Make WordPress Core


Ignore:
Timestamp:
10/22/2020 03:04:23 PM (3 years ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Support an app_id to uniquely identify instances of an app.

Apps may now optionally include an app_id parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51583.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php

    r49109 r49276  
    309309        wp_set_current_user( self::$admin );
    310310
     311        $app_id  = wp_generate_uuid4();
    311312        $request = new WP_REST_Request( 'POST', '/wp/v2/users/me/application-passwords' );
    312         $request->set_body_params( array( 'name' => 'App' ) );
     313        $request->set_body_params(
     314            array(
     315                'name'   => 'App',
     316                'app_id' => $app_id,
     317            )
     318        );
    313319        $response = rest_do_request( $request );
    314320
     
    319325        $this->check_response( $response->get_data(), $passwords[0], true );
    320326        $this->assertEquals( 'App', $response->get_data()['name'] );
     327        $this->assertEquals( $app_id, $response->get_data()['app_id'] );
    321328        $this->assertNull( $response->get_data()['last_used'] );
    322329        $this->assertNull( $response->get_data()['last_ip'] );
     
    512519        $response = rest_do_request( $request );
    513520        $this->assertErrorResponse( 'rest_application_password_not_found', $response, 404 );
     521    }
     522
     523    /**
     524     * @ticket 51583
     525     */
     526    public function test_update_item_cannot_overwrite_app_id() {
     527        wp_set_current_user( self::$admin );
     528        list( , $item ) = WP_Application_Passwords::create_new_application_password( self::$admin, array( 'name' => 'App' ) );
     529
     530        $uuid    = $item['uuid'];
     531        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me/application-passwords/' . $uuid );
     532        $request->set_body_params( array( 'app_id' => wp_generate_uuid4() ) );
     533        $response = rest_do_request( $request );
     534        $this->assertEquals( '', $response->get_data()['app_id'] );
     535
     536        $app_id = wp_generate_uuid4();
     537
     538        list( , $item ) = WP_Application_Passwords::create_new_application_password(
     539            self::$admin,
     540            array(
     541                'name'   => 'App',
     542                'app_id' => $app_id,
     543            )
     544        );
     545
     546        $uuid    = $item['uuid'];
     547        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me/application-passwords/' . $uuid );
     548        $request->set_body_params( array( 'app_id' => wp_generate_uuid4() ) );
     549        $response = rest_do_request( $request );
     550        $this->assertEquals( $app_id, $response->get_data()['app_id'] );
    514551    }
    515552
     
    776813    protected function check_response( $response, $item, $password = false ) {
    777814        $this->assertArrayHasKey( 'uuid', $response );
     815        $this->assertArrayHasKey( 'app_id', $response );
    778816        $this->assertArrayHasKey( 'name', $response );
    779817        $this->assertArrayHasKey( 'created', $response );
     
    782820
    783821        $this->assertEquals( $item['uuid'], $response['uuid'] );
     822        $this->assertEquals( $item['app_id'], $response['app_id'] );
    784823        $this->assertEquals( $item['name'], $response['name'] );
    785824        $this->assertEquals( gmdate( 'Y-m-d\TH:i:s', $item['created'] ), $response['created'] );
     
    813852        $properties = $data['schema']['properties'];
    814853
    815         $this->assertCount( 6, $properties );
    816854        $this->assertArrayHasKey( 'uuid', $properties );
     855        $this->assertArrayHasKey( 'app_id', $properties );
    817856        $this->assertArrayHasKey( 'name', $properties );
    818857        $this->assertArrayHasKey( 'password', $properties );
     
    820859        $this->assertArrayHasKey( 'last_used', $properties );
    821860        $this->assertArrayHasKey( 'last_ip', $properties );
     861        $this->assertCount( 7, $properties );
    822862    }
    823863}
Note: See TracChangeset for help on using the changeset viewer.