如何使用 Wordpress Rest Api 获取当前登录用户? [英] How to get current logged in user using Wordpress Rest Api?

问题描述

我尝试添加自定义请求.

I tried to add a custom request.

add_action('rest_api_init', function () {
    register_rest_route( 'custom', '/login', array(
        'methods' => 'GET',
        'callback' => function(WP_REST_Request $request) {
            return wp_get_current_user();
        }
    ));
});

但它总是返回一个 ID = 0 的用户；我也试过这个:

But it always returns a user with with ID = 0; I also tried this:

add_action('rest_api_init', function () {
    register_rest_route( 'custom', '/login', array(
        'methods' => 'GET',
        'callback' => function(WP_REST_Request $request) {
            return is_user_logged_in();
        }
    ));
});

它总是返回false.但用户确实已登录.

And it always returns false. But the user is logged in for sure.

我添加了我的自定义登录

I added my custom login

add_action('rest_api_init', function () {
    register_rest_route( 'custom', '/login', array(
        'methods' => 'POST',
        'callback' => function(WP_REST_Request $request) {
            $nonce = wp_create_nonce("wp_rest");
            $user = wp_signon(array('user_login' => $_POST['username'],
                'user_password' => $_POST['password'], "rememberme" => true), false);
            if (is_wp_error($user)) {
                return $user;
            }

            //do_action( 'wp_login', "capad" );
            //$user['isloggedin'] = is_user_logged_in();
            return array('user' => $user,
                'nonce' => $nonce);
        }
    ));
});

我添加了X-WP-Nonce"作为http请求的标头

And I add "X-WP-Nonce" in as a header for http request

现在每个请求输出:{"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}}

And now every request outputs: {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}}

推荐答案

来自 REST API 手册中的="noreferrer">身份验证章节:

From the Authentication chapter, in the REST API Handbook:

Cookie 身份验证是随附的基本身份验证方法WordPress.当您登录到仪表板时，这会设置 cookie对你来说是正确的，所以插件和主题开发者只需要有一个登录用户.

Cookie authentication is the basic authentication method included with WordPress. When you log in to your dashboard, this sets up the cookies correctly for you, so plugin and theme developers need only to have a logged-in user.

然而，REST API 包含一种称为 nonces 的技术来避免 CSRF问题.这可以防止其他网站强迫您执行操作没有明确打算这样做.这个需要稍微特别处理 API.

However, the REST API includes a technique called nonces to avoid CSRF issues. This prevents other sites from forcing you to perform actions without explicitly intending to do so. This requires slightly special handling for the API.

对于使用内置 Javascript API 的开发人员，这是处理自动为您服务.这是使用 API 的推荐方式插件和主题.自定义数据模型可以扩展 wp.api.models.Base以确保正确发送任何自定义请求.

For developers using the built-in Javascript API, this is handled automatically for you. This is the recommended way to use the API for plugins and themes. Custom data models can extend wp.api.models.Base to ensure this is sent correctly for any custom requests.

对于手动发送 Ajax 请求的开发人员，nonce 需要是通过每个请求.API 使用 nonce 并将操作设置为wp_rest.然后这些可以通过 _wpnonce 数据传递给 API参数(POST 数据或在 GET 请求的查询中)，或通过X-WP-Nonce 标头.

For developers making manual Ajax requests, the nonce will need to be passed with each request. The API uses nonces with the action set to wp_rest. These can then be passed to the API via the _wpnonce data parameter (either POST data or in the query for GET requests), or via the X-WP-Nonce header.

这是一个 GET 示例:

Here's a GET example:

https://example.tld/wp-json/wp/v2/users/me?_wpnonce=9467a0bf9c

或者你的情况:

https://example.tld/wp-json/custom/login/?_wpnonce=9463a0bf9c

从哪里创建随机数

wp_create_nonce( 'wp_rest' );

因此很可能您在测试自定义端点时忘记了nonce 部分.

So most likely you forgot about the nonce part when testing your custom endpoint.

希望有帮助！

这篇关于如何使用 Wordpress Rest Api 获取当前登录用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！