Changeset 2811049

Timestamp:

11/03/2022 01:08:13 PM (3 years ago)

Author:

yashyadav247

Message:

release for 2.4.1

Location:

wp-rest-api-authentication

Files:

• tags/2.4.1 (added)
• tags/2.4.1/README.txt (added)
• tags/2.4.1/admin (added)
• tags/2.4.1/admin/class-miniorange-api-authentication-admin.php (added)
• tags/2.4.1/admin/class-miniorange-api-authentication-customer.php (added)
• tags/2.4.1/admin/css (added)
• tags/2.4.1/admin/css/bootstrap (added)
• tags/2.4.1/admin/css/bootstrap/bootstrap.min.css (added)
• tags/2.4.1/admin/css/materialdesignicons.min.css (added)
• tags/2.4.1/admin/css/miniorange-api-authentication-admin.css (added)
• tags/2.4.1/admin/css/miniorange-api-authentication-license.css (added)
• tags/2.4.1/admin/css/tick.png (added)
• tags/2.4.1/admin/images (added)
• tags/2.4.1/admin/images/100.jpg (added)
• tags/2.4.1/admin/images/LearnDash-Logo.png (added)
• tags/2.4.1/admin/images/account.png (added)
• tags/2.4.1/admin/images/api-key.png (added)
• tags/2.4.1/admin/images/api.png (added)
• tags/2.4.1/admin/images/api_integrate.png (added)
• tags/2.4.1/admin/images/apikey-postman.png (added)
• tags/2.4.1/admin/images/apikey.png (added)
• tags/2.4.1/admin/images/authentication.png (added)
• tags/2.4.1/admin/images/basic-auth-postman.png (added)
• tags/2.4.1/admin/images/basic-auth.png (added)
• tags/2.4.1/admin/images/basic-key.png (added)
• tags/2.4.1/admin/images/buddypress.png (added)
• tags/2.4.1/admin/images/cancel.png (added)
• tags/2.4.1/admin/images/carpentry.png (added)
• tags/2.4.1/admin/images/cocart-icon.PNG (added)
• tags/2.4.1/admin/images/configuration.png (added)
• tags/2.4.1/admin/images/controller.png (added)
• tags/2.4.1/admin/images/document.png (added)
• tags/2.4.1/admin/images/edit.png (added)
• tags/2.4.1/admin/images/equalizer.png (added)
• tags/2.4.1/admin/images/faq.png (added)
• tags/2.4.1/admin/images/firebase.png (added)
• tags/2.4.1/admin/images/flags16.png (added)
• tags/2.4.1/admin/images/forgot.png (added)
• tags/2.4.1/admin/images/gatsby.png (added)
• tags/2.4.1/admin/images/gravityform.jpg (added)
• tags/2.4.1/admin/images/guarantee.png (added)
• tags/2.4.1/admin/images/heading.png (added)
• tags/2.4.1/admin/images/hourglass.png (added)
• tags/2.4.1/admin/images/jwt-postman.png (added)
• tags/2.4.1/admin/images/jwt.png (added)
• tags/2.4.1/admin/images/jwt_authentication.png (added)
• tags/2.4.1/admin/images/key.png (added)
• tags/2.4.1/admin/images/know-how.png (added)
• tags/2.4.1/admin/images/learndash.png (added)
• tags/2.4.1/admin/images/less.png (added)
• tags/2.4.1/admin/images/login.png (added)
• tags/2.4.1/admin/images/logo.png (added)
• tags/2.4.1/admin/images/mail.png (added)
• tags/2.4.1/admin/images/miniOrange-full-logo.png (added)
• tags/2.4.1/admin/images/miniorange-eivJzZgs.png (added)
• tags/2.4.1/admin/images/miniorange-logo.png (added)
• tags/2.4.1/admin/images/miniorange.png (added)
• tags/2.4.1/admin/images/mologo.png (added)
• tags/2.4.1/admin/images/more.png (added)
• tags/2.4.1/admin/images/mostpopular.png (added)
• tags/2.4.1/admin/images/mostsecure.png (added)
• tags/2.4.1/admin/images/oauth.png (added)
• tags/2.4.1/admin/images/oauth_2.png (added)
• tags/2.4.1/admin/images/oidc.png (added)
• tags/2.4.1/admin/images/openid-connect.png (added)
• tags/2.4.1/admin/images/postman.png (added)
• tags/2.4.1/admin/images/premium.png (added)
• tags/2.4.1/admin/images/questions.png (added)
• tags/2.4.1/admin/images/remove.png (added)
• tags/2.4.1/admin/images/safe.png (added)
• tags/2.4.1/admin/images/saml.png (added)
• tags/2.4.1/admin/images/sands-of-time.png (added)
• tags/2.4.1/admin/images/secure.png (added)
• tags/2.4.1/admin/images/select-all.png (added)
• tags/2.4.1/admin/images/setting.png (added)
• tags/2.4.1/admin/images/settings.png (added)
• tags/2.4.1/admin/images/shield.png (added)
• tags/2.4.1/admin/images/speed-limit-100.png (added)
• tags/2.4.1/admin/images/statistics.png (added)
• tags/2.4.1/admin/images/success.png (added)
• tags/2.4.1/admin/images/third_party.png (added)
• tags/2.4.1/admin/images/thirdparty.png (added)
• tags/2.4.1/admin/images/tick.png (added)
• tags/2.4.1/admin/images/trial.png (added)
• tags/2.4.1/admin/images/trouble_2.png (added)
• tags/2.4.1/admin/images/universal-key.png (added)
• tags/2.4.1/admin/images/user-authentication.png (added)
• tags/2.4.1/admin/images/user-based-login.png (added)
• tags/2.4.1/admin/images/user-guide.png (added)
• tags/2.4.1/admin/images/user.png (added)
• tags/2.4.1/admin/images/warning.png (added)
• tags/2.4.1/admin/images/woocommerce-circle.png (added)
• tags/2.4.1/admin/images/woocommerce_third_party_intg.png (added)
• tags/2.4.1/admin/images/wordpress-logo.png (added)
• tags/2.4.1/admin/images/write.png (added)
• tags/2.4.1/admin/images/youtube.png (added)
• tags/2.4.1/admin/index.php (added)
• tags/2.4.1/admin/js (added)
• tags/2.4.1/admin/js/phone.js (added)
• tags/2.4.1/admin/partials (added)
• tags/2.4.1/admin/partials/account (added)
• tags/2.4.1/admin/partials/account/class-mo-api-authentication-account.php (added)
