Support » Plugin: Password Reset with Code for WordPress REST API » compatibility with jwt auth

  • Resolved joelwolfgang

    (@joelwolfgang)


    I’m trying to use this with the JWT Auth plugin for WordPress, however, when both are installed and active. Your plugin will not send the reset password email. However, deactivating the JWT plugin and your’s will send the email.

    Not sure if it’s related either, but whether both or just your plugin is activated I’m getting a response different from the ones you show in your documentation:

    {
    status: 200,
    statusText: ok,
    ok: true,
    }

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author dominic_ks

    (@dominic_ks)

    Hello,

    Thanks for the report, there’s a few things here.

    The issue you mention with the JWT Auth plugin, assuming you are talking about https://wordpress.org/plugins/jwt-auth/ is related to that plugin.

    You should check out the section of their docs labelled “Whitelisting Endpoints“, as you will need to whitelist the endpoints from this plugin in order for them to work together, so you would need to do something like this:

    
    function whitelist_auth_endpoints( $endpoints ) {
      $endpoints[] = '/wp-json/bdpwr/v1/reset-password';
      $endpoints[] = '/wp-json/bdpwr/v1/set-password';
      $endpoints[] = '/wp-json/bdpwr/v1/validate-code';
      return $endpoints;
    };
    
    add_filter( 'jwt_auth_whitelist' , 'whitelist_auth_endpoints' , 10 , 1 );
    

    As for that response you mentioned above, I don’t recognise that all, it’s not a response that’s being sent directly from this plugin and I couldn’t reproduce that.

    I’ll happily look again if you’re able to give me some extra info about your setup:

    • php version
    • Hosting on Window / Linux?
    • WordPress version
    • Version of this plugin
    • Assuming you’ve tested this by deactivating all plugins and setting default theme? But otherwise, what other plugins and themes are you using?

    Cheers!

    • This reply was modified 10 months, 2 weeks ago by dominic_ks.

    I’ve whitelisted the endpoints still I am facing the same issue with some warnings:

    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Notice</b>: Undefined index: slug in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Notice</b>: Undefined index: slug in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Notice</b>: Undefined index: slug in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Warning</b>: Illegal string offset ‘slug’ in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    <br />
    <b>Notice</b>: Undefined index: slug in <b>/var/www/stage.allforty.com/htdocs/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
    {
    “success”: false,
    “statusCode”: 403,
    “code”: “jwt_auth_no_auth_header”,
    “message”: “Authorization header not found.”,
    “data”: []
    }

    • This reply was modified 10 months, 1 week ago by dammak13.
    Plugin Author dominic_ks

    (@dominic_ks)

    OK, I want to support you with this, but I’m going to need more information from you please.

    Those warnings are all related to WooCommerce, so:

    • What version of WooCommerce are you using?
    • Do you get those warnings anywhere else / with this plugin deactivated?

    This plugin is tested with a number of WooCommerce versions and I can’t reproduce this.

    Can you share your code where you have whitelisted the endpoints for this plugin and also tell me where you have put that code?

    Can you also please provide the other debug info that I requested from @joelwolfgang ?

    • php version
    • Hosting on Window / Linux?
    • WordPress version
    • Version of this plugin
    • Assuming you’ve tested this by deactivating all plugins and setting default theme? But otherwise, what other plugins and themes are you using?

    Cheers!

    Plugin Author dominic_ks

    (@dominic_ks)

    @joelwolfgang @dammak13 have you guys any more to add on this? Happy to look again if you can provide your code samples and debug info, otherwise I’ll look to close this thread as I’ve not seen anything to say those Woo notices are related to this plugin and I believe the whitelisting approach I provided should solve your other issues.

    hi @joelwolfgang, I have same error. Don’t know if you’ve made it yet?

    Plugin Author dominic_ks

    (@dominic_ks)

    Hi @ngominhtrungit, happy to investigate further if you want to provide any info that I’ve requested from the others on this thread…

    Hi @dominic_ks ,
    wordpress ver: 5.5.3
    hosting linux
    php ver: 7.2.34
    plugin ver: 0.0.9

    Plugin Author dominic_ks

    (@dominic_ks)

    OK thanks @ngominhtrungit !!! Will be great to get to the bottom of this.

    Can you also just let me know which issues you are experiencing here as @joelwolfgang initially reported two:

    • Email is not sent when JWT plugin is active
    • When JWT plugin is not active, email is sent but different response object is received

    Also are you able to confirm:

    • If you have tested with all other plugins disabled, i.e. except this plugin and the JWT plugin
    • If you have put the whitelist rules in place for this plugin’s routes?

