Skip to content

Commit

Permalink
Add security settings for Helper Script API methods (#13922)
Browse files Browse the repository at this point in the history
* Add endpoints for Jetpack Backup Helper Script methods
- Project: https://[private link]

- P2 post about this prototype: https://[private link]
- Related Jetpack PR: #13830
- Related Rewind PR: Automattic/jetpack-backups#975

This adds two new API endpoints for calling out to a Jetpack site, to install or delete a Helper Script.

It also locks these new API endpoints down to require access through a Rewind API token, ensuring this is not called from any other source.

This commit was generated from D34445-code.

* Make the require_rewind_auth parameter optional
  • Loading branch information
thingalon authored and kraftbj committed Nov 1, 2019
1 parent 89e2b46 commit c067656
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions class.json-api-endpoints.php
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,11 @@ abstract class WPCOM_JSON_API_Endpoint {
*/
public $allow_upload_token_auth = false;

/**
* @var bool Set to true if the endpoint should require auth from a Rewind auth token.
*/
public $require_rewind_auth = false;

function __construct( $args ) {
$defaults = array(
'in_testing' => false,
Expand Down Expand Up @@ -194,6 +199,7 @@ function __construct( $args ) {
$this->allow_unauthorized_request = (bool) $args['allow_unauthorized_request'];
$this->allow_jetpack_site_auth = (bool) $args['allow_jetpack_site_auth'];
$this->allow_upload_token_auth = (bool) $args['allow_upload_token_auth'];
$this->require_rewind_auth = isset( $args['require_rewind_auth'] ) ? (bool) $args['require_rewind_auth'] : false;

$this->version = $args['version'];

Expand Down

0 comments on commit c067656

Please sign in to comment.