<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[49752] trunk: App Passwords: Prevent conflicts when Basic Auth is already used by the site.</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/49752">49752</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/49752","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>TimothyBlynJacobs</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2020-12-04 21:42:52 +0000 (Fri, 04 Dec 2020)</dd>
</dl>

<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>App Passwords: Prevent conflicts when Basic Auth is already used by the site.

Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes <a href="https://core.trac.wordpress.org/ticket/51939">#51939</a>.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpadminauthorizeapplicationphp">trunk/src/wp-admin/authorize-application.php</a></li>
<li><a href="#trunksrcwpadminincludesupgradephp">trunk/src/wp-admin/includes/upgrade.php</a></li>
<li><a href="#trunksrcwpadminusereditphp">trunk/src/wp-admin/user-edit.php</a></li>
<li><a href="#trunksrcwpincludesclasswpapplicationpasswordsphp">trunk/src/wp-includes/class-wp-application-passwords.php</a></li>
<li><a href="#trunksrcwpincludesuserphp">trunk/src/wp-includes/user.php</a></li>
<li><a href="#trunksrcwpincludesversionphp">trunk/src/wp-includes/version.php</a></li>
<li><a href="#trunktestsphpunittestsauthphp">trunk/tests/phpunit/tests/auth.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestapplicationpasswordscontrollerphp">trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpadminauthorizeapplicationphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/authorize-application.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/authorize-application.php      2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-admin/authorize-application.php        2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -88,6 +88,18 @@
</span><span class="cx" style="display: block; padding: 0 10px">        );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if ( ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
+       wp_die(
+               __( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
+               __( 'Cannot Authorize Application' ),
+               array(
+                       'response'  => 501,
+                       'link_text' => __( 'Go Back' ),
+                       'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
+               )
+       );
+}
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
</span><span class="cx" style="display: block; padding: 0 10px">        if ( wp_is_application_passwords_available() ) {
</span><span class="cx" style="display: block; padding: 0 10px">                $message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
</span></span></pre></div>
<a id="trunksrcwpadminincludesupgradephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/includes/upgrade.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/includes/upgrade.php   2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-admin/includes/upgrade.php     2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -874,7 +874,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">                upgrade_550();
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        if ( $wp_current_db_version < 49735 ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $wp_current_db_version < 49752 ) {
</ins><span class="cx" style="display: block; padding: 0 10px">                 upgrade_560();
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2278,6 +2278,19 @@
</span><span class="cx" style="display: block; padding: 0 10px">        if ( $wp_current_db_version < 49735 ) {
</span><span class="cx" style="display: block; padding: 0 10px">                delete_transient( 'dirsize_cache' );
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+       if ( $wp_current_db_version < 49752 ) {
+               $results = $wpdb->get_results(
+                       $wpdb->prepare(
+                               "SELECT 1 FROM {$wpdb->usermeta} WHERE meta_key = %s LIMIT 1",
+                               WP_Application_Passwords::USERMETA_KEY_APPLICATION_PASSWORDS
+                       )
+               );
+
+               if ( ! empty( $results ) ) {
+                       update_site_option( WP_Application_Passwords::OPTION_KEY_IN_USE, 1 );
+               }
+       }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="trunksrcwpadminusereditphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/user-edit.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/user-edit.php  2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-admin/user-edit.php    2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -738,28 +738,35 @@
</span><span class="cx" style="display: block; padding: 0 10px">                                        <?php
</span><span class="cx" style="display: block; padding: 0 10px">                                }
</span><span class="cx" style="display: block; padding: 0 10px">                        }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                        ?>
-               <div class="create-application-password form-wrap">
-                       <div class="form-field">
-                               <label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
-                               <input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
-                               <p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
-                       </div>
</del><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                        <?php
-                       /**
-                        * Fires in the create Application Passwords form.
-                        *
-                        * @since 5.6.0
-                        *
-                        * @param WP_User $profileuser The current WP_User object.
-                        */
-                       do_action( 'wp_create_application_password_form', $profileuser );
-                       ?>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                 if ( empty( $_SERVER['PHP_AUTH_USER'] ) && empty( $_SERVER['PHP_AUTH_PW'] ) ) {
+                               ?>
+                       <div class="create-application-password form-wrap">
+                               <div class="form-field">
+                                       <label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
+                                       <input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
+                                       <p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
+                               </div>
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                        <?php submit_button( __( 'Add New Application Password' ), 'secondary', 'do_new_application_password' ); ?>
-               </div>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                         <?php
+                               /**
+                                * Fires in the create Application Passwords form.
+                                *
+                                * @since 5.6.0
+                                *
+                                * @param WP_User $profileuser The current WP_User object.
+                                */
+                               do_action( 'wp_create_application_password_form', $profileuser );
+                               ?>
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                                <?php submit_button( __( 'Add New Application Password' ), 'secondary', 'do_new_application_password' ); ?>
+                       </div>
+               <?php } else { ?>
+                       <div class="notice notice-error inline">
