REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 18:14:06 -04:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* List Table API: WP_Application_Passwords_List_Table class
|
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Administration
|
|
|
|
* @since 5.6.0
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Class for displaying the list of application password items.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
* @access private
|
|
|
|
*
|
|
|
|
* @see WP_List_Table
|
|
|
|
*/
|
|
|
|
class WP_Application_Passwords_List_Table extends WP_List_Table {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets the list of columns.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function get_columns() {
|
|
|
|
return array(
|
|
|
|
'name' => __( 'Name' ),
|
|
|
|
'created' => __( 'Created' ),
|
|
|
|
'last_used' => __( 'Last Used' ),
|
|
|
|
'last_ip' => __( 'Last IP' ),
|
|
|
|
'revoke' => __( 'Revoke' ),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Prepares the list of items for displaying.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*/
|
|
|
|
public function prepare_items() {
|
|
|
|
global $user_id;
|
|
|
|
$this->items = array_reverse( WP_Application_Passwords::get_user_application_passwords( $user_id ) );
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles the name column output.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param array $item The current application password item.
|
|
|
|
*/
|
|
|
|
public function column_name( $item ) {
|
|
|
|
echo esc_html( $item['name'] );
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles the created column output.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param array $item The current application password item.
|
|
|
|
*/
|
|
|
|
public function column_created( $item ) {
|
|
|
|
if ( empty( $item['created'] ) ) {
|
|
|
|
echo '—';
|
|
|
|
} else {
|
|
|
|
echo gmdate( get_option( 'date_format', 'r' ), $item['created'] );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles the last used column output.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param array $item The current application password item.
|
|
|
|
*/
|
|
|
|
public function column_last_used( $item ) {
|
|
|
|
if ( empty( $item['last_used'] ) ) {
|
|
|
|
echo '—';
|
|
|
|
} else {
|
|
|
|
echo gmdate( get_option( 'date_format', 'r' ), $item['last_used'] );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles the last ip column output.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param array $item The current application password item.
|
|
|
|
*/
|
|
|
|
public function column_last_ip( $item ) {
|
|
|
|
if ( empty( $item['last_ip'] ) ) {
|
|
|
|
echo '—';
|
|
|
|
} else {
|
|
|
|
echo $item['last_ip'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles the revoke column output.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*/
|
|
|
|
public function column_revoke() {
|
|
|
|
submit_button( __( 'Revoke' ), 'delete', 'revoke-application-password', false );
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates content for a single row of the table
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param array $item The current item.
|
|
|
|
* @param string $column_name The current column name.
|
|
|
|
*/
|
|
|
|
protected function column_default( $item, $column_name ) {
|
|
|
|
/**
|
|
|
|
* Fires for each custom column in the Application Passwords list table.
|
|
|
|
*
|
|
|
|
* Custom columns are registered using the {@see 'manage_application-passwords-user_columns'} filter.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param string $column_name Name of the custom column.
|
|
|
|
* @param array $item The application password item.
|
|
|
|
*/
|
|
|
|
do_action( "manage_{$this->screen->id}_custom_column", $column_name, $item );
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates custom table navigation to prevent conflicting nonces.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param string $which The location of the bulk actions: 'top' or 'bottom'.
|
|
|
|
*/
|
|
|
|
protected function display_tablenav( $which ) {
|
|
|
|
?>
|
|
|
|
<div class="tablenav <?php echo esc_attr( $which ); ?>">
|
|
|
|
<?php if ( 'bottom' === $which ) : ?>
|
|
|
|
<div class="alignright">
|
|
|
|
<?php submit_button( __( 'Revoke all application passwords' ), 'delete', 'revoke-all-application-passwords', false ); ?>
|
|
|
|
</div>
|
|
|
|
<?php endif; ?>
|
|
|
|
<div class="alignleft actions bulkactions">
|
|
|
|
<?php $this->bulk_actions( $which ); ?>
|
|
|
|
</div>
|
|
|
|
<?php
|
|
|
|
$this->extra_tablenav( $which );
|
|
|
|
$this->pagination( $which );
|
|
|
|
?>
|
|
|
|
<br class="clear" />
|
|
|
|
</div>
|
|
|
|
<?php
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates content for a single row of the table.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
2020-10-18 16:53:08 -04:00
|
|
|
* @param array $item The current item.
|
REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 18:14:06 -04:00
|
|
|
*/
|
|
|
|
public function single_row( $item ) {
|
|
|
|
echo '<tr data-uuid="' . esc_attr( $item['uuid'] ) . '">';
|
|
|
|
$this->single_row_columns( $item );
|
|
|
|
echo '</tr>';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets the name of the default primary column.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @return string Name of the default primary column, in this case, 'name'.
|
|
|
|
*/
|
|
|
|
protected function get_default_primary_column_name() {
|
|
|
|
return 'name';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Prints the JavaScript template for the new row item.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*/
|
|
|
|
public function print_js_template_row() {
|
|
|
|
list( $columns, $hidden, , $primary ) = $this->get_column_info();
|
|
|
|
|
|
|
|
echo '<tr data-uuid="{{ data.uuid }}">';
|
|
|
|
|
|
|
|
foreach ( $columns as $column_name => $display_name ) {
|
|
|
|
$is_primary = $primary === $column_name;
|
|
|
|
$classes = "{$column_name} column-{$column_name}";
|
|
|
|
|
|
|
|
if ( $is_primary ) {
|
|
|
|
$classes .= ' has-row-actions column-primary';
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( in_array( $column_name, $hidden, true ) ) {
|
|
|
|
$classes .= ' hidden';
|
|
|
|
}
|
|
|
|
|
|
|
|
printf( '<td class="%s" data-colname="%s">', esc_attr( $classes ), esc_attr( wp_strip_all_tags( $display_name ) ) );
|
|
|
|
|
|
|
|
switch ( $column_name ) {
|
|
|
|
case 'name':
|
|
|
|
echo '{{ data.name }}';
|
|
|
|
break;
|
|
|
|
case 'created':
|
|
|
|
echo "<# print( wp.date.dateI18n( '" . esc_js( get_option( 'date_format' ) ) . "', data.created ) ) #>";
|
|
|
|
break;
|
|
|
|
case 'last_used':
|
|
|
|
echo "<# print( data.last_used !== null ? wp.date.dateI18n( '" . esc_js( get_option( 'date_format' ) ) . "', data.last_used ) : '—' ) #>";
|
|
|
|
break;
|
|
|
|
case 'last_ip':
|
|
|
|
echo "{{ data.last_ip || '—' }}";
|
|
|
|
break;
|
|
|
|
case 'revoke':
|
|
|
|
echo $this->column_revoke();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/**
|
|
|
|
* Fires in the JavaScript row template for each custom column in the Application Passwords list table.
|
|
|
|
*
|
|
|
|
* Custom columns are registered using the {@see 'manage_application-passwords-user_columns'} filter.
|
|
|
|
*
|
|
|
|
* @since 5.6.0
|
|
|
|
*
|
|
|
|
* @param string $column_name Name of the custom column.
|
|
|
|
*/
|
|
|
|
do_action( "manage_{$this->screen->id}_custom_column_js_template", $column_name );
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $is_primary ) {
|
|
|
|
echo '<button type="button" class="toggle-row"><span class="screen-reader-text">' . __( 'Show more details' ) . '</span></button>';
|
|
|
|
}
|
|
|
|
|
|
|
|
echo '</td>';
|
|
|
|
}
|
|
|
|
|
|
|
|
echo '</tr>';
|
|
|
|
}
|
|
|
|
}
|