#53658 closed defect (bug) (fixed)
Display a user-facing message when the application passwords functionality is not available
Reported by: | johnbillion | Owned by: | johnbillion |
---|---|---|---|
Milestone: | 5.9 | Priority: | normal |
Severity: | normal | Version: | 5.6 |
Component: | Application Passwords | Keywords: | good-first-bug has-patch has-unit-tests commit |
Focuses: | administration | Cc: |
Description
The Application Passwords feature is not available on sites that don't use HTTPS (via is_ssl()
). This applies to all environment types except "local" (via wp_get_environment_type()
), which allows the feature to be used on non-HTTPS local environments.
When the feature isn't available there's no explanation shown to the user on the user profile editing screen, it simply doesn't appear. There should be an explanation provided with a link to related documentation about setting up HTTPS for production sites or setting the environment type for local environments.
Attachments (7)
Change History (26)
#2
@
3 years ago
- Keywords has-patch added; needs-patch removed
#3
@
3 years ago
- Milestone changed from Future Release to 5.9
- Owner set to johnbillion
- Status changed from new to reviewing
#4
@
3 years ago
53658.diff makes some adjustments to the wording and removes the link for HTTPS while we wait for an appropriate page to be produced.
This ticket was mentioned in Slack in #core by audrasjb. View the logs.
3 years ago
#6
@
3 years ago
- Keywords needs-refresh added
Hello, the patch still applies against trunk, but the HelpHub link needs to be translatable:
We should replace
'https://wordpress.org/support/article/editing-wp-config-php/#wp_environment_type'
with
__( 'https://wordpress.org/support/article/editing-wp-config-php/#wp_environment_type' )
@
3 years ago
Created a quick patch that makes the HelpHub link translatable, based off of @audrasjb latest comment. :)
#7
follow-up:
↓ 8
@
3 years ago
- Keywords commit added; needs-refresh removed
Thanks @iluy !
Marking this for commit
#8
in reply to:
↑ 7
@
3 years ago
Happy to help. Hopefully in the near future, I'll be able to make more and more meaningful contributions ;)
Replying to audrasjb:
Thanks @iluy !
Marking this forcommit
#11
follow-up:
↓ 12
@
3 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
Testing the 5.9 beta version, I have noticed the new message about missing HTTPS support and development environment setup being displayed on a production site with HTTPS support enabled.
It was due to __return_false
hooked to wp_is_application_passwords_available
filter (but can be reproduced even by hooking wp_is_application_passwords_available_for_user
filter).
Seeing a message suggesting that HTTPS is not enabled while accessing wp-admin via https, and suggestions on how to setup my development environment while checking production site, might feel confusing, at least.
In my humble opinion, the new message on missing support for the application passwords should be more finely targeted. Possibly by performing the same checks as wp_is_application_passwords_available
is doing ( $available = is_ssl() || 'local' === wp_get_environment_type();
), just without additional filters.
#12
in reply to:
↑ 11
;
follow-up:
↓ 13
@
3 years ago
Replying to david.binda:
Seeing a message suggesting that HTTPS is not enabled while accessing wp-admin via https, and suggestions on how to setup my development environment while checking production site, might feel confusing, at least.
In my humble opinion, the new message on missing support for the application passwords should be more finely targeted. Possibly by performing the same checks as
wp_is_application_passwords_available
is doing ($available = is_ssl() || 'local' === wp_get_environment_type();
), just without additional filters.
Good catch! Seems like we can just use wp_is_application_passwords_available()
though, instead of duplicating the checks?
#13
in reply to:
↑ 12
@
3 years ago
- Keywords commit removed
Replying to SergeyBiryukov:
Good catch! Seems like we can just use
wp_is_application_passwords_available()
though, instead of duplicating the checks?
wp_is_application_passwords_available()
is not just about HTTPS, that's only the default behaviour. Since it has a filter it can be disabled for whatever reason. So it can't be used to display a message which is only about HTTPS.
Though, we could extract the part for the is_ssl()
and environment check into a wp_is_application_passwords_supported()
function which has no filter so it can be used in wp_is_application_passwords_available()
and to display the HTTPS message.
This ticket was mentioned in PR #2069 on WordPress/wordpress-develop by costdev.
3 years ago
#15
- Keywords has-unit-tests added
Trac ticket: https://core.trac.wordpress.org/ticket/53658
@
3 years ago
Test Report: before and after applying PR 2069 and with and without the add_filter. Results: before = can reproduce; after = issue resolved
#16
@
3 years ago
- Keywords commit added
Test Report
Env:
- OS: macOS Big Sur
- Browser: Chrome and Edge
- Localhost: Local and wp-env
- Plugins: none
- Theme: TT2
Steps
- Pull latest
trunk
. - Add a must-use file by creating a folder under
wp-content/mu-plugins
and then addingwp-content/mu-plugins/test53658.php
file. - Add the following code to the test file:
<?php add_filter( 'wp_is_application_passwords_available', '__return_false' );
- Enable HTTPS on your test site.
- Navigate to your user profile in Users > Profile.
- Scroll down to "Application Passwords" section.
Notice the error message that HTTPS is needed:
The application password feature requires HTTPS, which is not enabled on this site.
- Applying PR 2069 patch.
- Refresh the page.
Expected behavior: The "Application Passwords" section is gone.
- Comment out the
add_filter
code in the test file.
Expected behavior: The "Application Passwords" section displays and there's no message about needing HTTPS.
Results
- At Step 6: Able to reproduce the reported issue ✅
- At Step 7-8: The application passwords section is gone and no error ✅
- At Step 9: The application passwords section displays properly and no error ✅
PR 2069 resolves the reported issue in comment 11 above.
Marking it for commit.
hellofromtonya commented on PR #2069:
3 years ago
#18
Committed via changeset https://core.trac.wordpress.org/changeset/52398.
Docs doesn't have a page for transitioning an install to HTTPS, though we have an issue going on for that now - https://github.com/WordPress/HelpHub/issues/333
Meanwhile, in my patch, I have added the link to search page and this can be updated with an actual page once that page is up and ready.