Make WordPress Core

Changeset 59084


Ignore:
Timestamp:
09/24/2024 04:38:36 PM (2 months ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Don't prevent non-unique App Password names.

In [50030] we enforced that Application Passwords have unique names. This was done with the assumption that applications would not connect to a user multiple times. However, in practice we've seen applications run into issues with the unique name constraint. Depending on the app, they may not know if they've been authorized before, or they may intentionally allow connecting multiple times. To prevent friction, App developers need to make their App Name unique, and in doing so often include things like the current date & time, which is already included in the App Passwords list table.

This commit removes this requirement to simplify usage of the Authorize Application flow.

Props mark-k, Boniu91, timothyblynjacobs, peterwilsoncc.
Fixes #54213.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-application-passwords.php

    r59009 r59084  
    9393        if ( empty( $args['name'] ) ) {
    9494            return new WP_Error( 'application_password_empty_name', __( 'An application name is required to create an application password.' ), array( 'status' => 400 ) );
    95         }
    96 
    97         if ( self::application_name_exists_for_user( $user_id, $args['name'] ) ) {
    98             return new WP_Error( 'application_password_duplicate_name', __( 'Each application name should be unique.' ), array( 'status' => 409 ) );
    9995        }
    10096
  • trunk/tests/e2e/specs/profile/applications-passwords.test.js

    r59046 r59084  
    4040        );
    4141    } );
    42 
    43     test('should not allow to create two applications passwords with the same name', async ( {
    44         page,
    45         applicationPasswords
    46     } ) => {
    47         await applicationPasswords.create();
    48         await applicationPasswords.create();
    49 
    50         const errorMessage = page.getByRole( 'alert' );
    51 
    52         await expect( errorMessage ).toHaveClass( /notice-error/ );
    53         await expect(
    54             errorMessage
    55         ).toContainText(
    56             'Each application name should be unique.'
    57         );
    58     });
    5942
    6043    test( 'should correctly revoke a single application password', async ( {
  • trunk/tests/phpunit/tests/rest-api/application-passwords.php

    r55457 r59084  
    7878                'args'     => array( 'name' => '<script>console.log("Hello")</script>' ),
    7979            ),
    80             'application_password_duplicate_name when name exists' => array(
    81                 'expected' => array(
    82                     'error_code'    => 'application_password_duplicate_name',
    83                     'error_message' => 'Each application name should be unique.',
    84                 ),
    85                 'args'     => array( 'name' => 'test2' ),
    86                 'names'    => array( 'test1', 'test2' ),
    87             ),
    8880        );
    8981    }
     
    197189        );
    198190    }
     191
     192    /**
     193     * @ticket 51941
     194     */
     195    public function test_can_create_duplicate_app_password_names() {
     196        $created = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'My App' ) );
     197        $this->assertNotWPError( $created, 'First attempt to create an application password should not return an error' );
     198        $created = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'My App' ) );
     199        $this->assertNotWPError( $created, 'Second attempt to create an application password should not return an error' );
     200    }
    199201}
Note: See TracChangeset for help on using the changeset viewer.