Application Passwords: Allow plain HTTP success and reject URLs when using a local environment type.

It's not uncommon for local environments to run over HTTP due to the relative complexity of configuring HTTPS for a local environment. This change allows HTTP URLs for application password responses when that is the case.

Props peterwilsoncc, wppunk, cadic, viralsampat

Fixes #52617


git-svn-id: https://develop.svn.wordpress.org/trunk@55283 602fd350-edb4-49c9-b593-d223f7449a82

tests/phpunit/tests/admin/includesUser.php

@@ -7,52 +7,82 @@
 class Tests_Admin_IncludesUser extends WP_UnitTestCase {
 
 	/**
-	 * @ticket       42790
+	 * Test redirect URLs for application password authorization requests.
+	 *
+	 * @ticket 42790
+	 * @ticket 52617
+	 *
+	 * @covers ::wp_is_authorize_application_password_request_valid
+	 *
 	 * @dataProvider data_is_authorize_application_password_request_valid
-	 * @param array  $request    The request data to validate.
-	 * @param string $error_code The expected error code, empty if no error.
+	 *
+	 * @param array  $request             The request data to validate.
+	 * @param string $expected_error_code The expected error code, empty if no error is expected.
+	 * @param string $env                 The environment type. Defaults to 'production'.
 	 */
-	public function test_is_authorize_application_password_request_valid( $request, $error_code ) {
-		$error = wp_is_authorize_application_password_request_valid( $request, get_userdata( 1 ) );
+	public function test_is_authorize_application_password_request_valid( $request, $expected_error_code, $env = 'production' ) {
+		putenv( "WP_ENVIRONMENT_TYPE=$env" );
 
-		if ( $error_code ) {
-			$this->assertWPError( $error );
-			$this->assertSame( $error_code, $error->get_error_code() );
+		$actual = wp_is_authorize_application_password_request_valid( $request, get_userdata( 1 ) );
+
+		putenv( 'WP_ENVIRONMENT_TYPE' );
+
+		if ( $expected_error_code ) {
+			$this->assertWPError( $actual, 'A WP_Error object is expected.' );
+			$this->assertSame( $expected_error_code, $actual->get_error_code(), 'Unexpected error code.' );
 		} else {
-			$this->assertNotWPError( $error );
+			$this->assertNotWPError( $actual, 'A WP_Error object is not expected.' );
 		}
 	}
 
 	public function data_is_authorize_application_password_request_valid() {
-		return array(
-			array(
-				array(),
-				'',
-			),
-			array(
-				array( 'success_url' => 'http://example.org' ),
-				'invalid_redirect_scheme',
-			),
-			array(
-				array( 'reject_url' => 'http://example.org' ),
-				'invalid_redirect_scheme',
-			),
-			array(
-				array( 'success_url' => 'https://example.org' ),
-				'',
-			),
-			array(
-				array( 'reject_url' => 'https://example.org' ),
-				'',
-			),
-			array(
-				array( 'success_url' => 'wordpress://example' ),
-				'',
-			),
-			array(
-				array( 'reject_url' => 'wordpress://example' ),
-				'',
-			),
-		);
+		$environment_types = array( 'local', 'development', 'staging', 'production' );
+
+		$datasets = array();
+		foreach ( $environment_types as $environment_type ) {
+			$datasets[ $environment_type . ' and no request arguments' ] = array(
+				'request'             => array(),
+				'expected_error_code' => '',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and a "https" scheme "success_url"' ] = array(
+				'request'             => array( 'success_url' => 'https://example.org' ),
+				'expected_error_code' => '',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and a "https" scheme "reject_url"' ] = array(
+				'request'             => array( 'reject_url' => 'https://example.org' ),
+				'expected_error_code' => '',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and an app scheme "success_url"' ] = array(
+				'request'             => array( 'success_url' => 'wordpress://example' ),
+				'expected_error_code' => '',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and an app scheme "reject_url"' ] = array(
+				'request'             => array( 'reject_url' => 'wordpress://example' ),
+				'expected_error_code' => '',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and a "http" scheme "success_url"' ] = array(
+				'request'             => array( 'success_url' => 'http://example.org' ),
+				'expected_error_code' => 'local' === $environment_type ? '' : 'invalid_redirect_scheme',
+				'env'                 => $environment_type,
+			);
+
+			$datasets[ $environment_type . ' and a "http" scheme "reject_url"' ] = array(
+				'request'             => array( 'reject_url' => 'http://example.org' ),
+				'expected_error_code' => 'local' === $environment_type ? '' : 'invalid_redirect_scheme',
+				'env'                 => $environment_type,
+			);
+		}
+
+		return $datasets;
 	}
 }