When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.
To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.
Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.
Follow-up to [51980], [51988].
Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes#53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@52398 602fd350-edb4-49c9-b593-d223f7449a82
* Add missing translators comment.
* Add missing space, correct indentation.
* Put opening and closing PHP tag on a line by itself.
* Remove unnecessary escaping for consistency with other strings.
Follow-up to [51980].
See #53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@51988 602fd350-edb4-49c9-b593-d223f7449a82
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.
It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.
Props ashfame, audrasjb, iluy, johnbillion.
Fixes #53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@51980 602fd350-edb4-49c9-b593-d223f7449a82
In [49294, 49752], the `placeholder` attribute changed to `"WordPress App on My Phone"`. This change causes confusion as the field can be used in a variety of ways and is not limited to a phone.
Given a label exists for each field and clearly identifies its purpose, this commit removes the `placeholder` attribute from the `input` field.
Follow-up to [49109], [49294], [49752].
Props seedsca, audrasjb, joedolson, rehanali.
Fixes#54047.
git-svn-id: https://develop.svn.wordpress.org/trunk@51878 602fd350-edb4-49c9-b593-d223f7449a82
This should make it clear that the variable is used as part of the HTML `<title>` tag on admin screens.
Props ravipatel, hellofromTonya, sabernhardt, audrasjb, SergeyBiryukov.
Fixes#53729.
git-svn-id: https://develop.svn.wordpress.org/trunk@51475 602fd350-edb4-49c9-b593-d223f7449a82
Fix the enter key in profile form fields moving focus to the application password input instead of submitting the profile update for. Replace the submit button type used for application passwords with `button type="button"` and ensure that the enter key's native behavior isn't overwritten.
props audrasjb, alexstine, promz, sabernhardt.
Fixes#52849.
git-svn-id: https://develop.svn.wordpress.org/trunk@51086 602fd350-edb4-49c9-b593-d223f7449a82
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.
Follow-up to [42827].
See #51800.
git-svn-id: https://develop.svn.wordpress.org/trunk@50234 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
git-svn-id: https://develop.svn.wordpress.org/trunk@50006 602fd350-edb4-49c9-b593-d223f7449a82
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
git-svn-id: https://develop.svn.wordpress.org/trunk@49752 602fd350-edb4-49c9-b593-d223f7449a82
Corrects the "Application Name" field's aria-describedby attribute and makes the description visible.
Props alexstine, SergeyBiryukov.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49573 602fd350-edb4-49c9-b593-d223f7449a82
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.
Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49549 602fd350-edb4-49c9-b593-d223f7449a82
Standardize on "Go to..." as a more appropriate option for most cases.
Props garrett-eclipse, kharisblank, audrasjb, ramiy, valentinbora.
Fixes#47235.
git-svn-id: https://develop.svn.wordpress.org/trunk@49539 602fd350-edb4-49c9-b593-d223f7449a82
Restore the "Cancel" button aria label to "Cancel password change" after it was inadvertently changed in r49248.
Props SergeyBiryukov.
Fixes#42852.
git-svn-id: https://develop.svn.wordpress.org/trunk@49392 602fd350-edb4-49c9-b593-d223f7449a82
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.
Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49294 602fd350-edb4-49c9-b593-d223f7449a82
On the user edit screen improve handling and clarify language: rename the "Generate Password" and "Show password" buttons to "Set New Password". Clicking it always generates a password. Also: improve inline code comments and descriptions.
Props afercia, bookdude13, michaelarestad, pento.
Fixes#42852.
git-svn-id: https://develop.svn.wordpress.org/trunk@49248 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47808 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
git-svn-id: https://develop.svn.wordpress.org/trunk@45926 602fd350-edb4-49c9-b593-d223f7449a82
- adds `role="presentation"` to the edit comment table
- removes a few pointless `<fieldset>` elements
- adds a few missing `<label>` elements
- adds the CSS class `class="td-full"` to table rows spanning to multiple cells
- adds explicit `scope="row"` attribute to the table headers in `options-permalink.php`: this table is better communicated as data table
- uses consistent label association in the "Privacy Settings" page
- in the installation page "Set up your database connection": associates descriptions to their inout fields using `aria-describedby`
- improves the link to gravatar.com in the `user-edit.php` page
See #46899.
Fixes#47390.
git-svn-id: https://develop.svn.wordpress.org/trunk@45416 602fd350-edb4-49c9-b593-d223f7449a82
Adds `role="presentation"` to the `<table>` elements used for layout purposes.
Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.
Props greatislander, afercia.
Fixes#46899.
git-svn-id: https://develop.svn.wordpress.org/trunk@45403 602fd350-edb4-49c9-b593-d223f7449a82
This change means that users who can't read the site's current language can more easily identify controls that allow them to change either the site language or their own admin area language.
Props janak007, atlasmahesh, afercia, birgire, JoshuaWold
Fixes#43144
git-svn-id: https://develop.svn.wordpress.org/trunk@45402 602fd350-edb4-49c9-b593-d223f7449a82
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS
Props janak007, afercia.
Fixes#42853.
git-svn-id: https://develop.svn.wordpress.org/trunk@44895 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.
Fixes#43523.
git-svn-id: https://develop.svn.wordpress.org/trunk@42827 602fd350-edb4-49c9-b593-d223f7449a82