• tags/2.4.1/admin/partials/account/login (added)
• tags/2.4.1/admin/partials/account/login/register.php (added)
• tags/2.4.1/admin/partials/account/login/verify-password.php (added)
• tags/2.4.1/admin/partials/advanced (added)
• tags/2.4.1/admin/partials/advanced/class-mo-api-authentication-advancedsettings.php (added)
• tags/2.4.1/admin/partials/advanced/class-mo-api-authentication-protectedrestapis.php (added)
• tags/2.4.1/admin/partials/class-mo-api-authentication-admin-menu.php (added)
• tags/2.4.1/admin/partials/config (added)
• tags/2.4.1/admin/partials/config/class-mo-api-authentication-config.php (added)
• tags/2.4.1/admin/partials/config/images (added)
• tags/2.4.1/admin/partials/config/images/trouble_2.png (added)
• tags/2.4.1/admin/partials/config/output (added)
• tags/2.4.1/admin/partials/config/output/class-mo-api-authentication-basic-oauth-config.php (added)
• tags/2.4.1/admin/partials/config/output/class-mo-api-authentication-jwt-auth-config.php (added)
• tags/2.4.1/admin/partials/config/output/class-mo-api-authentication-oauth-client-config.php (added)
• tags/2.4.1/admin/partials/config/output/class-mo-api-authentication-third-party-provider-config.php (added)
• tags/2.4.1/admin/partials/config/output/class-mo-api-authentication-tokenapi-config.php (added)
• tags/2.4.1/admin/partials/custom-api-integration (added)
• tags/2.4.1/admin/partials/custom-api-integration/class-mo-api-authentication-custom-api-integration.php (added)
• tags/2.4.1/admin/partials/custom-api-integration/class-mo-api-authentication-third-party-integrations.php (added)
• tags/2.4.1/admin/partials/demo (added)
• tags/2.4.1/admin/partials/demo/class-mo-api-authentication-demo.php (added)
• tags/2.4.1/admin/partials/flow (added)
• tags/2.4.1/admin/partials/flow/class-mo-api-authentication-basic-oauth.php (added)
• tags/2.4.1/admin/partials/flow/class-mo-api-authentication-jwt-auth.php (added)
• tags/2.4.1/admin/partials/flow/class-mo-api-authentication-tokenapi.php (added)
• tags/2.4.1/admin/partials/flow/mo-api-authentication-flow.php (added)
• tags/2.4.1/admin/partials/flow/mo-token-api-flow.php (added)
• tags/2.4.1/admin/partials/license (added)
• tags/2.4.1/admin/partials/license/class-mo-api-authentication-license.php (added)
• tags/2.4.1/admin/partials/postman (added)
• tags/2.4.1/admin/partials/postman/class-mo-api-authentication-postman.php (added)
• tags/2.4.1/admin/partials/support (added)
• tags/2.4.1/admin/partials/support/class-mo-api-authentication-faq.php (added)
• tags/2.4.1/admin/partials/support/class-mo-api-authentication-feedback.php (added)
• tags/2.4.1/admin/partials/support/class-mo-api-authentication-support.php (added)
• tags/2.4.1/admin/partials/support/images (added)
• tags/2.4.1/admin/partials/support/images/angry.png (added)
• tags/2.4.1/admin/partials/support/images/happy.png (added)
• tags/2.4.1/admin/partials/support/images/normal.png (added)
• tags/2.4.1/admin/partials/support/images/sad.png (added)
• tags/2.4.1/admin/partials/support/images/smile.png (added)
• tags/2.4.1/css (added)
• tags/2.4.1/css/font-awesome.css (added)
• tags/2.4.1/css/phone.css (added)
• tags/2.4.1/css/style_settings.css (added)
• tags/2.4.1/fonts (added)
• tags/2.4.1/fonts/FontAwesome.otf (added)
• tags/2.4.1/fonts/fontawesome-webfont.eot (added)
• tags/2.4.1/fonts/fontawesome-webfont.svg (added)
• tags/2.4.1/fonts/fontawesome-webfont.ttf (added)
• tags/2.4.1/fonts/fontawesome-webfont.woff (added)
• tags/2.4.1/fonts/fontawesome-webfont.woff2 (added)
• tags/2.4.1/includes (added)
• tags/2.4.1/includes/class-miniorange-api-authentication-activator.php (added)
• tags/2.4.1/includes/class-miniorange-api-authentication-deactivator.php (added)
• tags/2.4.1/includes/class-miniorange-api-authentication-i18n.php (added)
• tags/2.4.1/includes/class-miniorange-api-authentication-loader.php (added)
• tags/2.4.1/includes/class-miniorange-api-authentication.php (added)
• tags/2.4.1/includes/index.php (added)
• tags/2.4.1/index.php (added)
• tags/2.4.1/languages (added)
• tags/2.4.1/languages/miniorange_api_authentication.pot (added)
• tags/2.4.1/miniorange-api-authentication.php (added)
• tags/2.4.1/uninstall.php (added)
• trunk/README.txt (modified) (12 diffs)
• trunk/admin/class-miniorange-api-authentication-admin.php (modified) (3 diffs)
• trunk/admin/css/miniorange-api-authentication-admin.css (modified) (1 diff)
• trunk/admin/partials/advanced/class-mo-api-authentication-protectedrestapis.php (modified) (1 diff)
• trunk/admin/partials/config/output/class-mo-api-authentication-basic-oauth-config.php (modified) (7 diffs)
• trunk/admin/partials/config/output/class-mo-api-authentication-jwt-auth-config.php (modified) (10 diffs)
• trunk/admin/partials/flow/class-mo-api-authentication-basic-oauth.php (modified) (1 diff)
• trunk/admin/partials/flow/mo-api-authentication-flow.php (modified) (3 diffs)
• trunk/admin/partials/flow/mo-token-api-flow.php (modified) (5 diffs)
• trunk/includes/class-miniorange-api-authentication.php (modified) (1 diff)
• trunk/miniorange-api-authentication.php (modified) (2 diffs)

