Whitelisting isn't implemented at all?

[rw3iss]

Hello,

We're using this plugin (v1.2.6), and it mentions in the documentation of adding a whitelist filter:

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) { return array(...); });

However, I've implemented this, and after looking into why it wasn't working, it seems that this filter isn't called anywhere whatsoever in the plugin code, nor is the word 'whitelist' mentioned anywhere in the code. So is this not implemented within the plugin at all, or are we to use it differently or manually ourselves?

I tried moving the filter definition around to the beginning of the initialization code, as the documentation suggests, but it still doesn't seem to do anything.

I had to implemented my own whitelisting logic in the class-jwt-auth-public.php determine_current_user function.

Anyway, if anyone else needs this functionality, can implement it like this:

Add to class-jwt-auth-public.php, around line 215 before the call to $this->validate_token(false);

// Apply custom filter logic for whitelisted URI's
 if (apply_filters('check_whitelisted_request', $_SERVER['REQUEST_URI'])) {
    return $user;
}

Then in your own code, implement this filter, for example:

add_filter('check_whitelisted_request', array($this, 'is_whitelisted_request'), 10, 1);

function get_whitelist_endpoints() {
    return array(
        // plans are public
        '/wp-json/plans'
    );
}

function is_whitelisted_request($uri) {
    $whitelisted_urls = $this->get_whitelist_endpoints();
    foreach($whitelisted_urls as $url) {
        if (strpos($uri, $url) >= 0) {
            return true;
        }
    }
    return false;
}

[ThienTranDuy]

That's great!

But what happens if the plugin updates a new version? Is your code lost?