Merge pull request #22 from alleyinteractive/feature/jwt-logged-in

Ignore JWT authentication for the REST API if the user is already authenticated
alleyinteractive · Mar 20, 2024 · a29840f · a29840f
2 parents b037f7b + 4c34858
commit a29840f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to `wp-rest-guard` will be documented in this file.
 
+## v1.3.1 - 2024-03-18
+
+- Ignore JWT authentication for the REST API if the user is already authenticated.
+
 ## v1.3.0 - 2024-02-27
 
 - Allow the claims to be added to a generated JWT via filter.

diff --git a/plugin.php b/plugin.php
@@ -71,7 +71,7 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques
 		return false;
 	}
 
-	if ( class_exists( JWT::class ) ) {
+	if ( class_exists( JWT::class ) && ! is_user_logged_in() ) {
 		/**
 		 * Check if the anonymous request requires a JSON Web Token (JWT).
 		 *

diff --git a/tests/RestApiGuardTest.php b/tests/RestApiGuardTest.php
@@ -122,7 +122,8 @@ public function test_prevent_anonymous_access_settings() {
 	}
 
 	public function test_check_options_requests() {
-		$this->expectApplied( 'rest_api_guard_check_options_requests' )->times( 3 );
+		$this->assertNotAuthenticated();
+		$this->expectApplied( 'rest_api_guard_check_options_requests' )->times( 8 );
 
 		// Check the default settings.
 		update_option(