Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/03/2024 06:19:06 PM (5 months ago)
Author:
espellcaste
Message:

A user is no longer de-authenticated when making REST API requests.

We are introducing a new BP_LoggedIn_User class to fetch data about a BuddyPress logged-in user. This new addition fixes an issue where a user could be de-authenticated when making REST API requests.

Props dcavins, DJPaul, johnjamesjacoby, and imath.

Closes https://github.com/buddypress/buddypress/pull/395
See #9229 and #9145
Fixes #7658

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/testcases/groups/test-group-membership-controller.php

    r14026 r14070  
    5555        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    5656
    57         $this->bp::set_current_user( $u1 );
     57        wp_set_current_user( $u1 );
    5858
    5959        $request  = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . $g1 . '/members' );
     
    8484        $u2 = static::factory()->user->create();
    8585
    86         $this->bp::set_current_user( $u1 );
     86        wp_set_current_user( $u1 );
    8787
    8888        $g1 = $this->bp::factory()->group->create(
     
    164164        $this->populate_group_with_members( array( $u1, $u2, $u3, $u4, $u5, $u6 ), $g1 );
    165165
    166         $this->bp::set_current_user( $u1 );
     166        wp_set_current_user( $u1 );
    167167
    168168        $request = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . $g1 . '/members' );
     
    207207        $member_object->promote( 'admin' );
    208208
    209         $this->bp::set_current_user( $u1 );
     209        wp_set_current_user( $u1 );
    210210
    211211        add_filter( 'bp_rest_group_members_get_items_query_args', array( $this, 'group_members_query_args' ) );
     
    243243        $member_object->promote( 'admin' );
    244244
    245         $this->bp::set_current_user( $u1 );
     245        wp_set_current_user( $u1 );
    246246
    247247        add_filter( 'bp_rest_group_members_get_items_query_args', array( $this, 'group_members_query_args' ) );
     
    285285        $g = $this->bp::factory()->group->create();
    286286
    287         $this->bp::set_current_user( $u );
     287        wp_set_current_user( $u );
    288288
    289289        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $g . '/members' );
     
    305305        $u = static::factory()->user->create( array( 'role' => 'administrator' ) );
    306306
    307         $this->bp::set_current_user( $this->user );
     307        wp_set_current_user( $this->user );
    308308
    309309        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $this->group_id . '/members' );
     
    333333        $u = static::factory()->user->create();
    334334
    335         $this->bp::set_current_user( $u );
     335        wp_set_current_user( $u );
    336336
    337337        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $this->group_id . '/members' );
     
    365365        );
    366366
    367         $this->bp::set_current_user( $u );
     367        wp_set_current_user( $u );
    368368
    369369        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $g1 . '/members' );
     
    387387        );
    388388
    389         $this->bp::set_current_user( $u );
     389        wp_set_current_user( $u );
    390390
    391391        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $g1 . '/members' );
     
    408408        $u2 = static::factory()->user->create();
    409409
    410         $this->bp::set_current_user( $u1 );
     410        wp_set_current_user( $u1 );
    411411
    412412        $request = new WP_REST_Request( 'POST', $this->endpoint_url . '/' . $this->group_id . '/members' );
     
    433433        $this->populate_group_with_members( array( $u ), $this->group_id );
    434434
    435         $this->bp::set_current_user( $this->user );
     435        wp_set_current_user( $this->user );
    436436
    437437        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $this->group_id . '/members/' . $u );
     
    468468        $member_object->promote( 'mod' );
    469469
    470         $this->bp::set_current_user( $u1 );
     470        wp_set_current_user( $u1 );
    471471
    472472        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u3 );
     
    496496        $member_object->promote( 'mod' );
    497497
    498         $this->bp::set_current_user( $u1 );
     498        wp_set_current_user( $u1 );
    499499
    500500        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u4 );
     
    523523        $member_object->promote( 'admin' );
    524524
    525         $this->bp::set_current_user( $u2 );
     525        wp_set_current_user( $u2 );
    526526
    527527        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    555555        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    556556
    557         $this->bp::set_current_user( $u2 );
     557        wp_set_current_user( $u2 );
    558558
    559559        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u4 );
     
    583583        $this->assertTrue( (bool) $member_object->is_banned );
    584584
    585         $this->bp::set_current_user( $this->user );
     585        wp_set_current_user( $this->user );
    586586
    587587        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    614614        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    615615
    616         $this->bp::set_current_user( $this->user );
     616        wp_set_current_user( $this->user );
    617617
    618618        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u4 );
     
    655655        $this->assertTrue( (bool) $member_object->is_banned );
    656656
    657         $this->bp::set_current_user( $u2 );
     657        wp_set_current_user( $u2 );
    658658
    659659        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    695695        $this->assertTrue( (bool) $member_object->is_banned );
    696696
    697         $this->bp::set_current_user( $u2 );
     697        wp_set_current_user( $u2 );
    698698
    699699        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    714714        $this->populate_group_with_members( array( $u ), $this->group_id );
    715715
    716         $this->bp::set_current_user( $this->user );
     716        wp_set_current_user( $this->user );
    717717
    718718        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $this->group_id . '/members/' . $u );
     
