Skip to content

Commit 3e62781

Browse files
jasonbahljasonbahl
committed
Code review feedback. Thanks @CodeProKid 
1 parent 42e8bd4 commit 3e62781

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

src/Auth.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ protected static function get_signed_token( \WP_User $user, $cap_check = true )
129129
/**
130130
* Only allow the currently signed in user access to a JWT token
131131
*/
132-
if ( true === $cap_check && wp_get_current_user()->ID !== $user->ID || 0 === $user->ID ) {
132+
if ( true === $cap_check && get_current_user_id() !== $user->ID || 0 === $user->ID ) {
133133
return new \WP_Error( 'graphql-jwt-no-permissions', __( 'Only the user requesting a token can get a token issued for them', 'wp-graphql-jwt-authentication' ) );
134134
}
135135

@@ -213,10 +213,10 @@ public static function get_user_jwt_secret( $user_id ) {
213213
$capability = apply_filters( 'graphql_jwt_auth_edit_users_capability', 'edit_users', $user_id );
214214

215215
/**
216-
* If the request is not from the current_user and the current_user doesn't have the proper capabilities, don't return the secret
216+
* If the request is not from the current_user or the current_user doesn't have the proper capabilities, don't return the secret
217217
*/
218-
$is_current_user = ( $user_id === wp_get_current_user()->ID ) ? true : false;
219-
if ( ! $is_current_user && ! current_user_can( $capability ) ) {
218+
$is_current_user = ( $user_id === get_current_user_id() ) ? true : false;
219+
if ( ! $is_current_user || ! current_user_can( $capability ) ) {
220220
return new \WP_Error( 'graphql-jwt-improper-capabilities', __( 'The JWT Auth secret for this user cannot be returned', 'wp-graphql-jwt-authentication' ) );
221221
}
222222

@@ -422,7 +422,7 @@ public static function revoke_user_secret( int $user_id ) {
422422
0 !== get_user_by( 'id', $user_id )->ID &&
423423
(
424424
current_user_can( $capability ) ||
425-
$user_id === wp_get_current_user()->ID
425+
$user_id === get_current_user_id()
426426
)
427427
) {
428428

@@ -625,10 +625,10 @@ public static function get_refresh_header() {
625625
/**
626626
* Check to see if the incoming request has a "Refresh-Authorization" header
627627
*/
628-
$refresh_header = isset( $_SERVER['HTTP_REFRESH_AUTHORIZATION'] ) ? $_SERVER['HTTP_REFRESH_AUTHORIZATION'] : false;
628+
$refresh_header = isset( $_SERVER['HTTP_REFRESH_AUTHORIZATION'] ) ? sanitize_text_field( $_SERVER['HTTP_REFRESH_AUTHORIZATION'] ) : false;
629629

630630
return apply_filters( 'graphql_jwt_auth_get_refresh_header', $refresh_header );
631631

632632
}
633633

634-
}
634+
}

0 commit comments

Comments
 (0)