search

usefulteam / jwt-auth

WordPress JSON Web Token Authentication
https://wordpress.org/plugins/jwt-auth/
122 stars 48 forks source link

Plugin breaks Gutenberg post creation after activation #3

Closed tomhrtly closed 4 years ago

tomhrtly commented 4 years ago

Expected Behaviour

A new post in Gutenberg should be created as it does without the plugin being activated.

Actual Behaviour

When clicking on "Publish" in Gutenberg, the post says that it has been published but it has not as it does not appear in the database nor on the posts listing page in the dashboard.

This happens even if I whitelist this URL: /wp-json/wp/v2/posts

Steps to Reproduce the Problem

  1. Install and activate the plugin.
  2. Attempt to publish a new post in Gutenberg.
  3. See that the post is not asserted in the database or the posts listing page.

Additional Information

When activating the plugin, all REST API endpoints are protected even if they are public by default, such as this URL: /wp-json/wp/v2/posts, would it be possible to add configuration so that only routes that need authentication require it by JWT?

contactjavas commented 4 years ago

Hi @tomhrtly , you need to whitelist /wp-json/wp/v2/* endpoint. Or do you think it should be whitelisted by default?

tomhrtly commented 4 years ago

@contactjavas Thanks for the quick response, I've tried whitelisting that endpoint but it doesn't work. I personally think all native WP endpoints that do not require authentication should be whitelisted out of the box.

Maybe offering a choice for developers would be the best way forward?

contactjavas commented 4 years ago

Hi @tomhrtly , it's whitelisted by default in v1.4.0. Please update your plugin. Thanks for your suggestion! :)

tomhrtly commented 4 years ago

@contactjavas I've updated the plugin to v1.4.0 but the issue has not been fixed, can you create a post in Gutenberg in your testing environment? My permalink structure is "Month and name".

I'm still receiving the following error when accessing the wp-json/wp/v2/posts endpoint:

{
    "success": false,
    "statusCode": 403,
    "code": "jwt_auth_no_auth_header",
    "message": "Authorization header not found.",
    "data": []
}
contactjavas commented 4 years ago

Hi @tomhrtly , thanks again for reporting. Yea ofcourse it didn't work. I made mistake when adding it to the default whitelist.

I've tested it this time :) Could you please update to v1.4.1 to see if it works there?

Thanks! Bagus