[wp-trac] [WordPress Trac] #54213: "Authorize Application" should reject handling an already existing app name
WordPress Trac
noreply at wordpress.org
Tue Oct 5 14:58:25 UTC 2021
#54213: "Authorize Application" should reject handling an already existing app name
-----------------------------------+------------------------------
Reporter: mark-k | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Application Passwords | Version: 5.6
Severity: normal | Resolution:
Keywords: needs-testing-info | Focuses:
-----------------------------------+------------------------------
Comment (by mark-k):
@Boniu91
1. while logged in go to wp-admin/authorize-application.php. With this url
there is not application name/id and therefor it should just be denied as
in the admin side when adding application password you must specify an
application name. A message like "an application must supply an
application name, contact the application's author with this information"
should be displayed to the user.
2. On the admin side add an application password for an application "app".
Now go to wp-admin/authorize-application.php?app_name=app. Even at this
point any further steps should be denied as the application already exist,
and the user should be directed to his his account to revoke the corrent
password if it wants to reauthenticate the application.
In the current behaviour user clicks "Yes I approve..." only to get a very
user hostile message that tells him what the code checks instead of
telling him what steps he should take.
Now that I look at it while trying to add the same app twice on the admin
side I see that the same message is used there, but from the context it is
much easier to get what the problem is (although that message can probably
be improved as well)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54213#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list