[wp-trac] [WordPress Trac] #51939: Basic Auth staging protections conflicts with App Passwords

WordPress Trac noreply at wordpress.org
Fri Dec 4 21:43:08 UTC 2020


#51939: Basic Auth staging protections conflicts with App Passwords
-------------------------------------------------+-------------------------
 Reporter:  TimothyBlynJacobs                    |       Owner:
                                                 |  TimothyBlynJacobs
     Type:  defect (bug)                         |      Status:  closed
 Priority:  highest omg bbq                      |   Milestone:  5.6
Component:  Application Passwords                |     Version:  5.6
 Severity:  blocker                              |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests dev-        |     Focuses:  rest-api
  reviewed                                       |
-------------------------------------------------+-------------------------
Changes (by TimothyBlynJacobs):

 * owner:  (none) => TimothyBlynJacobs
 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"49752" 49752]:
 {{{
 #!CommitTicketReference repository="" revision="49752"
 App Passwords: Prevent conflicts when Basic Auth is already used by the
 site.

 Application Passwords uses Basic Authentication to transfer authentication
 details. If the site is already using Basic Auth, for instance to
 implement a private staging environment, then the REST API will treat this
 as an authentication attempt and would end up generating an error for any
 REST API request.

 Now, Application Password authentication will only be attempted if
 Application Passwords is in use by a site. This is flagged by setting an
 option whenever an Application Password is created. An upgrade routine is
 added to set this option if any App Passwords already exist.

 Lastly, creating an Application Password will be prevented if the site
 appears to already be using Basic Authentication.

 Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith,
 marybaum, TimothyBlynJacobs.
 Fixes #51939.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51939#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list