wp-rest-api-authentication/trunk/README.txt

@@ -3 +3 @@
 Tags: api, rest-api, jwt auth, basic auth, jwt, REST, secure api, token, endpoints, json web token, oauth, api key auth
 Requires at least: 3.0.1
-Tested up to: 6.0
-Stable tag: 2.4.0
+Tested up to: 6.1
+Stable tag: 2.4.1
 Requires PHP: 5.6
 License: MIT/Expat
@@ -13 +13 @@
 
 == Description ==
-**Wordpress REST APIs** by default are **loose endpoints** through which a hacker can control your site remotely. You don’t want hackers to give access to your WordPress Login and Wordpress Register or any other endpoints. With our **[WordPress REST API Authentication plugin](https://plugins.miniorange.com/wordpress-rest-api-authentication)**, we promise to have the secure api from unauthorized users and **protects WP REST API endpoints** from public access using [API Key Authentication](https://plugins.miniorange.com/rest-api-key-authentication-method) or [JWT Authentication](https://plugins.miniorange.com/wordpress-rest-api-jwt-authentication-method) or [Basic Authentication](https://plugins.miniorange.com/wordpress-rest-api-basic-authentication-method) or [OAuth 2.0 Authentication](https://plugins.miniorange.com/wordpress-rest-api-oauth-2-0-authentication-method) or third-party OAuth 2.0/OIDC/[Firebase](https://firebase.google.com/docs/auth/admin/create-custom-tokens) provider's token authentication methods. Our plugin is made in a way to make sure that we always have a secure api connection so that data isn’t compromised. JWT Authentication is an industry-approved method to secure communication between 2 parties and we also allow you to use that on your wordpress website.
+**Wordpress REST APIs** by default are **loose endpoints** through which a hacker can control your site remotely. You don’t want hackers to give access to your WordPress Login and Wordpress Register or any other endpoints. With our **[WordPress REST API Authentication plugin](https://plugins.miniorange.com/wordpress-rest-api-authentication)**, we promise to have the secure api from unauthorized users and **protects WP REST API endpoints** from public access using [API Key Authentication](https://plugins.miniorange.com/rest-api-key-authentication-method) or [JWT Authentication](https://plugins.miniorange.com/wordpress-rest-api-jwt-authentication-method) or [Basic Authentication](https://plugins.miniorange.com/wordpress-rest-api-basic-authentication-method) or [OAuth 2.0 Authentication](https://plugins.miniorange.com/wordpress-rest-api-oauth-2-0-authentication-method) or third-party OAuth 2.0/OIDC/[Firebase](https://firebase.google.com/docs/auth/admin/create-custom-tokens) provider's token authentication methods. Our plugin is made in a way to make sure that we always have a secure api connection so that data isn’t compromised. JWT Authentication is an industry approved method to secure communication between 2 parties and we also allow you to use that on your wordpress website.
 It also allows you to access the WordPress REST APIs using the above-mentioned authentication methods from Android / iOS and desktop applications.
 This plugin will make sure that only after the successful authentication, the user is allowed to access your site's resources which adds to our motivation towards secure api. REST API Authentication will make your **WordPress login endpoints secure from unauthorized access.** You can protect api with ease and in a highly secure way using this plugin.
 This plugin also provides features for authentication of custom-developed REST endpoints and third-party plugin REST API endpoints like that of [Woocommerce](https://wordpress.org/plugins/woocommerce/), [Learndash](https://www.learndash.com/), [Buddypress](https://wordpress.org/plugins/buddypress/), [Gravity forms](https://www.gravityforms.com/), [Cocart](https://wordpress.org/plugins/cart-rest-api-for-woocommerce/) etc.
 
-**_You can create the custom routes/REST endpoints in WordPress with another GUI-based plugin [Custom API for WordPress](https://wordpress.org/plugins/custom-api-for-wp/)_**. 
+**_You can create the custom routes/REST endpoints in WordPress with another GUI based plugin [Custom API for WordPress](https://wordpress.org/plugins/custom-api-for-wp/)_**. 
 
 You will be able to securely login into the rest api using the following endpoint:
@@ -35 +35 @@
 * _jwt token (JSON Web tokens) from other Identity Providers (OAuth/OIDC providers)Authenticate/Protect/Secure WordPress REST API endpoints with the access token ._
 * _Securely Login and register into Mobile or other client applications using REST APIs._
-* _Obtain **user-based JWT token** to use as an authentication source to login and register on other platforms._
+* _Obtain **user based JWT token** to use as an authentication source to login and register on other platforms._
 * _Authenticate Woocommerce REST API endpoints by bypassing WooCommerce consumers' credentials security and instead of using their authentication methods to control the data access and thus improving security and removing chances for exposing the WC credentials._
 * _**Authenticate/secure WordPress REST APIs** access using Firebase JWT token, any external JWT token, any OAuth 2.0/OpenID Connect(OIDC) provider access/id-token like Azure AD, Azure B2C, Okta, Keycloak, ADFS, AWS Cognito etc or that provided by Social login providers like Google, Facebook, Apple.
 The plugin provides an interface for applications to interact with your WordPress REST API endpoints by sending and receiving data as JSON (JavaScript Object Notation) objects. Also, It provides a user-friendly user interface of the plugin to configure the methods and implement them very easily. You can easily secure api/protect your WordPress REST API endpoints with ease._
-* _**API Authentication based on HTTP method (GET/POST/PUT/DELETE)** - This feature provides the facility to choose which APIs need to be restricted and which specific HTTP methods. For example - If you want to allow users to access HTTP GET API of wp/v2/users endpoint to view only the users' list and are not able to use the HTTP POST, PUT, or DELETE to modify them via a REST API request._
  
 With our plugin, the user credentials are not stored as cookies but with every API call, user credentials or JWT (JSON Web tokens) or API key are passed so that we have secure api transactions.
@@ -64 +63 @@
 * This plugin supports interaction with Gravity Forms from an external client application which can be your android/iOS application. WP REST API Authentication also allows WordPress users to create, read, update and delete forms, entries, and results over HTTP based on their roles.
 == Learndash API ==
-* This plugin allows you to securely access Learndash user profiles, courses, groups & many more third-party APIs.
+* This plugin allows you to securely access Learndash user profiles, courses, groups & many more third party APIs.
 == Custom Built REST API Endpoints ==
 * The plugin **supports authentication for your own built custom REST API routes/endpoints**. You can secure these API endpoints using the plugin’s highly secured authentication methods.
 == External/Third-party plugin API endpoints integration in WordPress ==
 * These integrations can be used to fetch/update the data from the third-party side into the WordPress that can be used to display it on the WordPress site as well as this data can be processed further to use with any other plugin or WordPress events.
-== Authentication for API access securely in Headless WordPress == 
-* Using this plugin, you can access your WordPress REST API endpoints securely on your Headless WordPress having the front end built via Angular, React, Node JS, Vue etc.
-
-
+ 
 == FEATURES ==
  
@@ -131 +127 @@
     
 = How to enable API access in WooCommerce?
-    You can enable API access in WooCommerce using our WP REST API Authentication plugin. Please reach out to us at api[email protected].
+    You can enable API access in WooCommerce using our WP REST API Authentication plugin. Please reach out to us at oauth[email protected].
 
