[wp-trac] [WordPress Trac] #51939: Basic Auth staging protections conflicts with App Passwords
WordPress Trac
noreply at wordpress.org
Fri Dec 4 21:43:08 UTC 2020
#51939: Basic Auth staging protections conflicts with App Passwords
-------------------------------------------------+-------------------------
Reporter: TimothyBlynJacobs | Owner:
| TimothyBlynJacobs
Type: defect (bug) | Status: closed
Priority: highest omg bbq | Milestone: 5.6
Component: Application Passwords | Version: 5.6
Severity: blocker | Resolution: fixed
Keywords: has-patch has-unit-tests dev- | Focuses: rest-api
reviewed |
-------------------------------------------------+-------------------------
Changes (by TimothyBlynJacobs):
* owner: (none) => TimothyBlynJacobs
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"49752" 49752]:
{{{
#!CommitTicketReference repository="" revision="49752"
App Passwords: Prevent conflicts when Basic Auth is already used by the
site.
Application Passwords uses Basic Authentication to transfer authentication
details. If the site is already using Basic Auth, for instance to
implement a private staging environment, then the REST API will treat this
as an authentication attempt and would end up generating an error for any
REST API request.
Now, Application Password authentication will only be attempted if
Application Passwords is in use by a site. This is flagged by setting an
option whenever an Application Password is created. An upgrade routine is
added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site
appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith,
marybaum, TimothyBlynJacobs.
Fixes #51939.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51939#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list