Changeset 49919 for trunk/tests/phpunit/tests/auth.php

Timestamp:

01/02/2021 09:34:01 PM (4 years ago)

Author:

TimothyBlynJacobs

Message:

App Passwords: Only attempt auth if the username and password are set.

Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the PHP_AUTH_USER field.

Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes #52003.

File:

• trunk/tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/tests/phpunit/tests/auth.php

@@ -616 +616 @@
         $this->assertNull( $authenticated );
     }
+
+    /**
+     * @ticket 52003
+     *
+     * @covers ::wp_validate_application_password
+     */
+    public function test_application_passwords_does_not_attempt_auth_if_missing_password() {
+        WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'phpunit' ) );
+
+        add_filter( 'application_password_is_api_request', '__return_true' );
+        add_filter( 'wp_is_application_passwords_available', '__return_true' );
+
+        $_SERVER['PHP_AUTH_USER'] = self::$_user->user_login;
+        unset( $_SERVER['PHP_AUTH_PW'] );
+
+        $this->assertNull( wp_validate_application_password( null ) );
+    }
 }