 = How does the REST API Authentication plugin work? =
@@ -142 +138 @@
     To access the pages/posts stored in the draft, you need to append the ?status=draft to the page/post request.
     For Example:
-    You need to use below URL format while sending a request to access different types of posts
+    You need to use below URL format while sending request to access different type of posts
     1. Access draft posts only
         https://<domain>/wp-json/wp/v2/posts?status=draft
-    2. Access all types of posts
+    2. Access all type of posts
         https://<domain>/wp-json/wp/v2/posts?status=any
-    You just have to change the status(draft, pending, any, publish) as per your requirement. You do not have to pass the status parameter to access Published posts.
+    You just have to change the status(draft, pending, any, publish) as per your requirement. You do not have to pass status parameter to access Published posts.
 
 = How can I authenticate the REST APIs using this plugin? =
@@ -174 +170 @@
     This plugin provides this HTTP POST endpoint `wp-json/api/v1/token` also called as WordPress login API endpoint in which you can pass the user's WordPress credentials and this endpoint will validate the user and returns you with the appropriate response. 
     The plugin also supports the authentication and authorization of WordPress users' register REST API.
-
-= Does this plugin provides accessing API securely in headless WordPress? = 
-    Yes, using this plugin, you can authenticate the WordPress REST API requests made from the front end of the Headless WordPress (Headless WP) built using Angular JS, React JS, Node JS, Vue JS, Flutter etc. 
     
 
@@ -191 +184 @@
 == Changelog ==
 
-= 2.4.0 = 
-* Password validation enhancement for JWT authentication
-* Minor UI fixes
+= 2.4.1 = 
+* WordPress 6.1 compatibility
+* Added the endpoint to check the JWT token for JWT authentication method.
 
 = 2.3.0 = 
@@ -218 +211 @@
 
 = 1.6.7 = 
-* Compatibility with WordPress 5.9
+* Compatiblity with WordPress 5.9
 
 = 1.6.6 = 
@@ -224 +217 @@
 
 = 1.6.5 =
-* WordPress 5.8.2 compatibility
+* WordPress 5.8.2 compatiblity
 * UI Changes
 
@@ -231 +224 @@
 
 = 1.6.3 =
-* WordPress 5.8.1 compatibility
+* WordsPress 5.8.1 compatability
 * Readme Updates 
 
 = 1.6.2 =
-* WordPress 5.8 compatibility
+* WordPress 5.8 compatiblity
 * Bug Fixes
 * Usability Improvements
@@ -304 +297 @@
 * Added UI Changes
 * Updated plugin licensing
-* Added new features
+* Added New features
 * Added compatibility for WP 5.3 & PHP7.4
 * Minor UI & feature fixes

wp-rest-api-authentication/trunk/admin/class-miniorange-api-authentication-admin.php

@@ -232 +232 @@
         self::convergence();
     }
-
-
-    public function mo_api_auth_initialize_api_flow() { 
+    
+    public function register_rest_routes(){
+        register_rest_route('api/v1','token-validate',array('methods' => 'GET',
+                                                            'callback'=> array( $this, 'mo_rest_JWT_validate_token' ),
+                                                            'permission_callback' => '__return_true',
+                                                            ));
+        register_rest_route('api/v1','token',array('methods' => 'POST',
+                                                    'callback'=> array($this,'mo_rest_token_generation_callback'),
+                                                    'permission_callback' => '__return_true'
+                                                    ));
+        
+    }
+
+    public function mo_rest_api() {
+        return apply_filters( 'jwt_auth_alg', 'HS256' );
+    }
+
+    public function  mo_rest_token_generation_callback($request_body){
+                $json=$request_body->get_params();
+                $json=array('username'=>$json['username'],'password'=>$json['password']);
+                mo_api_auth_token_endpoint_flow($json);
+        
+    }
+
+    public function mo_api_auth_initialize_api_flow(){
+                mo_api_auth_restrict_rest_api_for_invalid_users();
+            }
+
+    public function mo_rest_JWT_validate_token( $return_response = true ) {
+        $headerkey = mo_api_auth_getallheaders();
+        $headerkey = array_change_key_case($headerkey, CASE_UPPER);
+        $response  = Mo_API_Authentication_JWT_Auth::mo_api_auth_is_valid_request($headerkey);
+        if($response === true)
+        {
+            $response= ["status"=> "TRUE",
+            "message"=> "VALID_TOKEN",
+            "code"=> "200"];
+                
+                }
+        if($response === false)
+        {
+            
+            $response= ['status' => "error",
+            'error' => 'UNAUTHORIZED',
+            'code'  => '401',
+            'error_description' => 'Incorrect JWT Format.'];
+                
+                }
+         wp_send_json($response);
+    }
+
+
+    public function mo_api_auth_initialize_api_flow_old() { 
         
         if(!empty($_GET['mo_rest_api_test_config'])) {
@@ -250 +300 @@
         
         else{
-            
-            if ( !mo_api_auth_user_has_capability() && (strpos(sanitize_text_field($_SERVER['REQUEST_URI']), 'moserver') === false) ) {
+            if ( !mo_api_auth_user_has_capability()) {
                 if(strpos(sanitize_text_field($_SERVER['REQUEST_URI']), '/api/v1/token') !== false  && get_option( 'mo_api_authentication_selected_authentication_method' ) === 'jwt_auth' ) {
                     $json = file_get_contents('php://input');
                     $json = json_decode( $json, true );
                     if( json_last_error() !== JSON_ERROR_NONE ) {
-                        $json = array_map( 'esc_attr', $_POST );
+                        $json = array_map( 'sanitize_text_field', $_POST );
                     }
                     mo_api_auth_token_endpoint_flow($json);
@@ -266 +315 @@
     }
 
-
-    function regenerate_token() {   
-        if (sanitize_text_field($_SERVER['REQUEST_METHOD']) === 'POST' &&  current_user_can('administrator') ) {
-            $bearer_token = stripslashes( wp_generate_password( 32, false, false ) );
-            update_option( 'mo_api_auth_bearer_token ', $bearer_token );
-            echo esc_attr( $bearer_token );
-            wp_die(); 
-        }
-    }
-
-    function regenerate_client_credentials(){
-        if (sanitize_text_field($_SERVER['REQUEST_METHOD']) === 'POST' &&  current_user_can('administrator') ) {
-            mo_api_authentication_create_client();
-            $response = [
-                'client_id' => get_option( 'mo_api_auth_clientid' ),
-                'client_secret' => get_option( 'mo_api_auth_clientsecret' )
-            ];
-            wp_send_json( $response, 200 );
-        }
-    }
-
     function save_temporary_data(){
         
-        if (sanitize_text_field($_SERVER['REQUEST_METHOD']) === 'POST' &&  current_user_can('administrator') ) {
+        if (sanitize_text_field($_SERVER['REQUEST_METHOD']) === 'POST' &&  current_user_can('administrator') && wp_verify_nonce($_SERVER['nonce'] , 'mo_rest_api_temporal_data_nonce' ) ) {
             if(isset($_POST['auth_method']) && sanitize_text_field($_POST['auth_method']) == 'basic_auth'){
 

wp-rest-api-authentication/trunk/admin/css/miniorange-api-authentication-admin.css

