mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2025-10-16 12:05:38 +00:00
Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`. To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message. Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`. Follow-up to [51980], [51988]. Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya. Fixes #53658. git-svn-id: https://develop.svn.wordpress.org/trunk@52398 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Tonya Mork
parent
84467812c8
commit
b161cfc1ff
@ -733,6 +733,7 @@ endif;
|
||||
|
||||
</table>
|
||||
|
||||
<?php if ( wp_is_application_passwords_available_for_user( $user_id ) || ! wp_is_application_passwords_supported() ) : // phpcs:disable Generic.WhiteSpace.ScopeIndent ?>
|
||||
<div class="application-passwords hide-if-no-js" id="application-passwords-section">
|
||||
<h2><?php _e( 'Application Passwords' ); ?></h2>
|
||||
<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
|
||||
@ -796,7 +797,7 @@ endif;
|
||||
$application_passwords_list_table->display();
|
||||
?>
|
||||
</div>
|
||||
<?php else : ?>
|
||||
<?php elseif ( ! wp_is_application_passwords_supported() ) : ?>
|
||||
<p><?php _e( 'The application password feature requires HTTPS, which is not enabled on this site.' ); ?></p>
|
||||
<p>
|
||||
<?php
|
||||
@ -809,6 +810,7 @@ endif;
|
||||
</p>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php endif; // phpcs:enable Generic.WhiteSpace.ScopeIndent ?>
|
||||
|
||||
<?php
|
||||
if ( IS_PROFILE_PAGE ) {
|
||||
|
||||
@ -191,7 +191,7 @@ function wp_check_php_mysql_versions() {
|
||||
function wp_get_environment_type() {
|
||||
static $current_env = '';
|
||||
|
||||
if ( $current_env ) {
|
||||
if ( ! defined( 'WP_RUN_CORE_TESTS' ) && $current_env ) {
|
||||
return $current_env;
|
||||
}
|
||||
|
||||
|
||||
@ -4657,19 +4657,31 @@ function wp_get_user_request( $request_id ) {
|
||||
return new WP_User_Request( $post );
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if Application Passwords is supported.
|
||||
*
|
||||
* Application Passwords is supported only by sites using SSL or local environments
|
||||
* but may be made available using the {@see 'wp_is_application_passwords_available'} filter.
|
||||
*
|
||||
* @since 5.9.0
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function wp_is_application_passwords_supported() {
|
||||
return is_ssl() || 'local' === wp_get_environment_type();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if Application Passwords is globally available.
|
||||
*
|
||||
* By default, Application Passwords is available to all sites using SSL or to local environments.
|
||||
* Use {@see 'wp_is_application_passwords_available'} to adjust its availability.
|
||||
* Use the {@see 'wp_is_application_passwords_available'} filter to adjust its availability.
|
||||
*
|
||||
* @since 5.6.0
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function wp_is_application_passwords_available() {
|
||||
$available = is_ssl() || 'local' === wp_get_environment_type();
|
||||
|
||||
/**
|
||||
* Filters whether Application Passwords is available.
|
||||
*
|
||||
@ -4677,7 +4689,7 @@ function wp_is_application_passwords_available() {
|
||||
*
|
||||
* @param bool $available True if available, false otherwise.
|
||||
*/
|
||||
return apply_filters( 'wp_is_application_passwords_available', $available );
|
||||
return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -946,6 +946,86 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
|
||||
$this->assertErrorResponse( 'rest_application_password_not_found', $response, 500 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 53658
|
||||
*
|
||||
* @covers ::wp_is_application_passwords_supported
|
||||
*/
|
||||
public function test_wp_is_application_passwords_supported_with_https_only() {
|
||||
$_SERVER['HTTPS'] = 'on';
|
||||
$this->assertTrue( wp_is_application_passwords_supported() );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 53658
|
||||
*
|
||||
* @covers ::wp_is_application_passwords_supported
|
||||
*/
|
||||
public function test_wp_is_application_passwords_supported_with_local_environment_only() {
|
||||
putenv( 'WP_ENVIRONMENT_TYPE=local' );
|
||||
|
||||
$actual = wp_is_application_passwords_supported();
|
||||
|
||||
// Revert to default behaviour so that other tests are not affected.
|
||||
putenv( 'WP_ENVIRONMENT_TYPE' );
|
||||
|
||||
$this->assertTrue( $actual );
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider data_wp_is_application_passwords_available
|
||||
*
|
||||
* @ticket 53658
|
||||
*
|
||||
* @covers ::wp_is_application_passwords_available
|
||||
*
|
||||
* @param bool|string $expected The expected value.
|
||||
* @param string|null $callback Optional. The callback for the `wp_is_application_passwords_available` hook.
|
||||
* Default: null.
|
||||
*/
|
||||
public function test_wp_is_application_passwords_available( $expected, $callback = null ) {
|
||||
remove_filter( 'wp_is_application_passwords_available', '__return_true' );
|
||||
|
||||
if ( $callback ) {
|
||||
add_filter( 'wp_is_application_passwords_available', $callback );
|
||||
}
|
||||
|
||||
if ( 'default' === $expected ) {
|
||||
putenv( 'WP_ENVIRONMENT_TYPE=local' );
|
||||
$expected = wp_is_application_passwords_supported();
|
||||
}
|
||||
|
||||
$actual = wp_is_application_passwords_available();
|
||||
|
||||
if ( 'default' === $expected ) {
|
||||
// Revert to default behaviour so that other tests are not affected.
|
||||
putenv( 'WP_ENVIRONMENT_TYPE' );
|
||||
}
|
||||
|
||||
$this->assertSame( $expected, $actual );
|
||||
}
|
||||
|
||||
/**
|
||||
* Data provider.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function data_wp_is_application_passwords_available() {
|
||||
return array(
|
||||
'availability not forced' => array(
|
||||
'expected' => 'default',
|
||||
),
|
||||
'availability forced true' => array(
|
||||
'expected' => true,
|
||||
'callback' => '__return_true',
|
||||
),
|
||||
'availability forced false' => array(
|
||||
'expected' => false,
|
||||
'callback' => '__return_false',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets up a REST API request to be authenticated using an App Password.
|
||||
*
|
||||
|
||||
@ -18,7 +18,13 @@ mockedApiResponse.Schema = {
|
||||
"wp-site-health/v1",
|
||||
"wp-block-editor/v1"
|
||||
],
|
||||
"authentication": [],
|
||||
"authentication": {
|
||||
"application-passwords": {
|
||||
"endpoints": {
|
||||
"authorization": "http://example.org/wp-admin/authorize-application.php"
|
||||
}
|
||||
}
|
||||
},
|
||||
"routes": {
|
||||
"/": {
|
||||
"namespace": "",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user