Application Passwords

[emojized]

Expected behavior

There is a problem with the implementation of the application passwords.

There is an example by https://rudrastyh.com/wordpress/rest-api-create-post.html

but it does not work unless we use the original plugin from here

https://wordpress.org/plugins/application-passwords/

so this is not properly included in the ClassicPress core.

Current behavior

It does not work as expected

Possible solution

Find the parts in the plugin and remerge it.

Steps to reproduce bug

1. Use the example of Misha Rudrastyh
2. Use email for login.
3. Install plugin application-passwords from wordpress
4. try 1 again.

Context

No response

ClassicPress version

2.0.0

PHP version

I don't know

Can you help?

I can help test a solution

[KTS915]

It's not a bug; the code bases are just not the same anymore. But it's worth looking at this as a possible feature enhancement.

[emojized]

it was show stopping my projects... but ok... hmm it was seen in the CP backend but did just not work as on wordpress

[KTS915]

Noting that a new version of the plugin has just been released.

[xxsimoxx]

I've tested on current develop and creation of a post using REST API and an application password is working for me.

[xxsimoxx]

@emojized can you please test with the plugin I've posted?
You should change those line:

	public $username             = 'pippo';
	public $application_password = '3MDb TDCU DIg2 4oAB oFDK K3aU';
	public $url                  = 'classicpress:8890';

and then use the "Test App Pass" admin page.
test-ap.php.zip

[emojized]

thank you very much... but does only work if i have
earlier mentioned application password plugin is present.
running CP Version 2.0.0

[xxsimoxx]

I've retested on other hosts, using CP 2.0.0 and the develop branch and works. Either using e-mail or nickname as username.

@emojized can you give more details, like the error that the test plugin shows?

Edit: Please test with Query Monitor to get extra hints.

[emojized]

i am on the stable 2.0.0 of course

Response message

string(21) "Internal Server Error"

Response body

object(stdClass)#751 (3) {
["code"]=>
string(18) "incorrect_password"
["message"]=>
string(203) "Error: The password you entered for the username techno is incorrect. Lost your password?"
["data"]=>
NULL
}

[xxsimoxx]

Something strange in the response. This is what I get with a wrong password:

Response message
string(12) "Unauthorized"
Response body
object(stdClass)#1026 (3) {
  ["code"]=>
  string(18) "rest_cannot_create"
  ["message"]=>
  string(56) "Sorry, you are not allowed to create posts as this user."
  ["data"]=>
  object(stdClass)#990 (1) {
    ["status"]=>
    int(401)
  }
}

And Query Monitor gets red about a 401 Unauthorized error.

[mattyrob]

I used the test code as posted above, amended slightly to allow me to test locally without permalinks or https connection. This test was run on the latest develop code.

I added 2 posts with title as defined by:
'Post using REST API '.$this->username

I passed the user login name in the first and the email address in the second attempt, and both worked for me.

Propose we close this unless OP can provide more details.