From b16c7f1e2748c6d8b4c21b68d0ff36a89a7e9f5d Mon Sep 17 00:00:00 2001
From: sviluppomania <63558798+sviluppomania@users.noreply.github.com>
Date: Fri, 18 Mar 2022 00:07:32 +0100
Subject: [PATCH] Slash password before authenticating

Fixes erroneous 403 response when a password contains a single quote.

When attempting to authenticate with a (correct) password containing quotes, the API returns "403 Forbidden":
{ "code": "[jwt_auth] incorrect_password", "message": "...", "data": { "status": 403 } }

Using wp_slash (https://developer.wordpress.org/reference/functions/wp_slash/) to make sure the password is handled correctly.
---
 class-auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/class-auth.php b/class-auth.php
index 420e09d..be0aa7a 100644
--- a/class-auth.php
+++ b/class-auth.php
@@ -128,7 +128,7 @@ public function authenticate_user( $username, $password, $custom_auth = '' ) {
 			 */
 			$user = apply_filters( 'jwt_auth_do_custom_auth', $custom_auth_error, $username, $password, $custom_auth );
 		} else {
-			$user = wp_authenticate( $username, $password );
+			$user = wp_authenticate($username, wp_slash($password));
 		}
 
 		return $user;