forked from WP-API/Basic-Auth
/
basic-auth.php
66 lines (52 loc) · 1.74 KB
/
basic-auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler( $request ) {
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
// Check that we're trying to authenticate
if ( !isset( $_SERVER['PHP_AUTH_USER'] ) ) {
return $request;
}
$username = $_SERVER['PHP_AUTH_USER'];
$is_email = strpos($username, '@');
if($is_email){
$ud = get_user_by_email( $username );
$username = $ud->user_login;
}
$password = $_SERVER['PHP_AUTH_PW'];
$user = wp_authenticate($username, $password );
if( $user ) {
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user->user_login );
}
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
if ( is_wp_error( $user ) ) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
return null;
}
add_filter( 'rest_pre_dispatch', 'json_basic_auth_handler', 80 );
function json_basic_auth_error( $error ) {
// Passthrough other errors
if ( ! empty( $error ) ) {
return $error;
}
global $wp_json_basic_auth_error;
return $wp_json_basic_auth_error;
}
add_filter( 'json_basic_auth_error', 'json_basic_auth_error' );