From a2309b61ed8d3a742ca65d511153c912ba214a96 Mon Sep 17 00:00:00 2001
From: Jason Bahl <jasonbahl@mac.com>
Date: Fri, 14 Feb 2020 01:51:03 -0700
Subject: [PATCH] #69 - Backward Compatibility fixes for playing nice with
 WPGraphQL for WooCommerce

---
 src/Auth.php         | 18 ++++++++++++++----
 src/ManageTokens.php | 26 ++++++++++++++++++++------
 2 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/src/Auth.php b/src/Auth.php
index 6a01dd7..6356427 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -68,8 +68,8 @@ public static function login_and_get_token( $username, $password ) {
 		 * The token is signed, now create the object with basic user data to send to the client
 		 */
 		$response = [
-			'authToken'    => self::get_signed_token( $user ),
-			'refreshToken' => self::get_refresh_token( $user ),
+			'authToken'    => self::get_signed_token( wp_get_current_user() ),
+			'refreshToken' => self::get_refresh_token( wp_get_current_user() ),
 			'user'         => DataSource::resolve_user( $user->data->ID, \WPGraphQL::get_app_context() ),
 			'id'           => $user->data->ID,
 		];
@@ -124,6 +124,7 @@ public static function get_token_expiration() {
 	 * Retrieves validates user and retrieve signed token
 	 *
 	 * @param \WP_User $user  Owner of the token.
+	 * @param bool $cap_check Whether to check capabilities when getting the token
 	 *
 	 * @return null|string
 	 */
@@ -221,7 +222,7 @@ public static function get_user_jwt_secret( $user_id ) {
 		 * If the request is not from the current_user or the current_user doesn't have the proper capabilities, don't return the secret
 		 */
 		$is_current_user = ( $user_id === get_current_user_id() ) ? true : false;
-		if ( ! $is_current_user || ! current_user_can( $capability ) ) {
+		if ( ! $is_current_user && ! current_user_can( $capability ) ) {
 			return null;
 		}
 
@@ -234,7 +235,7 @@ public static function get_user_jwt_secret( $user_id ) {
 		 * If there is no stored secret, or it's not a string
 		 */
 		if ( empty( $secret ) || ! is_string( $secret ) ) {
-			Auth::issue_new_user_secret( $user_id );
+			$secret = Auth::issue_new_user_secret( $user_id );
 		}
 
 		/**
@@ -293,6 +294,7 @@ public static function is_jwt_secret_revoked( $user_id ) {
 	 * Public method for getting an Auth token for a given user
 	 *
 	 * @param \WP_USer $user The user to get the token for
+	 * @param boolean $cap_check Whether to check capabilities. Default is true.
 	 *
 	 * @return null|string
 	 */
@@ -300,6 +302,13 @@ public static function get_token( $user, $cap_check = true ) {
 		return self::get_signed_token( $user, $cap_check );
 	}
 
+	/**
+	 * Given a WP_User, this returns a refresh token for the user
+	 * @param \WP_User $user A WP_User object
+	 * @param bool $cap_check
+	 *
+	 * @return null|string
+	 */
 	public static function get_refresh_token( $user, $cap_check = true ) {
 
 		self::$is_refresh_token = true;
@@ -311,6 +320,7 @@ public static function get_refresh_token( $user, $cap_check = true ) {
 		 */
 		add_filter( 'graphql_jwt_auth_token_before_sign', function( $token, \WP_User $user ) {
 			$secret = Auth::get_user_jwt_secret( $user->ID );
+			
 			if ( ! empty( $secret ) && ! is_wp_error( $secret ) && true === self::is_refresh_token() ) {
 
 				/**
diff --git a/src/ManageTokens.php b/src/ManageTokens.php
index 2e14469..b4d893b 100644
--- a/src/ManageTokens.php
+++ b/src/ManageTokens.php
@@ -77,8 +77,15 @@ public static function register_jwt_fields_to( $type ) {
 					'description' => __( 'A JWT token that can be used in future requests for authentication/authorization', 'wp-graphql-jwt-authentication' ),
 					'resolve'     => function ( $user ) {
 
-						if ( $user instanceof User ) {
-							$user = get_user_by( 'id', $user->userId );
+						$user_id = 0;
+						if ( isset( $user->userId ) ) {
+							$user_id = $user->userId;
+						} else if ( isset( $user->ID ) ) {
+							$user_id = $user->ID;
+						}
+
+						if ( ! $user instanceof \WP_User && ! empty( $user_id ) ) {
+							$user = get_user_by( 'id', $user_id );
 						}
 
 						// Get the token for the user.
@@ -101,8 +108,15 @@ public static function register_jwt_fields_to( $type ) {
 					'description' => __( 'A JWT token that can be used in future requests to get a refreshed jwtAuthToken. If the refresh token used in a request is revoked or otherwise invalid, a valid Auth token will NOT be issued in the response headers.', 'wp-graphql-jwt-authentication' ),
 					'resolve'     => function ( $user ) {
 
-						if ( $user instanceof User ) {
-							$user = get_user_by( 'id', $user->userId );
+						$user_id = 0;
+						if ( isset( $user->userId ) ) {
+							$user_id = $user->userId;
+						} else if ( isset( $user->ID ) ) {
+							$user_id = $user->ID;
+						}
+
+						if ( ! $user instanceof \WP_User && ! empty( $user_id ) ) {
+							$user = get_user_by( 'id', $user_id );
 						}
 
 						// Get the token for the user.
@@ -127,9 +141,9 @@ public static function register_jwt_fields_to( $type ) {
 
 						$user_id = 0;
 
-						if ( $user instanceof User ) {
+						if ( isset( $user->userId ) ) {
 							$user_id = $user->userId;
-						} else if ( $user instanceof \WP_User ) {
+						} else if ( isset( $user->ID ) ) {
 							$user_id = $user->ID;
 						}