Role blacklist for authentication

[cheesegrits]

Is your feature request related to a problem?

Kind of, yes, although it's a Me problem, not a You problem. :)

The current authentication mechanism simply checks that an account exists. I need finer grain control. For example, we use a custom role to temporarily disable accounts (or set "No Role For This Site") rather than deleting them. We need for those accounts not to be able to authenticate through JWT from our mobile app(s).

Describe the solution you'd like

I'd like to be able to have control over which roles can authenticate through JWT, preferably:

Whitelist: roles which can (empty means all can)
Blacklist: roles which cannot
Checkbox for "No Role cannot authenticate"

Alternatively, perhaps another hook for auth, which passes the user_id, and the hook can return true or false for whether it should be authenticated or not. Then we can handle all this ourselves.

Thanks for a great plugin, btw.

[adamwolfs]

Sadly i couldn't find a feature for this, and the use of the buld in hooks of wordpress doesn't do much for it.

I had to do a manual hack in the file:

if(count( array_intersect( array ( "Not Active", "notactive", "disabled"), (array) $this->wordPressData->getUserRoles($this->wordPressData->getUserDetailsByEmail($this->request['email'])) ) ) > 0 ) {
    throw new Exception(
        __('Your account has not been activated.', 'simple-jwt-login'),
        ErrorCodes::ERR_AUTO_LOGIN_NOT_ENABLED
    ); 
 }

In file: /src/Services/AuthenticateService.php

The ideal solution would be to add a new settings field under authentication, add it to the settings class, then change the 'in_array' to compare it to that field.

[adamwolfs]

Is there any chance this could become part of a update?

[true2thepen]

Currently working on adding this. Settings Page for Role Authentication currently looks like:

Have not upload any changes to github as of yet. Have other issues to solve before much more work can begin on this.