@@ -1108 +1108 @@
 }
 
-
+.mo_oauth_rest_trobleshoot{
+    width: 1.3em;
+    height: 1.3em;
+    display: block; 
+    margin-bottom:-20px;
+}
 
 .mo_test_config_string { color: white;  }

wp-rest-api-authentication/trunk/admin/partials/advanced/class-mo-api-authentication-protectedrestapis.php

@@ -104 +104 @@
 
         public static function checkRouteIsWPStandardOrNot( $route ) {
-
             if (stripos($route, '/wp/v2') === false){
                 return false;

wp-rest-api-authentication/trunk/admin/partials/config/output/class-mo-api-authentication-basic-oauth-config.php

@@ -214 +214 @@
                         <tr>
                             <td>
-                                <br><br><input type='button' onclick="test_config_basic_auth();" value="Test Configuration" class="mo_test_config_button"></button>
+                                <br><br><input type='button' onclick="mo_rest_api_JWTtest_config_basic_auth();" value="Test Configuration" class="mo_test_config_button"></button>
                             </td>
                         </tr>
@@ -225 +225 @@
                     <h4 id='basic_auth_response_text' style='display:none;'><b> Response: </b></h4>
                     <pre id="json_basic_auth" class = 'mo_test_config_response'></pre>
+                    <h4 id='basic_display_text' style='display:none;'><img class="mo_oauth_rest_trobleshoot" src="<?php echo esc_url(dirname( plugin_dir_url( __FILE__ ) ));?>/images/trouble_2.png"><b style="margin-left:25px;"> TroubleShoot </b></h4>
+                    <pre style='padding: 15px 10px 15px 25px;' id="basic_display_troubleshoot" class='mo_test_config_response'>
+                    </pre>
                     <br>    
                     <br>
@@ -244 +247 @@
                     'auth_method' : 'basic_auth',
                     'algo' : 'base64',
-                    'token_type' : localStorage.getItem('mo_api_basic_token_type')
+                    'token_type' : localStorage.getItem('mo_api_basic_token_type'),
+                    'nonce': '<?php echo wp_create_nonce( 'mo_rest_api_temporal_data_nonce' ); ?>'
                 };          
 
@@ -296 +300 @@
             }
 
-            function test_config_basic_auth() {
+            function mo_rest_api_JWTtest_config_basic_auth() {
                 var username = document.getElementById("rest_basic_auth_username").value;
                 var password = document.getElementById("rest_basic_auth_password").value;
@@ -321 +325 @@
                 fetch(endpoint, requestOptions)
                 .then(response => response.text())
-                .then(result => display_basic_auth_data(result))
+                .then(result => mo_rest_api_display_basic_auth_data(result))
                 .catch(error => console.log('error', error));
             }
 
-            function output_basic_auth(inp) {
+            function mo_rest_api_output_basic_auth(inp) {
                 document.getElementById("json_basic_auth").innerHTML = inp;
             }
 
-            function syntaxHighlight_basic_auth(json) {
+            function mo_rest_api_syntaxHighlight_basic_auth(json) {
                 json = json.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                 return json.replace(/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?)/g, function (match) {
@@ -349 +353 @@
             }
 
-            function display_basic_auth_data(result) {
+            function mo_rest_api_display_basic_auth_data(result) {
                 // console.log(result);
                 var data = JSON.parse(result);
                 var json = JSON.stringify(data, undefined, 4);
-                output_basic_auth(syntaxHighlight_basic_auth(json));
+                mo_rest_api_output_basic_auth(mo_rest_api_syntaxHighlight_basic_auth(json));
                 document.getElementById("json_basic_auth").style.display = "block";
                 document.getElementById("basic_auth_request_headers").style.display = "block";
@@ -359 +363 @@
                 document.getElementById("basic_auth_response_text").style.display = "block";
                 document.getElementById("basic_auth_response_text").scrollIntoView({behavior: 'smooth' });
-            }
+                if(data.error)
+                        mo_rest_api_troubleshootPrintBasic(data.error);
+                    else
+                        mo_rest_api_troubleshootHideBasic();
+            }
+            function mo_rest_api_troubleshootHideBasic(){
+                
+                        document.getElementById("basic_display_troubleshoot").style.display = "none";
+                        document.getElementById("basic_display_text").style.display = "none";
+            }
+            function mo_rest_api_troubleshootPrintBasic(err){
+                if(err === "INVALID_PASSWORD")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = `<ul style="list-style: inside;"><li>Check if username and password entered are correct.</li><li>If yes try password without special charachters.</li></ul>`;
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err  === "INVALID_USERNAME")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = '<ul style="list-style: inside;"><li>Check if user with this username exists.</li><li>Check if username entered is correct.</li></ul>';
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "INVALID_CLIENT_CREDENTIALS")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = 'INVALID_CLIENT_CREDENTIALS';
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "MISSING_AUTHORIZATION_HEADER")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = 'MISSING_AUTHORIZATION_HEADER';
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = 'INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE';
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "INVALID_TOKEN_FORMAT")
+                    {
+                        document.getElementById("basic_display_troubleshoot").innerHTML = 'INVALID_TOKEN_FORMAT';
+                        document.getElementById("basic_display_troubleshoot").style.display = "block";
+                        document.getElementById("basic_display_text").style.display = "inline-block";
+                        
+                    }
+
+                        
+                    }
 
         </script>

wp-rest-api-authentication/trunk/admin/partials/config/output/class-mo-api-authentication-jwt-auth-config.php

