WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/29/2021 12:05:20 AM (3 months ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Introduce introspection endpoint.

This introduces a new endpoint, wp/v2/users/me/application-passwords/introspect, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same app_id.

Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes #52275.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php

    r50030 r50065  
    6868
    6969        add_filter( 'wp_is_application_passwords_available', '__return_true' );
     70    }
     71
     72    public function tearDown() {
     73        parent::tearDown();
     74        unset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $GLOBALS['wp_rest_application_password_status'], $GLOBALS['wp_rest_application_password_uuid'] );
    7075    }
    7176
     
    878883        $this->assertCount( 7, $properties );
    879884    }
     885
     886    /**
     887     * @ticket 52275
     888     */
     889    public function test_introspect_item() {
     890        $password = $this->setup_app_password_authenticated_request();
     891        $response = rest_do_request( '/wp/v2/users/me/application-passwords/introspect' );
     892        $this->assertNotWPError( $response->as_error() );
     893
     894        $this->assertEquals( $password['uuid'], $response->get_data()['uuid'] );
     895    }
     896
     897    /**
     898     * @ticket 52275
     899     */
     900    public function test_introspect_item_specific_user() {
     901        $password = $this->setup_app_password_authenticated_request();
     902        $response = rest_do_request( '/wp/v2/users/' . self::$admin . '/application-passwords/introspect' );
     903
     904        $this->assertEquals( $password['uuid'], $response->get_data()['uuid'] );
     905    }
     906
     907    /**
     908     * @ticket 52275
     909     */
     910    public function test_introspect_item_logged_out() {
     911        $response = rest_do_request( '/wp/v2/users/me/application-passwords/introspect' );
     912        $this->assertErrorResponse( 'rest_not_logged_in', $response, 401 );
     913    }
     914
     915    /**
     916     * @ticket 52275
     917     */
     918    public function test_introspect_item_wrong_user() {
     919        $this->setup_app_password_authenticated_request();
     920        $response = rest_do_request( '/wp/v2/users/' . self::$subscriber_id . '/application-passwords/introspect' );
     921        $this->assertErrorResponse( 'rest_cannot_introspect_app_password_for_non_authenticated_user', $response, 403 );
     922    }
     923
     924    /**
     925     * @ticket 52275
     926     */
     927    public function test_introspect_item_no_app_password_used() {
     928        wp_set_current_user( self::$admin );
     929        $response = rest_do_request( '/wp/v2/users/me/application-passwords/introspect' );
     930        $this->assertErrorResponse( 'rest_no_authenticated_app_password', $response, 404 );
     931    }
     932
     933    /**
     934     * @ticket 52275
     935     */
     936    public function test_introspect_item_password_invalid() {
     937        $this->setup_app_password_authenticated_request();
     938        add_action(
     939            'application_password_did_authenticate',
     940            function() {
     941                $GLOBALS['wp_rest_application_password_uuid'] = 'invalid_uuid';
     942            }
     943        );
     944
     945        $response = rest_do_request( '/wp/v2/users/me/application-passwords/introspect' );
     946        $this->assertErrorResponse( 'rest_application_password_not_found', $response, 500 );
     947    }
     948
     949    /**
     950     * Sets up a REST API request to be authenticated using an App Password.
     951     *
     952     * @since 5.7.0
     953     *
     954     * @return array The created App Password.
     955     */
     956    private function setup_app_password_authenticated_request() {
     957        list( $password, $item ) = WP_Application_Passwords::create_new_application_password( self::$admin, array( 'name' => 'Test' ) );
     958
     959        $_SERVER['PHP_AUTH_USER'] = get_userdata( self::$admin )->user_login;
     960        $_SERVER['PHP_AUTH_PW']   = $password;
     961
     962        $GLOBALS['current_user'] = null;
     963
     964        add_filter( 'application_password_is_api_request', '__return_true' );
     965
     966        return $item;
     967    }
    880968}
Note: See TracChangeset for help on using the changeset viewer.