Commit Graph

12 Commits

Author SHA1 Message Date
John Blackbourn c1db3198ce Application Passwords: Allow a Super Admin to set an application password on a site they're not a member of.
This removes the requirement that a Super Admin must be a member of the current site when they attempt to set an application password within the admin area of an individual site on the network.

Props TimothyBlynJacobs, ilovecats7, johnbillion, georgestephanis, johnjamesjacoby

Fixes #53224

Built from https://develop.svn.wordpress.org/trunk@53882


git-svn-id: http://core.svn.wordpress.org/trunk@53441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-11 18:24:09 +00:00
spacedmonkey 16dfb05173 REST API: Avoid unnecessarily preparing item links.
Do not call the `prepare_links` methods in core REST API controllers, unless the `_links` or `_embedded` fields are requested. There is no need to prepare links if they are never returned in the response. This saves resources, as many calls to `prepare_links` methods perform database queries. 

Props Spacedmonkey, timothyblynjacobs, rachelbaker, desrosj, dlh, hellofromTonya.
Fixes #52992.
Built from https://develop.svn.wordpress.org/trunk@53760


git-svn-id: http://core.svn.wordpress.org/trunk@53319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-22 14:00:12 +00:00
Sergey Biryukov 81b7b229ed Coding Standards: Use consistent placement for `::prepare_links()` methods.
This moves the `::prepare_links()` methods in REST API classes next to `::prepare_item_for_response()` where they are used, to bring some consistency across the classes and make code navigation easier.

Includes wrapping some long lines for better readability.

Follow-up to [52079], [52051], [52342], [53721], [53722].

See #55647.
Built from https://develop.svn.wordpress.org/trunk@53724


git-svn-id: http://core.svn.wordpress.org/trunk@53283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-19 16:22:09 +00:00
John Blackbourn 3d86f8af55 Application Passwords: Various docblock improvements.
See #53399, #42790

Built from https://develop.svn.wordpress.org/trunk@51958


git-svn-id: http://core.svn.wordpress.org/trunk@51547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 20:26:59 +00:00
John Blackbourn f5713b8d71 Application Passwords: Improve various user-facing and developer-facing terminology.
Fixes #53503, #53691

Built from https://develop.svn.wordpress.org/trunk@51463


git-svn-id: http://core.svn.wordpress.org/trunk@51074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-19 21:14:57 +00:00
Sergey Biryukov cc95428f75 REST API: Update “object” strings to use the appropriate nouns.
This updates route arguments and schema descriptions to use more specific object types for clarity.

Follow-up to [39342].

Props lephleg, jnylen0.
Fixes #40720.
Built from https://develop.svn.wordpress.org/trunk@51000


git-svn-id: http://core.svn.wordpress.org/trunk@50609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-25 13:12:58 +00:00
TimothyBlynJacobs c27098a3a3 App Passwords: Introduce fine grained capabilities.
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

Built from https://develop.svn.wordpress.org/trunk@50114


git-svn-id: http://core.svn.wordpress.org/trunk@49793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-31 19:03:59 +00:00
TimothyBlynJacobs cd6238947e App Passwords: Introduce introspection endpoint.
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.

Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes #52275.

Built from https://develop.svn.wordpress.org/trunk@50065


git-svn-id: http://core.svn.wordpress.org/trunk@49766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 00:07:02 +00:00
TimothyBlynJacobs ee710f2c16 App Passwords: Improve validation and sanitization of the application name.
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.

Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes #51941.

Built from https://develop.svn.wordpress.org/trunk@50030


git-svn-id: http://core.svn.wordpress.org/trunk@49731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 19:05:02 +00:00
TimothyBlynJacobs d9b35c8e98 App Passwords: Unify availability language.
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".

Additionally, we now use a 501 status code when indicating that App Passwords is not available.

Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes #51513.

Built from https://develop.svn.wordpress.org/trunk@49617


git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 22:42:04 +00:00
TimothyBlynJacobs ce34d0ab00 App Passwords: Support an app_id to uniquely identify instances of an app.
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51583.

Built from https://develop.svn.wordpress.org/trunk@49276


git-svn-id: http://core.svn.wordpress.org/trunk@49038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 15:06:09 +00:00
TimothyBlynJacobs d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00