@@ -144 +144 @@
                         </tr>
                         <tr>
-                            <td><input type='button' value="POST" class='mo_test_config_request_method'>&nbsp;<input type='text' id='rest_token_endpoint' value="<?php echo esc_html(get_rest_url())."api/v1/token"; ?>" readonly class='mo_test_config_input'></td>
-                        </tr>
-                        <tr>
-                            <td>
-                                <br><input type='button' onclick="test_config('token');" value="Fetch Token" class="mo_test_config_button"></button>
+                            <td><input type='button' value="POST" class='mo_test_config_request_method'>&nbsp;<input type='text' id='rest_token_endpoint' value="<?php echo esc_url(get_rest_url()."api/v1/token"); ?>" readonly class='mo_test_config_input'></td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <br><input type='button' onclick="mo_JWT_test_config('token');" value="Fetch Token" class="mo_test_config_button"></button>
                             </td>
                         </tr>
@@ -156 +156 @@
                     <pre id="json_jwt_token" class='mo_test_config_response'>
                     </pre>
+                    <h4 id='jwt_token_troubleshoot_text' style='display:none;'><img class="mo_oauth_rest_trobleshoot" src="<?php echo esc_url(dirname( plugin_dir_url( __FILE__ ) ));?>/images/trouble_2.png"><b style="margin-left:25px;"> TroubleShoot </b></h4>
+                    <pre style='padding: 15px 10px 15px 25px;' id="json_jwt_token_troubleshoot" class='mo_test_config_response'>
+                    
+                    </pre>
+                    
+                    <table width="80%">
+                        <tr>
+                            <td>
+                                <p style='color:#2a2ea9; font-size: 1.1em;'><b>[2] Check if token is valid: </b></p>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <p>Token:</p>
+                                <input type="text" id='rest_token_value' size="28" placeholder="Enter JWT Token"  class='mo_test_config_input'>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <p>Token Validation Endpoint: </p>
+                            </td>
+                        </tr>
+                        <tr>
+                        <td><input type='button' value="GET" class='mo_test_config_request_method'>&nbsp;<input type='text' id='rest_validate_endpoint' value="<?php echo esc_url(get_rest_url()."api/v1/token-validate"); ?>" readonly class='mo_test_config_input'></td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <br><input type='button' onclick="mo_JWT_test_config('validate');" value="Check Token" class="mo_test_config_button"></button>
+                            </td>
+                        </tr>
+                    </table>
+                    <br>    
+                    <h4 id='jwt_token_validate_response_text' style='display:none;'><b> Response: </b></h4>
+                    <pre id="json_jwt_token_validate" class='mo_test_config_response'>
+                    </pre>
+                    <h4 id='jwt_token_validate_text' style='display:none;'><img class="mo_oauth_rest_trobleshoot" src="<?php echo esc_url(dirname( plugin_dir_url( __FILE__ ) ));?>/images/trouble_2.png"><b style="margin-left:25px;"> TroubleShoot </b></h4>
+                    <pre style='padding: 15px 10px 15px 25px;' id="json_jwt_token_validate_troubleshoot" class='mo_test_config_response'>
+                    
+                    </pre>
+
+
                     <table>
                         <tr>
                             <td>
-                                <p style='color: #2a2ea9; font-size: 1.1em;'><b>[2] Access the protected REST APIs by using the jwt_token obtained from above Step[1]: </b></p>
+                                <p style='color: #2a2ea9; font-size: 1.1em;'><b>[3] Access the protected REST APIs by using the jwt_token obtained from above Step[1]: </b></p>
                             </td>
                         </tr>
@@ -179 +220 @@
                         <tr>
                             <td>
-                                <br><input type='button' onclick="test_config('rest');" value="Test Configuration" class="mo_test_config_button" />
+                                <br><input type='button' onclick="mo_JWT_test_config('rest');" value="Test Configuration" class="mo_test_config_button" />
                             </td>
                         </tr>
@@ -190 +231 @@
                     <h4 id='jwt_token_api_response_text' style='display:none;'><b>Response: </b></h4>
                     <pre id="json_jwt" class='mo_test_config_response'>
+                    </pre>
+                    <h4 id='data_display_text' style='display:none;'><img class="mo_oauth_rest_trobleshoot" src="<?php echo esc_url(dirname( plugin_dir_url( __FILE__ ) ));?>/images/trouble_2.png"><b style="margin-left:25px;"> TroubleShoot </b></h4>
+                    <pre style='padding: 15px 10px 15px 25px;' id="data_display_troubleshoot" class='mo_test_config_response'>
+                    
                     </pre>
                     <!-- <div id="json_jwt" style='display:none;'> -->
@@ -203 +248 @@
                 var token_endpoint_obj = document.getElementById('rest_token_endpoint');
                 token_endpoint_obj.style.width = ((token_endpoint_obj.value.length + 1) * 7) + 'px';
+                var token_endpoint_obj = document.getElementById('rest_validate_endpoint');
+                token_endpoint_obj.style.width = ((token_endpoint_obj.value.length + 1) * 7) + 'px';
                 var token_endpoint_obj = document.getElementById('rest_endpoint_jwt_auth');
                 token_endpoint_obj.style.width = ((token_endpoint_obj.value.length + 1) * 7) + 'px';
@@ -227 +274 @@
 
 
-                function test_config(event) {
+                function mo_JWT_test_config(event) {
                     if(event === 'token') {
                         var token_endpoint = document.getElementById("rest_token_endpoint").value;
@@ -247 +294 @@
                         };
 
-                        token_endpoint = token_endpoint + "?mo_rest_api_test_config=jwt_auth"
+                    
 
                         fetch(token_endpoint, requestOptions)
                         .then(response => response.text())
-                        .then(result => display_jwt_data(result))
+                        .then(result => moJWTdisplay_jwt_data(result))
                         .catch(error => console.log('error', error));
                     }
-                    else {
-                        var token = document.getElementById("rest_jwt_token").value;
-                        var endpoint = document.getElementById("rest_endpoint_jwt_auth").value;
+                    else if(event === "validate"){
+                        var validate_endpoint = document.getElementById("rest_validate_endpoint").value;
+                        var token_val = document.getElementById("rest_token_value").value;
+
+                        
 
                         var myHeaders = new Headers();
-
-                        myHeaders.append("Authorization", "Bearer "+token);
-                        document.getElementById("jwt_request_headers_value").textContent = token;
+                        myHeaders.append('Content-Type', 'application/json');
+                        myHeaders.append('Authorization','Bearer '+ token_val);
 
                         var requestOptions = {
@@ -268 +316 @@
                             redirect: 'follow'
                         };
-
-                        endpoint = endpoint + "?mo_rest_api_test_config=jwt_auth"
+                        validate_endpoint=validate_endpoint+ "?mo_rest_api_test_config=jwt_auth";
+
+                        fetch(validate_endpoint, requestOptions)
+                        .then(response => response.text())
+                        .then(result => moJWTdisplay_token_val_data(result))
+                        .catch(error => console.log('error', error));
+
+                    }
+                    else {
+                        var token = document.getElementById("rest_jwt_token").value;
+                        var endpoint = document.getElementById("rest_endpoint_jwt_auth").value;
+
+                        var myHeaders = new Headers();
+
+                        myHeaders.append("Authorization", "Bearer "+token);
+                        document.getElementById("jwt_request_headers_value").textContent = token;
+
+                        var requestOptions = {
+                            method: 'GET',
+                            headers: myHeaders,
+                            redirect: 'follow'
+                        };
+
+                        endpoint = endpoint + "?mo_rest_api_test_config=jwt_auth";
 
                         fetch(endpoint, requestOptions)
                         .then(response => response.text())
-                        .then(result => display_data(result))
+                        .then(result => moJWTdisplay_data(result))
                         .catch(error => console.log('error', error));
                     }
                 }
 
