Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using REST API with application passwords not working with Pods fields (unless public) #7340

Closed
JoryHogeveen opened this issue Aug 22, 2024 · 4 comments · Fixed by #7341
Closed

Using REST API with application passwords not working with Pods fields (unless public) #7340

JoryHogeveen opened this issue Aug 22, 2024 · 4 comments · Fixed by #7341
Assignees
@sc0ttkclark @JoryHogeveen
Labels
Component: REST API Issues related to the Pods REST API endpoints or integration with existing WP REST API endpoints Type: Bug
Milestone
Pods 3.2.7

Comments

@JoryHogeveen
Copy link
Member

JoryHogeveen commented Aug 22, 2024
edited
Loading

Description

When you enable REST API but set the fields are "private" (requires authentication) they will not show when using application passwords.

After testing I've found that during REST initialization (when Pods registers it's fields) the function is_user_logged_in() does not work for application passwords.
Only in the get_callback of a field will the application password user be authenticated. However, at that point the fields is already disabled.

Version

3.2.6

Testing Instructions

See description and it should be clear!
Add a field, enable REST API but only accessible for logged in users, test a call using an application password through (for example) Postman.

Screenshots / Screencast

No response

Possible Workaround

Non that I've found, other than enabling the fields publicly.

Site Health Information

No response

Pods Package

No response
@JoryHogeveen JoryHogeveen added Type: Bug Component: REST API Issues related to the Pods REST API endpoints or integration with existing WP REST API endpoints labels Aug 22, 2024
@JoryHogeveen
Copy link
Member Author

@sc0ttkclark Even weirder. This access management is only available for Read mode, not Write. Even if you set a field as access-only for reading, writing is still allowed ??

I think this access feature should be done in the get and update handlers, nog during registering these fields. During registering the only option you have is to validate the user cookie, which is not REST related.

@sc0ttkclark sc0ttkclark added this to the Pods 3.2.7 milestone Aug 22, 2024
@sc0ttkclark
Copy link
Member

Write isn't restricted because the person already has access to write to the whole object. This was designed as a way to restrict read but leave WP role/caps auth for the writes.

@JoryHogeveen
Copy link
Member Author

Check, I'm almost done done with a patch for you to review.

@JoryHogeveen JoryHogeveen mentioned this issue Aug 22, 2024
Merged
3 tasks
@sc0ttkclark
Copy link
Member

Fixed via #7341

@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Pods Core - Maintenance Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sc0ttkclark sc0ttkclark

@JoryHogeveen JoryHogeveen

Labels
Component: REST API Issues related to the Pods REST API endpoints or integration with existing WP REST API endpoints Type: Bug
Projects
Pods Core - Maintenance
Status: Done
Milestone
Pods 3.2.7
Development

Successfully merging a pull request may close this issue.

Improve REST authentication method when registering fields pods-framework/pods
2 participants
@sc0ttkclark @JoryHogeveen