2

I have installed the plugin made by the Wordpress Team: https://github.com/WP-API/Basic-Auth

I am making this request with Wordpress 4.9.4:

GET http://somehostname.com/index.php?rest_route=%2Fwp%2Fv2%2Fposts&per_page=100&page=2&context=edit HTTP/1.1
Host: somehostname.com
Authorization: Basic [****base64encoded username+":"+pass *******]
Accept-Encoding: gzip, deflate
User-Agent: [some user agent name]

Response:

HTTP/1.1 401 Unauthorized
Date: Tue, 13 Feb 2018 14:26:12 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
X-Robots-Tag: noindex
Link: <http://somehostname.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization, Content-Type
Vary: Accept-Encoding,User-Agent
Content-Length: 127
Content-Type: application/json; charset=UTF-8

{"code":"rest_forbidden_context","message":"Sorry, you are not allowed to edit posts in this post type.","data":{"status":401}}
d0kt0r1
  • 305
  • 1
  • 3
  • 15

5 Answers5

1

Please add the following code on your htaccess file.

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

and if you logged in as a wordpress admin right now than it will not allow you to create a post so first logout from wordpress admin and than try to make a request.

These two solutions had solved my problem.

Striped
  • 2,544
  • 3
  • 25
  • 31
Krishna thakor
  • 175
  • 11
0

I'm inferring from your question that this is not supposed to be happening. You're expecting some response code that is not of the 4xx variety.

From the title: "401 Unauthorized with Wordpress Basic Auth Plugin", I'm also making a leap, but it's possible that you're thinking that the plugin is not allowing you to access that route in any sense.

So, with that in mind, I'd like to point out that the error data is telling you something pretty precise: that user isn't allowed to edit posts of that type. That's not the same as that user's credentials are invalid.

{
    "code": "rest_forbidden_context",
    "message": "Sorry, you are not allowed to edit posts in this post type.",
    "data": {
        "status": 401
    }
}

Try confirming that the user whose credentials you're supplying in the [****base64encoded username+":"+pass *******] format is an admin/author/editor (or other role) that has permission to edit posts of the type you're trying to access.

Edit: See this line of the WP-API, where that error is likely originating

Cameron Hurd
  • 4,836
  • 1
  • 22
  • 31
  • thank you for the quick reply. The user I have tested with is an Admin, which has all the possible capabilities ON. I checked with the User Role Plugin and that Admin has all the possible capabilities that exist. – d0kt0r1 Feb 13 '18 at 15:05
  • Try `var_dump`ing the `$user` variable here and confirm it's indeed admin: https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php#L38 Further – confirm admin can modify the resource you're after! – Cameron Hurd Feb 13 '18 at 15:08
  • So, the control does not go to line 38 at all. It returns here: https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php#L23 – d0kt0r1 Feb 13 '18 at 15:24
  • And the var_dump of $user at line 23 is bool(false) – d0kt0r1 Feb 13 '18 at 15:30
0

I got this fixed just now by doing as this comment is suggesting: Fix for basic OAuth Not sure if this fix has any side effects though?

d0kt0r1
  • 305
  • 1
  • 3
  • 15
0

I fixed the auth issue by following this very brief advice

https://github.com/WordPress/application-passwords/wiki/Basic-Authorization-Header----Missing

I also had to move the wordpress block up to the top of the htaccess

billyqureshi
  • 21
  • 4
0

I have fixed this issue by the following steps:

  1. Verify, if the password protected plugin installed, then
  2. Goto Password protected plugin's settings
  3. Check 'Allow REST API Access'
  4. Save Changes

enter image description here enter image description here

Tayyab Chaudhary
  • 158
  • 10