get_param( 'username' ) ); $password = $request->get_param( 'password' ); if ( empty( $username ) || empty( $password ) ) { return new WP_REST_Response( [ 'success' => false, 'message' => __( 'Username and password are required', 'woonoow' ), ], 400 ); } // Authenticate user (same as wp-login.php) $user = wp_authenticate( $username, $password ); if ( is_wp_error( $user ) ) { return new WP_REST_Response( [ 'success' => false, 'message' => __( 'Invalid username or password', 'woonoow' ), ], 401 ); } // Check if user has WooCommerce permissions if ( ! user_can( $user, 'manage_woocommerce' ) ) { return new WP_REST_Response( [ 'success' => false, 'message' => __( 'You do not have permission to access this area', 'woonoow' ), ], 403 ); } // CRITICAL: Clear old cookies first, then set new ones // This ensures no stale session data interferes with the new login wp_clear_auth_cookie(); wp_set_current_user( $user->ID ); wp_set_auth_cookie( $user->ID, true ); // Trigger login action (same as wp-login.php) do_action( 'wp_login', $user->user_login, $user ); // Debug logging if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { error_log( '[AuthController::login] Login successful for user ID: ' . $user->ID ); error_log( '[AuthController::login] Current user ID: ' . get_current_user_id() ); error_log( '[AuthController::login] Cookies set: ' . ( headers_sent() ? 'Headers already sent!' : 'OK' ) ); } // Return user data and new nonce return new WP_REST_Response( [ 'success' => true, 'user' => [ 'id' => $user->ID, 'name' => $user->display_name, 'email' => $user->user_email, 'avatar' => get_avatar_url( $user->ID ), ], 'nonce' => wp_create_nonce( 'wp_rest' ), ], 200 ); } /** * Logout endpoint * * @return WP_REST_Response Response object */ public static function logout(): WP_REST_Response { wp_logout(); return new WP_REST_Response( [ 'success' => true, 'message' => __( 'Logged out successfully', 'woonoow' ), ], 200 ); } /** * Check auth status * * @return WP_REST_Response Response object */ public static function check(): WP_REST_Response { $is_logged_in = is_user_logged_in(); // Debug logging if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { error_log( '[AuthController::check] is_user_logged_in: ' . ( $is_logged_in ? 'true' : 'false' ) ); error_log( '[AuthController::check] Cookies: ' . print_r( $_COOKIE, true ) ); } if ( ! $is_logged_in ) { return new WP_REST_Response( [ 'authenticated' => false, 'debug' => 'Not logged in', ], 200 ); } $user = wp_get_current_user(); // Check WooCommerce permission if ( ! current_user_can( 'manage_woocommerce' ) ) { return new WP_REST_Response( [ 'authenticated' => false, 'message' => __( 'Insufficient permissions', 'woonoow' ), 'debug' => 'No manage_woocommerce permission', ], 200 ); } return new WP_REST_Response( [ 'authenticated' => true, 'user' => [ 'id' => $user->ID, 'name' => $user->display_name, 'email' => $user->user_email, 'avatar' => get_avatar_url( $user->ID ), ], ], 200 ); } }