[wp-trac] [WordPress Trac] #55286: Rest Cannot Create Application Passwords
WordPress Trac
noreply at wordpress.org
Tue Mar 1 14:17:49 UTC 2022
#55286: Rest Cannot Create Application Passwords
----------------------------+-----------------------------
Reporter: gonza.ar | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 5.9.1
Severity: normal | Keywords:
Focuses: docs, rest-api |
----------------------------+-----------------------------
Hi!
When an api call is made to create an application password, the response
is:
{{{
{
"code": "rest_cannot_create_application_passwords",
"message": "Sorry, you are not allowed to create application passwords
for this user.",
"data": {
"status": 401
}
}
}}}
Api call:
https://example.com/wp-json/wp/v2/users/1/application-passwords?name=test
The problem is in the file:
/wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-
controller.php
line 119 method "get_items_permissions_check"
before this line the $user variable has all the information about the user
but when the function "current_user_can" is called, another function
"wp_get_current_user" retrieves the current user from the global variable
$current_user, and is empty. Consequently, a non-existent user is assigned
or created, different from the admin user, who has all the permissions to
make the request to the api.
Regards
Note: WordPress Version 5.9.1
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55286>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list