+                               <p><?php _e( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ); ?></p>
+                       </div>
+               <?php } ?>
+
</ins><span class="cx" style="display: block; padding: 0 10px">                 <div class="application-passwords-list-table-wrapper">
</span><span class="cx" style="display: block; padding: 0 10px">                        <?php
</span><span class="cx" style="display: block; padding: 0 10px">                        $application_passwords_list_table = _get_list_table( 'WP_Application_Passwords_List_Table', array( 'screen' => 'application-passwords-user' ) );
</span></span></pre></div>
<a id="trunksrcwpincludesclasswpapplicationpasswordsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/class-wp-application-passwords.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-wp-application-passwords.php  2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-includes/class-wp-application-passwords.php    2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -23,6 +23,15 @@
</span><span class="cx" style="display: block; padding: 0 10px">        const USERMETA_KEY_APPLICATION_PASSWORDS = '_application_passwords';
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+         * The option name used to store whether application passwords is in use.
+        *
+        * @since 5.6.0
+        *
+        * @type string
+        */
+       const OPTION_KEY_IN_USE = 'using_application_passwords';
+
+       /**
</ins><span class="cx" style="display: block; padding: 0 10px">          * The generated application password length.
</span><span class="cx" style="display: block; padding: 0 10px">         *
</span><span class="cx" style="display: block; padding: 0 10px">         * @since 5.6.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -32,6 +41,19 @@
</span><span class="cx" style="display: block; padding: 0 10px">        const PW_LENGTH = 24;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+         * Checks if Application Passwords are being used by the site.
+        *
+        * This returns true if at least one App Password has ever been created.
+        *
+        * @since 5.6.0
+        *
+        * @return bool
+        */
+       public static function is_in_use() {
+               return (bool) get_site_option( self::OPTION_KEY_IN_USE );
+       }
+
+       /**
</ins><span class="cx" style="display: block; padding: 0 10px">          * Creates a new application password.
</span><span class="cx" style="display: block; padding: 0 10px">         *
</span><span class="cx" style="display: block; padding: 0 10px">         * @since 5.6.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -67,6 +89,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">                        return new WP_Error( 'db_error', __( 'Could not save application password.' ) );
</span><span class="cx" style="display: block; padding: 0 10px">                }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                if ( ! get_site_option( self::OPTION_KEY_IN_USE ) ) {
+                       update_site_option( self::OPTION_KEY_IN_USE, true );
+               }
+
</ins><span class="cx" style="display: block; padding: 0 10px">                 /**
</span><span class="cx" style="display: block; padding: 0 10px">                 * Fires when an application password is created.
</span><span class="cx" style="display: block; padding: 0 10px">                 *
</span></span></pre></div>
<a id="trunksrcwpincludesuserphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/user.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/user.php    2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-includes/user.php      2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -313,6 +313,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">                return $input_user;
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ( ! WP_Application_Passwords::is_in_use() ) {
+               return $input_user;
+       }
+
</ins><span class="cx" style="display: block; padding: 0 10px">         $is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) );
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        /**
</span></span></pre></div>
<a id="trunksrcwpincludesversionphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/version.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/version.php 2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/src/wp-includes/version.php   2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -20,7 +20,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="cx" style="display: block; padding: 0 10px">  * @global int $wp_db_version
</span><span class="cx" style="display: block; padding: 0 10px">  */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$wp_db_version = 49735;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$wp_db_version = 49752;
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px">  * Holds the TinyMCE version.
</span></span></pre></div>
<a id="trunktestsphpunittestsauthphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/auth.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/auth.php        2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/tests/phpunit/tests/auth.php  2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -37,6 +37,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">                $this->user = clone self::$_user;
</span><span class="cx" style="display: block; padding: 0 10px">                wp_set_current_user( self::$user_id );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                update_site_option( 'using_application_passwords', 1 );
</ins><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        public function tearDown() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -604,4 +605,14 @@
</span><span class="cx" style="display: block; padding: 0 10px">                $this->assertInstanceOf( WP_User::class, $user );
</span><span class="cx" style="display: block; padding: 0 10px">                $this->assertSame( self::$user_id, $user->ID );
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+       /**
+        * @ticket 51939
+        */
+       public function test_authenticate_application_password_returns_null_if_not_in_use() {
+               delete_site_option( 'using_application_passwords' );
+
+               $authenticated = wp_authenticate_application_password( null, 'idonotexist', 'password' );
+               $this->assertNull( $authenticated );
+       }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestapplicationpasswordscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php      2020-12-04 21:39:30 UTC (rev 49751)
+++ trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php        2020-12-04 21:42:52 UTC (rev 49752)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -405,6 +405,22 @@
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+         * @ticket 51939
+        */
+       public function test_create_item_records_app_passwords_in_use() {
+               wp_set_current_user( self::$admin );
+
+               $this->assertFalse( WP_Application_Passwords::is_in_use() );
+
+               $request = new WP_REST_Request( 'POST', '/wp/v2/users/me/application-passwords' );
+               $request->set_body_params( array( 'name' => 'App' ) );
+               $response = rest_do_request( $request );
+
+               $this->assertSame( 201, $response->get_status() );
+               $this->assertTrue( WP_Application_Passwords::is_in_use() );
+       }
+
+       /**
</ins><span class="cx" style="display: block; padding: 0 10px">          * @ticket 42790
</span><span class="cx" style="display: block; padding: 0 10px">         */
</span><span class="cx" style="display: block; padding: 0 10px">        public function test_update_item() {
</span></span></pre>
</div>
</div>

</body>
</html>