Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow write access to WP API by authorizing with WOO API #19730

Closed
6 of 7 tasks
steffanhalv opened this issue Apr 16, 2018 · 3 comments
Closed
6 of 7 tasks

Allow write access to WP API by authorizing with WOO API #19730

steffanhalv opened this issue Apr 16, 2018 · 3 comments
Labels
status: won't fix The issue won’t be fixed.

Comments

@steffanhalv
Copy link

steffanhalv commented Apr 16, 2018
edited

Prerequisites

  • I have searched for similar issues in both open and closed tickets and cannot find a duplicate
  • The issue still exists against the latest master branch of WooCommerce on Github (this is not the same version as on WordPress.org!)
  • I have attempted to find the simplest possible steps to reproduce the issue
  • I have included a failing test as a pull request (Optional)

Steps to reproduce the issue

  1. Upload files using wp-json/wp/v2/media endpoint with woo api oauth authorization

Please note, this is not a problem with cookie authentication (oauth only)

Expected/actual behavior

Expected:
Still be authorized as when using woo rest api

Actual:
"Sorry, you are not allowed to create posts as this user."

Additional notes:
The user which requested credentials for woo api does also have permission to do wp admin stuff. (is main admin)

Wp auth should be able to inherit from woo auth, so you dont need an additional plugin to handle auth for doing stuff outside of woo, like JWT Plugin.

F.ex media uploading is a heavily used feature also for woocommerce users.

Isolating the problem

  • This bug happens with only WooCommerce plugin active
  • This bug happens with a default WordPress theme active, or Storefront
  • I can reproduce this bug consistently using the steps above

WordPress Environment

``` Copy and paste the system status report from **WooCommerce > System Status** in WordPress admin here. ```
@mikejolley
Copy link
Member

We don't plan on supporting this, thats out of the scope of the WooCommerce API.

  1. It would open up other endpoints previously out of scope for the API and thus could cause security issues
  2. There are other auth plugins which can be used for both
  3. When/if WordPress implements a new auth system (key based) we'll remove our custom one.

I'd say if there is an endpoint lacking in WC core API, make the case for it to be included on https://github.com/woocommerce/wc-api-dev/issues - maybe images is something we can support since you can set an image via API. Not sure how that would look however.

cc @claudiosanches

@mikejolley mikejolley added status: won't fix The issue won’t be fixed. Ideas labels Apr 17, 2018
@steffanhalv steffanhalv mentioned this issue Apr 17, 2018
Closed
@steffanhalv
Copy link
Author

Ty, posted suggestion here:

woocommerce/wc-api-dev#105

@claudiosanches
Copy link
Contributor

I don't think that is necessary including a clone of the WP media endpoint just to work with the same authentication like WooCommerce... If you are fetching data from WP core endpoints you should install a plugin for authentication and use the same authentication for all WP endpoints, even for WooCommerce.
We have an authentication method for now just to follow our legacy REST API, but we have plans to remove it as soon as WordPress implement something.

@mikejolley mikejolley removed the Ideas label May 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: won't fix The issue won’t be fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikejolley @claudiosanches @steffanhalv