-                function display_jwt_data(result) {
-                    // console.log(result);
+                function moJWTdisplay_jwt_data(result) {
                     var data = JSON.parse(result);
                     var json = JSON.stringify(data, undefined, 4);
-                    output(syntaxHighlight(json), 'token');
+                    moJWToutput(moJWTsyntaxHighlight(json), 'token');
                     document.getElementById("json_jwt_token").style.display = "block";
                     document.getElementById("jwt_token_response_text").style.display = "block";
                     document.getElementById("jwt_token_response_text").scrollIntoView({behavior: 'smooth' });
-                }
-
-                function output(inp, endpoint) {
+                    if(data.error)
+                        moJWTtroubleshootPrintJWT(data.error , 'token');
+                    else
+                        moJWTtroubleshootHideJWT('token');
+                }
+                function moJWTdisplay_token_val_data(result) {
+                    var data = JSON.parse(result);
+                    var json = JSON.stringify(data, undefined, 4);
+                    moJWToutput(moJWTsyntaxHighlight(json), 'validate');
+                    document.getElementById("json_jwt_token_validate").style.display = "block";
+                    document.getElementById("jwt_token_validate_response_text").style.display = "block";
+                    document.getElementById("jwt_token_validate_response_text").scrollIntoView({behavior: 'smooth' });
+                    if(data.error)
+                        moJWTtroubleshootPrintJWT(data.error , 'valid');
+                    else
+                        moJWTtroubleshootHideJWT('valid');
+                }
+                function moJWTtroubleshootHideJWT(place){
+                    if(place === "token"){
+                        document.getElementById("json_jwt_token_troubleshoot").style.display = "none";
+                        document.getElementById("jwt_token_troubleshoot_text").style.display = "none";
+                    }
+                    else if(place === "valid"){
+                        document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "none";
+                        document.getElementById("jwt_token_validate_text").style.display = "none";
+                    }
+                    else{
+                        document.getElementById("data_display_troubleshoot").style.display = "none";
+                        document.getElementById("data_display_text").style.display = "none";
+                    }
+                    
+                    
+                    
+                }
+                function moJWTtroubleshootPrintJWT(err,place){
+                    if(err === "INVALID_CREDENTIALS")
+                    {
+                        document.getElementById("json_jwt_token_troubleshoot").innerHTML = `<ul style="list-style: inside;"><li>Check if username and password entered are correct.</li><li>If yes try password without special charachters.</li></ul>`;
+                        document.getElementById("json_jwt_token_troubleshoot").style.display = "block";
+                        document.getElementById("jwt_token_troubleshoot_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "BAD_REQUEST")
+                    {
+                        document.getElementById("json_jwt_token_troubleshoot").innerHTML = 'Username or Password is missing.';
+                        document.getElementById("json_jwt_token_troubleshoot").style.display = "block";
+                        document.getElementById("jwt_token_troubleshoot_text").style.display = "inline-block";
+                        
+                    }
+                    else if(err === "SEGMENT_FAULT")
+                    {
+                        if(place === "valid"){
+                            document.getElementById("json_jwt_token_validate_troubleshoot").innerHTML = 'JWT token you entered is of invalid format re-enter it properly.';
+                            document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "block";
+                            document.getElementById("jwt_token_validate_text").style.display = "block";
+                            }
+                        else{
+                            document.getElementById("data_display_troubleshoot").innerHTML = 'JWT token you entered is of invalid format re-enter it properly.';
+                            document.getElementById("data_display_troubleshoot").style.display = "block";
+                            document.getElementById("data_display_text").style.display = "block";
+                            }
+                    }
+                    else if(err === "INVALID_PASSWORD")
+                    {
+                        document.getElementById("json_jwt_token_validate_troubleshoot").innerHTML = '';
+                        document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "block";
+                        document.getElementById("jwt_token_validate_text").style.display = "block";
+                        
+                    }
+                    else if(err === "MISSING_AUTHORIZATION_HEADER")
+                    {
+                        
+                        if(place === "valid"){
+                            document.getElementById("json_jwt_token_validate_troubleshoot").innerHTML = 'JWT token field is empty.';
+                            document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "block";
+                            document.getElementById("jwt_token_validate_text").style.display = "block";
+                            
+                        }
+                        else{
+                            document.getElementById("data_display_troubleshoot").innerHTML = 'JWT token field is empty.';
+                            document.getElementById("data_display_troubleshoot").style.display = "block";
+                            document.getElementById("data_display_text").style.display = "block";
+                            
+                        }
+                    }
+                    else if(err === "INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE")
+                    {
+                        if(place === "valid"){
+                            document.getElementById("json_jwt_token_validate_troubleshoot").innerHTML = 'JWT token is missing check the JWT token field.';
+                            document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "block";
+                            document.getElementById("jwt_token_validate_text").style.display = "block";
+                            
+                        }
+                        else{
+                            document.getElementById("data_display_troubleshoot").innerHTML = 'JWT token is missing check the JWT token field.';
+                            document.getElementById("data_display_troubleshoot").style.display = "block";
+                            document.getElementById("data_display_text").style.display = "block";
+                            
+                        }
+                    }
+                    else if(err === "UNAUTHORIZED")
+                    {
+                        if(place === "valid"){
+                            document.getElementById("json_jwt_token_validate_troubleshoot").innerHTML = `<ul style="list-style: inside;"><li>JWT token entered is either expired or is of different authorization flow.</li><li>Regenrate JWT token and copy past it properly.</li></ul>`;
+                            document.getElementById("json_jwt_token_validate_troubleshoot").style.display = "block";
+                            document.getElementById("jwt_token_validate_text").style.display = "block";
+                            
+                        }
+                        else{
+                            document.getElementById("data_display_troubleshoot").innerHTML = `<ul style="list-style: inside;"><li>JWT token entered is either expired or is of different authorization flow.</li><li>Regenrate JWT token and copy past it properly.</li></ul>`;
+                            document.getElementById("data_display_troubleshoot").style.display = "block";
+                            document.getElementById("data_display_text").style.display = "block";
+                            
+                        }
+                    }
+                    
+                    
+                }
+                
+
+                function moJWToutput(inp, endpoint) {
                     // document.body.appendChild(document.createElement('pre')).innerHTML = inp;
                     if( endpoint === 'wp_rest_api') {
                         document.getElementById("json_jwt").innerHTML = inp;
-                    } else {
+                    }
+
+                    else if(endpoint === "token"){
                         document.getElementById("json_jwt_token").innerHTML = inp;
                     }
-                }
-
-                function syntaxHighlight(json) {
+                    else{
+                        document.getElementById("json_jwt_token_validate").innerHTML = inp;
+                    }
+                }
+
+                function moJWTsyntaxHighlight(json) {
                     json = json.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                     return json.replace(/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?)/g, function (match) {
@@ -316 +508 @@
                 }
 
