diff --git a/Changelog.md b/Changelog.md index 6c6a309..ad49cca 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,6 +2,8 @@ ## Unreleased +- Fix revoked token validation when middleware enabled [#110](https://github.com/nicumicle/simple-jwt-login/issues/110) + ## 3.5.5 ( 04 May 2024) - Update README - Refactor Protect Endpoints diff --git a/download/simple-jwt-login.zip b/download/simple-jwt-login.zip index e50a753..d486700 100644 Binary files a/download/simple-jwt-login.zip and b/download/simple-jwt-login.zip differ diff --git a/simple-jwt-login/src/Services/RouteService.php b/simple-jwt-login/src/Services/RouteService.php index 83f54b8..4ff4b71 100644 --- a/simple-jwt-login/src/Services/RouteService.php +++ b/simple-jwt-login/src/Services/RouteService.php @@ -129,6 +129,11 @@ public function getUserFromJwt($jwt) ); } + $this->validateJwtRevoked( + $this->wordPressData->getUserProperty($user, 'ID'), + $this->jwt + ); + return $user; } } diff --git a/tests/Feature/AccessEndpoints/RevokedJWTTest.php b/tests/Feature/AccessEndpoints/RevokedJWTTest.php index 14236d8..1749d10 100644 --- a/tests/Feature/AccessEndpoints/RevokedJWTTest.php +++ b/tests/Feature/AccessEndpoints/RevokedJWTTest.php @@ -46,6 +46,19 @@ public static function setUpBeforeClass(): void // Reset password 'allow_reset_password' => true, 'reset_password_jwt' => true, + // API Middleware + "api_middleware" => [ + "enabled" => true, + ], + // Protect endpoints + "protect_endpoints" => [ + "enabled" => 1, + "action" => 2, + "protect" => [ + "/wp/v2/users", + ], + "whitelist" => [], + ], ]); } @@ -57,27 +70,35 @@ public static function endpointsProvider() return [ 'autologin' => [ 'method' => 'GET', - 'endpoint' => '/autologin', + 'endpoint' => '/simple-jwt-login/v1/autologin', ], 'delete_user' => [ 'method' => 'DELETE', - 'endpoint' => '/users', + 'endpoint' => '/simple-jwt-login/v1/users', ], 'change_password' => [ 'method' => 'PUT', - 'endpoint' => '/user/reset_password&new_password=123', + 'endpoint' => '/simple-jwt-login/v1/user/reset_password&new_password=123', ], 'auth_refresh' => [ 'method' => 'POST', - 'endpoint' => '/auth/refresh', + 'endpoint' => '/simple-jwt-login/v1/auth/refresh', ], 'auth_validate' => [ 'method' => 'POST', - 'endpoint' => '/auth/validate', + 'endpoint' => '/simple-jwt-login/v1/auth/validate', ], 'auth_validate_get' => [ 'method' => 'GET', - 'endpoint' => '/auth/validate', + 'endpoint' => '/simple-jwt-login/v1/auth/validate', + ], + 'get_posts' => [ + 'method' => 'GET', + 'endpoint' => '/wp/v2/posts', + ], + 'get_protected_endpoint_wp_users' => [ + 'method' => 'GET', + 'endpoint' => '/wp/v2/users', ], ]; } @@ -127,7 +148,10 @@ public function testRevokedJWT($method, $endpoint) [ 'body' => json_encode([ 'jwt' => $jwt, - ]) + ]), + 'headers' => [ + 'Content-type' => 'application/json', + ] ] ); $contents = $revokeResp->getBody()->getContents(); @@ -137,13 +161,16 @@ public function testRevokedJWT($method, $endpoint) $response = $this->client->request( $method, - self::API_URL . "/?rest_route=/simple-jwt-login/v1" . $endpoint, + self::API_URL . "/?rest_route=" . $endpoint, [ 'body' => json_encode([ 'jwt' => $jwt, 'email' => $email, 'password' => $password, ]), + 'headers' => [ + 'Content-type' => 'application/json', + ] ] );