cannot_view',
-					sprintf( __( 'The REST API route %s requires authentication on this site.', 'rest-api-toolbox' ), $route ),
-					array( 'status' => 401 )
-				);
+			if ( ! empty( $settings ) && is_array( $settings ) && ! is_user_logged_in() ) {
+
+				$require_auth = false;
+				$require_auth_start = 'require-authentication|';
+
+				// Loop through each setting and see if the route matches.
+				foreach ( $settings as $key => $enabled ) {
+					if ( '1' === $enabled && 0 === stripos( $key, $require_auth_start ) ) {
+
+						// Strip off the start to find the route.
+						$key = str_replace( $require_auth_start, '', $key );
+
+						// See if we have an exact match (ex: /wp/v2/users)
+						if ( $route === $key ) {
+							$require_auth = true;
+						} else {
+
+							// Check it against a regex for things like
+							// /wp/v2/users/1
+							$regex = '^' . str_replace( '/', '\/', $key ) . '\/.+$';
+
+							if ( 1 === preg_match( '/' . $regex . '/', $route ) ) {
+								$require_auth = true;
+							}
+						}
+					}
+
+					// Return a WP_Error is authentication is required but there
+					// is no current user logged in.
+					if ( $require_auth ) {
+						return new WP_Error(
+							'rest_cannot_view',
+							sprintf( __( 'The REST API route %s requires authentication on this site.', 'rest-api-toolbox' ), $route ),
+							array( 'status' => 401 )
+						);
+					}
+				}
 			}
 
 			return $result;

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Tags: rest api, rest, wp rest api, json api
 Donate link: https://petenelson.io/
 Requires at least: 4.4
 Tested up to: 4.7
-Stable tag: 1.4.1
+Stable tag: 1.4.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -41,6 +41,9 @@ Have any questions?  We can answer them here?
 
 == Changelog ==
 
+= 1.4.2 February 13th, 2017 =
+* Fixed bug in requiring authentication for endpoints that accessed specific items (ex: /wp/v2/users/1)
+
 = 1.4.1 January 16th, 2017 =
 * Added settings support for No Custom Post Types
 * Fixed undefined variable notice (props @funkolector)

diff --git a/rest-api-toolbox.php b/rest-api-toolbox.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Plugin Name: REST API Toolbox
- * Version: 1.4.1
+ * Version: 1.4.2
  * Description: Allows easy tweaks of several REST API settings
  * Author: Pete Nelson
  * Author URI: https://github.com/petenelson/wp-rest-api-toolbox