wp-graphql · kidunot89 · Feb 27, 2025 · Feb 25, 2025
diff --git a/bin/_lib.sh b/bin/_lib.sh
@@ -35,7 +35,6 @@ install_wordpress() {
 	composer require --dev --no-interaction -W \
 		johnpbloch/wordpress:* \
         wp-graphql/wp-graphql-jwt-authentication \
-        axepress/wp-graphql-headless-login \
         wpackagist-plugin/woocommerce \
         wpackagist-plugin/woocommerce-gateway-stripe \
         wpackagist-plugin/wp-graphql \
@@ -51,7 +50,6 @@ remove_wordpress() {
 
 	# Remove WordPress dependencies
 	composer remove --dev wp-graphql/wp-graphql-jwt-authentication \
-        axepress/wp-graphql-headless-login \
         wpackagist-plugin/woocommerce-gateway-stripe \
         wpackagist-plugin/wp-graphql \
         wpackagist-theme/twentytwentyone \

diff --git a/composer.lock b/composer.lock
diff --git a/includes/model/class-customer.php b/includes/model/class-customer.php
@@ -47,9 +47,10 @@ class Customer extends Model {
 	 * Customer constructor
 	 *
 	 * @param \WC_Customer|int|string $id - User ID.
+	 * @param bool                    $is_session - Whether the customer is a session.
 	 */
-	public function __construct( $id = 'session' ) {
-		$this->data                = 'session' === $id ? \WC()->customer : new WC_Customer( absint( $id ) );
+	public function __construct( $id = 'session', $is_session = false ) {
+		$this->data                = 'session' === $id ? \WC()->customer : new WC_Customer( absint( $id ), $is_session );
 		$allowed_restricted_fields = [
 			'isRestricted',
 			'isPrivate',

diff --git a/includes/mutation/class-customer-update.php b/includes/mutation/class-customer-update.php
@@ -66,6 +66,10 @@ public static function get_input_fields() {
 					'description' => __( 'Meta data.', 'wp-graphql-woocommerce' ),
 					'type'        => [ 'list_of' => 'MetaDataInput' ],
 				],
+				'isSession'             => [
+					'type'        => 'Boolean',
+					'description' => __( 'Whether to save changes on the session or in the database', 'wp-graphql-woocommerce' ),
+				],
 			]
 		);
 	}
@@ -93,6 +97,7 @@ public static function get_output_fields() {
 	 */
 	public static function mutate_and_get_payload() {
 		return static function ( $input, AppContext $context, ResolveInfo $info ) {
+			$is_session   = isset( $input['isSession'] ) ? $input['isSession'] : false;
 			$session_only = empty( $input['id'] ) && ! is_user_logged_in();
 			$payload      = null;
 
@@ -116,7 +121,7 @@ public static function mutate_and_get_payload() {
 			$customer_args = Customer_Mutation::prepare_customer_props( $input, 'update' );
 
 			// Create customer object.
-			$customer = ! $session_only ? new WC_Customer( $payload['id'] ) : \WC()->customer;
+			$customer = ! $session_only ? new WC_Customer( $payload['id'], $is_session ) : \WC()->customer;
 
 			// Copy billing address as shipping address.
 			if ( isset( $input['shippingSameAsBilling'] ) && $input['shippingSameAsBilling'] ) {

diff --git a/vendor-prefixed/firebase/php-jwt/src/CachedKeySet.php b/vendor-prefixed/firebase/php-jwt/src/CachedKeySet.php
@@ -86,9 +86,9 @@ public function __construct(
         ClientInterface $httpClient,
         RequestFactoryInterface $httpFactory,
         CacheItemPoolInterface $cache,
-        int $expiresAfter = null,
+        ?int $expiresAfter = null,
         bool $rateLimit = false,
-        string $defaultAlg = null
+        ?string $defaultAlg = null
     ) {
         $this->jwksUri = $jwksUri;
         $this->httpClient = $httpClient;
@@ -186,7 +186,7 @@ private function keyIdExists(string $keyId): bool
             $jwksResponse = $this->httpClient->sendRequest($request);
             if ($jwksResponse->getStatusCode() !== 200) {
                 throw new UnexpectedValueException(
-                    sprintf('HTTP Error: %d %s for URI "%s"',
+                    \sprintf('HTTP Error: %d %s for URI "%s"',
                         $jwksResponse->getStatusCode(),
                         $jwksResponse->getReasonPhrase(),
                         $this->jwksUri,

diff --git a/vendor-prefixed/firebase/php-jwt/src/JWK.php b/vendor-prefixed/firebase/php-jwt/src/JWK.php
@@ -58,7 +58,7 @@ class JWK
      *
      * @uses parseKey
      */
-    public static function parseKeySet(array $jwks, string $defaultAlg = null): array
+    public static function parseKeySet(array $jwks, ?string $defaultAlg = null): array
     {
         $keys = [];
 
@@ -99,7 +99,7 @@ public static function parseKeySet(array $jwks, string $defaultAlg = null): arra
      *
      * @uses createPemFromModulusAndExponent
      */
-    public static function parseKey(array $jwk, string $defaultAlg = null): ?Key
+    public static function parseKey(array $jwk, ?string $defaultAlg = null): ?Key
     {
         if (empty($jwk)) {
             throw new InvalidArgumentException('JWK must not be empty');
@@ -178,6 +178,12 @@ public static function parseKey(array $jwk, string $defaultAlg = null): ?Key
                 // This library works internally with EdDSA keys (Ed25519) encoded in standard base64.
                 $publicKey = JWT::convertBase64urlToBase64($jwk['x']);
                 return new Key($publicKey, $jwk['alg']);
+            case 'oct':
+                if (!isset($jwk['k'])) {
+                    throw new UnexpectedValueException('k not set');
+                }
+
+                return new Key(JWT::urlsafeB64Decode($jwk['k']), $jwk['alg']);
             default:
                 break;
         }
@@ -218,7 +224,7 @@ private static function createPemFromCrvAndXYCoordinates(string $crv, string $x,
                 )
             );
 
-        return sprintf(
+        return \sprintf(
             "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n",
             wordwrap(base64_encode($pem), 64, "\n", true)
         );