    749749        $this->populate_group_with_members( array( $u1 ), $g1 );
    750750
    751         $this->bp::set_current_user( $u2 );
     751        wp_set_current_user( $u2 );
    752752
    753753        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    785785        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    786786
    787         $this->bp::set_current_user( $u3 );
     787        wp_set_current_user( $u3 );
    788788
    789789        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    813813        $this->bp::add_user_to_group( $u2, $g1, array( 'is_mod' => true ) );
    814814
    815         $this->bp::set_current_user( $u2 );
     815        wp_set_current_user( $u2 );
    816816
    817817        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    839839        $this->bp::add_user_to_group( $u1, $g1, array( 'is_mod' => true ) );
    840840
    841         $this->bp::set_current_user( $u1 );
     841        wp_set_current_user( $u1 );
    842842
    843843        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    874874
    875875        // Site admin.
    876         $this->bp::set_current_user( $this->user );
     876        wp_set_current_user( $this->user );
    877877
    878878        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    908908
    909909        // Site admin.
    910         $this->bp::set_current_user( $this->user );
     910        wp_set_current_user( $this->user );
    911911
    912912        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    932932
    933933        // Site admin.
    934         $this->bp::set_current_user( $this->user );
     934        wp_set_current_user( $this->user );
    935935
    936936        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $this->user );
     
    966966
    967967        // Site admin.
    968         $this->bp::set_current_user( $this->user );
     968        wp_set_current_user( $this->user );
    969969
    970970        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    10061006
    10071007        // Site admin.
    1008         $this->bp::set_current_user( $this->user );
     1008        wp_set_current_user( $this->user );
    10091009
    10101010        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    10461046
    10471047        // Site admin.
    1048         $this->bp::set_current_user( $this->user );
     1048        wp_set_current_user( $this->user );
    10491049
    10501050        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    10721072        $group_member->promote( 'admin' );
    10731073
    1074         $this->bp::set_current_user( $u3 );
     1074        wp_set_current_user( $u3 );
    10751075
    10761076        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    11091109        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    11101110
    1111         $this->bp::set_current_user( $u2 );
     1111        wp_set_current_user( $u2 );
    11121112
    11131113        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    11321132        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    11331133
    1134         $this->bp::set_current_user( $u2 );
     1134        wp_set_current_user( $u2 );
    11351135
    11361136        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    11551155        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    11561156
    1157         $this->bp::set_current_user( $u3 );
     1157        wp_set_current_user( $u3 );
    11581158
    11591159        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    11781178        $this->populate_group_with_members( array( $u1, $u3 ), $g1 );
    11791179
    1180         $this->bp::set_current_user( $u3 );
     1180        wp_set_current_user( $u3 );
    11811181
    11821182        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . $g1 . '/members/' . $u3 );
     
    11951195        $u = static::factory()->user->create();
    11961196
    1197         $this->bp::set_current_user( $this->user );
     1197        wp_set_current_user( $this->user );
    11981198
    11991199        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/members/' . $u );
     
    12371237        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    12381238
    1239         $this->bp::set_current_user( $this->user );
     1239        wp_set_current_user( $this->user );
    12401240
    12411241        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    12701270        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    12711271
    1272         $this->bp::set_current_user( $u1 );
     1272        wp_set_current_user( $u1 );
    12731273
    12741274        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    13041304        $group_member->ban();
    13051305
    1306         $this->bp::set_current_user( $u1 );
     1306        wp_set_current_user( $u1 );
    13071307
    13081308        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    13291329        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    13301330
    1331         $this->bp::set_current_user( $u1 );
     1331        wp_set_current_user( $u1 );
    13321332
    13331333        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    13541354        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    13551355
    1356         $this->bp::set_current_user( $u3 );
     1356        wp_set_current_user( $u3 );
    13571357
    13581358        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    13891389        $group_member->promote( 'admin' );
    13901390
    1391         $this->bp::set_current_user( $u2 );
     1391        wp_set_current_user( $u2 );
    13921392
    13931393        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    14191419        $this->populate_group_with_members( array( $u1 ), $g1 );
    14201420
    1421         $this->bp::set_current_user( $u2 );
     1421        wp_set_current_user( $u2 );
    14221422
    14231423        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u2 );
     
    14471447        $group_member->promote( 'admin' );
    14481448
    1449         $this->bp::set_current_user( $u3 );
     1449        wp_set_current_user( $u3 );
    14501450
    14511451        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    14781478        $this->populate_group_with_members( array( $u2, $u3 ), $g1 );
    14791479
    1480         $this->bp::set_current_user( $this->user );
     1480        wp_set_current_user( $this->user );
    14811481
    14821482        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $this->user );
     
    15061506        $group_member->promote( 'admin' );
    15071507
    1508         $this->bp::set_current_user( $this->user );
     1508        wp_set_current_user( $this->user );
    15091509
    15101510        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
     
    15361536        $this->populate_group_with_members( array( $u1, $u2 ), $g1 );
    15371537
    1538         $this->bp::set_current_user( $this->user );
     1538        wp_set_current_user( $this->user );
    15391539
    15401540        $request = new WP_REST_Request( 'DELETE', $this->endpoint_url . '/' . $g1 . '/members/' . $u1 );
Note: See TracChangeset for help on using the changeset viewer.