Commit Graph

8 Commits

Author SHA1 Message Date
desrosj 1c26077cf1 Build/Test Tools: Update several dependencies in the 5.6 branch.
This backports several dependency updates to the 5.6 branch as a part of #52341 to allow all branches receiving security updates to run on NodeJS 14.x.

Backports [49933,49937,49939,49940,49983,49989,49990,50016,50017] to the 5.6 branch.
See #51801, #52341.
Built from https://develop.svn.wordpress.org/branches/5.6@50023


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-26 15:18:33 +00:00
Sergey Biryukov 9076f6bf5b App Passwords: Correct authorize app action names and signatures.
When App Passwords was introduced, the `wp_authorize_application_password_form` and `wp_application_passwords_approve_app_request_success` hooks were mistakenly duplicated and incorrectly documented. This commit corrects the hook names and ensures the correct parameters are passed.

Props johnbillion, engahmeds3ed.
Merges [49920] to the 5.6 branch.
Fixes #52013.
Built from https://develop.svn.wordpress.org/branches/5.6@49998


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 12:35:55 +00:00
Sergey Biryukov 4541784a4f Site Health, App Passwords: Ensure REST API responses are properly translated.
The REST API requests in Site Health and App Passwords now include `_locale=user` in the request URL to ensure the user's locale is used instead of the site locale. Additionally, the `apiRequest` library now sends a JSON `Accept` header which is required by `determine_locale()` to respect the `_locale` query parameter.

The Site Health REST API controllers now manually load the default admin textdomain if not `is_admin()`. This allows for the Site Health tests to be translated even though the translations are part of the administration project and the REST API is not.

Props oglekler, kebbet, Clorith, TimothyBlynJacobs, ocean90, SergeyBiryukov, adamsilverstein.
Reviewed by TimothyBlynJacobs, SergeyBiryukov.
Merges [49716] to the 5.6 branch.
Fixes #51871.
Built from https://develop.svn.wordpress.org/branches/5.6@49724


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-01 18:07:08 +00:00
TimothyBlynJacobs 74969e7fbe App Passwords: Further accessibility improvements.
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.

Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49549


git-svn-id: http://core.svn.wordpress.org/trunk@49287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 18:05:08 +00:00
TimothyBlynJacobs f6d39d1c51 App Passwords: Improve accessibility.
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.

Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49294


git-svn-id: http://core.svn.wordpress.org/trunk@49056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-24 03:34:06 +00:00
TimothyBlynJacobs e992757e5b App Passwords: Include site_url in the success redirect payload.
Props georgestephanis.
Fixes #51602.

Built from https://develop.svn.wordpress.org/trunk@49291


git-svn-id: http://core.svn.wordpress.org/trunk@49053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-24 00:07:08 +00:00
TimothyBlynJacobs ce34d0ab00 App Passwords: Support an app_id to uniquely identify instances of an app.
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51583.

Built from https://develop.svn.wordpress.org/trunk@49276


git-svn-id: http://core.svn.wordpress.org/trunk@49038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 15:06:09 +00:00
TimothyBlynJacobs d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00