[wp-trac] [WordPress Trac] #55286: Rest Cannot Create Application Passwords

WordPress Trac noreply at wordpress.org
Tue Mar 1 14:17:49 UTC 2022

#55286: Rest Cannot Create Application Passwords
 Reporter:  gonza.ar        |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  REST API        |    Version:  5.9.1
 Severity:  normal          |   Keywords:
  Focuses:  docs, rest-api  |

 When an api call is made to create an application password, the response

     "code": "rest_cannot_create_application_passwords",
     "message": "Sorry, you are not allowed to create application passwords
 for this user.",
     "data": {
         "status": 401

 Api call:


 The problem is in the file:
 line 119 method "get_items_permissions_check"

 before this line the $user variable has all the information about the user
 but when the function "current_user_can" is called, another function
 "wp_get_current_user" retrieves the current user from the global variable
 $current_user, and is empty. Consequently, a non-existent user is assigned
 or created, different from the admin user, who has all the permissions to
 make the request to the api.


 Note: WordPress Version 5.9.1

Ticket URL: <https://core.trac.wordpress.org/ticket/55286>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list