-                function display_data(result) {
-                    // console.log(result);
+                function moJWTdisplay_data(result) {
                     var data = JSON.parse(result);
                     var json = JSON.stringify(data, undefined, 4);
@@ -325 +516 @@
                     document.getElementById("jwt_token_api_response_text").style.display = "block";
                     document.getElementById("jwt_token_api_response_text").scrollIntoView({behavior: 'smooth' });
-                    output(syntaxHighlight(json), 'wp_rest_api');
+                    moJWToutput(moJWTsyntaxHighlight(json), 'wp_rest_api');
+                    if(data.error)
+                        moJWTtroubleshootPrintJWT(data.error , 'wp_rest_api');
+                    else
+                        moJWTtroubleshootHideJWT('wp_rest_api');
                     
                 }

wp-rest-api-authentication/trunk/admin/partials/flow/class-mo-api-authentication-basic-oauth.php

@@ -23 +23 @@
                         $user = get_user_by('login', $uname);
                         if( $user ) {
-                            if(wp_check_password( $pword, $user->user_pass, $user->ID )){
+                            $valid_pass=wp_authenticate_username_password( NULL,$uname, $pword );
+                            if(!is_wp_error($valid_pass)){
                                 wp_set_current_user($user->ID);
                                 return true;

wp-rest-api-authentication/trunk/admin/partials/flow/mo-api-authentication-flow.php

@@ -60 +60 @@
 
             // Save whitelist to the Options table
+            
             update_option('mo_api_authentication_protectedrestapi_route_whitelist', $rest_routes);
             add_settings_error('ProtectedRestAPI_notices', 'settings_updated', 'Whitelist settings saved.', 'updated');
@@ -82 +83 @@
     $all_routes = array_keys( $wp_rest_server->get_routes() );
     $all_routes = array_map('esc_html',$all_routes);
+
+    foreach($all_routes as $key => $value){
+        if($value === "/api/v1/token"){
+            array_splice($all_routes,$key,1);
+        }
+
+    }
+    foreach($all_routes as $key => $value){
+        if($value === "/api/v1/token-validate"){
+            array_splice($all_routes,$key,1);
+        }
+
+    }
+
     update_option( 'mo_api_authentication_protectedrestapi_route_whitelist', $all_routes);
 }
@@ -156 +171 @@
         }
     }
+    
+    $jsonfile=plugin_dir_path(__FILE__);
+    $jsonfile=rtrim($jsonfile,'/');
+    $jsonfile=$jsonfile.'\\mo_temp_json_file.json';
+    file_put_contents($jsonfile, $contents);
+    
     header('Content-Disposition: attachment; filename ='.$filename);
     header('Content-Type: application/json');
     ob_clean();
-    echo esc_html($contents);
+    @readfile($jsonfile);
+    unlink($jsonfile);
     exit();
 }

wp-rest-api-authentication/trunk/admin/partials/flow/mo-token-api-flow.php

@@ -19 +19 @@
 function mo_api_auth_method_get_token($request) {
     if( isset( $request['username'] ) && isset( $request['password'] ) ) {
-        $username   = sanitize_text_field( $request['username'] );
-        $password   = sanitize_text_field( $request['password'] );
+        $username   =$request['username'];
+        $password   = $request['password'] ;
+        
         $client_secret = sanitize_text_field( get_option('mo_api_authentication_jwt_client_secret') );
 
@@ -34 +35 @@
 
         $user = get_user_by('login', $username);
-
         if( $user ) {
             wp_set_current_user($user->ID);
-            $valid_pass = wp_check_password( $password, $user->user_pass, $user->ID );
+            
+            $valid_pass = wp_authenticate_username_password( NULL,$username, $password );
+            
+            if(is_wp_error($valid_pass)){
+                $valid_pass=false;
+            }
+            else{
+                $valid_pass=true;
+            }
         }
 
@@ -126 +134 @@
 {       
 
-        if(is_user_logged_in() && empty(sanitize_text_field($_GET['mo_rest_api_test_config']))){
+        if( is_user_logged_in() && empty( isset($_GET['mo_rest_api_test_config']) ? sanitize_text_field($_GET['mo_rest_api_test_config']) : ""  ) ){
             return true;
         }
@@ -144 +152 @@
     $headers = array_change_key_case($headers, CASE_UPPER);
     
-    if (stripos(explode('?', sanitize_text_field($_SERVER['REQUEST_URI']), 2)[0], '/wp/v2') === false ){
+    if (stripos(explode('?', sanitize_text_field($_SERVER['REQUEST_URI']), 2)[0], '/wp/v2') === false){
         if(get_option('mo_rest_api_protect_migrate')){
             $response = array(
@@ -174 +182 @@
         }
     }
+
+
 
     return $response;

wp-rest-api-authentication/trunk/includes/class-miniorange-api-authentication.php

@@ -159 +159 @@
         $this->loader->add_action( 'admin_menu', $plugin_admin, 'mo_api_authentication_config_settings');
         $this->loader->add_action( 'admin_menu', $plugin_admin, 'mo_api_auth_admin_menu' );
+        $this->loader->add_action( 'rest_api_init', $plugin_admin, 'register_rest_routes' );
         $this->loader->add_action( 'rest_api_init', $plugin_admin, 'mo_api_auth_initialize_api_flow' );
-        $this->loader->add_action( 'wp_ajax_regenerate_token', $plugin_admin, 'regenerate_token' );
-        $this->loader->add_action( 'wp_ajax_regenerate_client_credentials', $plugin_admin, 'regenerate_client_credentials' );
         $this->loader->add_action( 'wp_ajax_save_temporary_data', $plugin_admin, 'save_temporary_data' );
     }

wp-rest-api-authentication/trunk/miniorange-api-authentication.php

@@ -4 +4 @@
  * Plugin URI:        wp-rest-api-authentication
  * Description:       WordPress REST API Authentication secures rest API access for unauthorized users using OAuth 2.0, Basic Auth, JWT, API Key. Also reduces potential attack factors to the respective site.
- * Version:           2.4.0
+ * Version:           2.3.1
  * Author:            miniOrange
  * Author URI:        https://www.miniorange.com
@@ -21 +21 @@
  * Rename this for your plugin and update it as you release new versions.
  */
-define( 'MINIORANGE_API_AUTHENTICATION_VERSION', '2.4.0' );
+define( 'MINIORANGE_API_AUTHENTICATION_VERSION', '2.3.0' );
 // require_once plugin_dir_path( __FILE__ ) . 'admin/partials/support/class-mo-api-authentication-feedback.php';