    Thanks!

    hi @dominic_ks , when I turn off plugin JWT auth, plugin “REST API Password Reset with Code” it work good.
    “mail is not sent when JWT plugin is active”,I add to whilelist in plugin JWT auth, but not it work
    thank

    danojonguitud

    (@danojonguitud)

    Hi, i was having the same issue regarding the JWT Auth plugin and this is what I did to fix the 403 error code. *Note that I haven’t fixed the issue with the email not being send yet.

    To fix the problem with JWT Auth plugin you need to create a plugin with the whitelisting snipet.

    So technically you need to create a folder a name like: JWT Whitelister inside the plugin wordpress folder.

    Create a file called the same as your plugin folder name with .php extension

    add the next code

    <?php
    
    /**
     * The plugin bootstrap file
     *
     * This file is read by WordPress to generate the plugin information in the plugin
     * admin area. This file also includes all of the dependencies used by the plugin,
     * registers the activation and deactivation functions, and defines a function
     * that starts the plugin.
     *
     * @link              swooncreative.ca
     * @since             1.0.0
     * @package           Jwt_Whitelister
     *
     * @wordpress-plugin
     * Plugin Name:       JWT Whitelister
     * Plugin URI:        swooncreative.ca
     * Description:       This is a short description of what the plugin does. It's displayed in the WordPress admin area.
     * Version:           1.0.0
     * Author:            SwoonCreative
     * Author URI:        swooncreative.ca
     * License:           GPL-2.0+
     * License URI:       http://www.gnu.org/licenses/gpl-2.0.txt
     * Text Domain:       jwt-whitelister
     * Domain Path:       /languages
     */
    
    /**
     * @snippet    Whitelisting endpoints from JWT
     */
    function whitelist_auth_endpoints( $endpoints ) {
      $endpoints[] = '/wp-json/bdpwr/v1/reset-password';
      $endpoints[] = '/wp-json/bdpwr/v1/set-password';
      $endpoints[] = '/wp-json/bdpwr/v1/validate-code';
      return $endpoints;
    };
    
    add_filter( 'jwt_auth_whitelist' , 'whitelist_auth_endpoints' , 10 , 1 );
    

    Activate it and give it a try

    if I find a solution for the email not being send I will let you know.

    • This reply was modified 6 months ago by danojonguitud. Reason: Code was edited as a reference of a comment that was providing in this comment thread
    Plugin Author dominic_ks

    (@dominic_ks)

    Hi @danojonguitud,

    Thanks for chipping that in.

    You’re right, you could add this to a new plugin, or you could add it to your theme’s functions.php, or anywhere that’s suitable for your project.

    I would, however, recommend that you take the slightly different approach I originally posted on this page:

    function whitelist_auth_endpoints( $endpoints ) {
      $endpoints[] = '/wp-json/bdpwr/v1/reset-password';
      $endpoints[] = '/wp-json/bdpwr/v1/set-password';
      $endpoints[] = '/wp-json/bdpwr/v1/validate-code';
      return $endpoints;
    };
    
    add_filter( 'jwt_auth_whitelist' , 'whitelist_auth_endpoints' , 10 , 1 );

    Firstly, this covers all of the routes added by this plugin, and secondly, if you return a new array as in your example, you will effectively bin everything that was already in the whitelist, which includes everything under ‘/wp-json/wp/v2/’ and will cause things like the block editor to stop working, as well as any other requests to those routes, like, just fetching blog posts.

    This may be fine in some cases but not others.

    With regards to emails not being sent, I haven’t seen any examples yet where it wasn’t actually just the site wasn’t sending emails generally. I offered an approach here:

    To help verify if this is in fact the case.

    Cheers!

    danojonguitud

    (@danojonguitud)

    Thank you for your assistance and speed @dominic_ks, that is not common in WordPress Forums and i really appreciate that.

    You are very right, I forgot about that the array will be overwritten and that’s not what I want. I will take your approach.

    I decided to use plugin because I actually tried adding the snippet to the functions.php file but with no results.

    I will edit my past comment so is not misleading for future references. Thanks a lot!

    danojonguitud

    (@danojonguitud)

    Btw, I fixed my problem with the email that was just a internal problem with my server SMTP, so please take in mind that someone is facing similar issues.

    Plugin Author dominic_ks

    (@dominic_ks)

    Hi @danojonguitud,

    No problem at all.

    Actually, I said you can use functions.php, but have actually never tried it, and a separate plugin is probably more appropriate since this isn’t theme related functionality.

    Thanks also for confirming the outcome with the email, I don’t believe there are any specific issues with this plugin sending emails so it’s good to hear.

    I’m actually going to close this thread now, it’s been open for a while and I think it already contains the solutions to the issues mentioned.

    I think I’ll add a pinned post about these two though, since they seem to get asked quite a lot!

    Cheers,

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘compatibility with jwt auth’ is closed to new replies.