Connection: allow using application password for site registration (#…

…40233) Adjust REST API to allow site registration without WP nonce if an application password is used. Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/11916342727 Upstream-Ref: Automattic/jetpack@6c1f800
Automattic · Nov 19, 2024 · 0454c82 · 0454c82
1 parent 7d7b03d
commit 0454c82
Show file tree

Hide file tree

Showing 16 changed files with 126 additions and 118 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/vendor/automattic/jetpack-blaze/composer.json b/vendor/automattic/jetpack-blaze/composer.json
@@ -6,7 +6,7 @@
 	"require": {
 		"php": ">=7.2",
 		"automattic/jetpack-assets": "^4.0.0-alpha",
-		"automattic/jetpack-connection": "^6.0.1",
+		"automattic/jetpack-connection": "^6.1.0-alpha",
 		"automattic/jetpack-constants": "^3.0.0",
 		"automattic/jetpack-plans": "^0.5.0",
 		"automattic/jetpack-redirect": "^3.0.0",

diff --git a/vendor/automattic/jetpack-connection/CHANGELOG.md b/vendor/automattic/jetpack-connection/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.1.0-alpha] - unreleased
+
+This is an alpha version! The changes listed here are not final.
+
+### Added
+- Allow using application password for site registration.
+
 ## [6.0.1] - 2024-11-18
 ### Fixed
 - Work around a WP user caching bug (https://core.trac.wordpress.org/ticket/62003). [#40188]
@@ -1250,6 +1257,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Separate the connection library into its own package.
 
+[6.1.0-alpha]: https://github.com/Automattic/jetpack-connection/compare/v6.0.1...v6.1.0-alpha
 [6.0.1]: https://github.com/Automattic/jetpack-connection/compare/v6.0.0...v6.0.1
 [6.0.0]: https://github.com/Automattic/jetpack-connection/compare/v5.1.7...v6.0.0
 [5.1.7]: https://github.com/Automattic/jetpack-connection/compare/v5.1.6...v5.1.7

diff --git a/vendor/automattic/jetpack-connection/composer.json b/vendor/automattic/jetpack-connection/composer.json
@@ -65,7 +65,7 @@
 			"link-template": "https://github.com/Automattic/jetpack-connection/compare/v${old}...v${new}"
 		},
 		"branch-alias": {
-			"dev-trunk": "6.0.x-dev"
+			"dev-trunk": "6.1.x-dev"
 		},
 		"dependencies": {
 			"test-only": [

diff --git a/vendor/automattic/jetpack-connection/src/class-package-version.php b/vendor/automattic/jetpack-connection/src/class-package-version.php
@@ -12,7 +12,7 @@
  */
 class Package_Version {
 
-	const PACKAGE_VERSION = '6.0.1';
+	const PACKAGE_VERSION = '6.1.0-alpha';
 
 	const PACKAGE_SLUG = 'connection';
 

diff --git a/vendor/automattic/jetpack-connection/src/class-rest-connector.php b/vendor/automattic/jetpack-connection/src/class-rest-connector.php
@@ -221,7 +221,6 @@ public function __construct( Manager $connection ) {
 					'registration_nonce' => array(
 						'description' => __( 'The registration nonce', 'jetpack-connection' ),
 						'type'        => 'string',
-						'required'    => true,
 					),
 					'redirect_uri'       => array(
 						'description' => __( 'URI of the admin page where the user should be redirected after connection flow', 'jetpack-connection' ),
@@ -791,7 +790,8 @@ public static function jetpack_register_permission_check() {
 	 * @return \WP_REST_Response|WP_Error
 	 */
 	public function connection_register( $request ) {
-		if ( ! wp_verify_nonce( $request->get_param( 'registration_nonce' ), 'jetpack-registration-nonce' ) ) {
+		// Only require nonce if cookie authentication is used.
+		if ( did_action( 'auth_cookie_valid' ) && ! wp_verify_nonce( $request->get_param( 'registration_nonce' ), 'jetpack-registration-nonce' ) ) {
 			return new WP_Error( 'invalid_nonce', __( 'Unable to verify your request.', 'jetpack-connection' ), array( 'status' => 403 ) );
 		}
 

diff --git a/vendor/automattic/jetpack-jitm/composer.json b/vendor/automattic/jetpack-jitm/composer.json
@@ -7,7 +7,7 @@
 		"php": ">=7.2",
 		"automattic/jetpack-a8c-mc-stats": "^3.0.0",
 		"automattic/jetpack-assets": "^4.0.0-alpha",
-		"automattic/jetpack-connection": "^6.0.1",
+		"automattic/jetpack-connection": "^6.1.0-alpha",
 		"automattic/jetpack-device-detection": "^3.0.0",
 		"automattic/jetpack-logo": "^3.0.0",
 		"automattic/jetpack-redirect": "^3.0.0",

diff --git a/vendor/automattic/jetpack-masterbar/composer.json b/vendor/automattic/jetpack-masterbar/composer.json
@@ -9,7 +9,7 @@
 		"automattic/jetpack-blaze": "^0.25.0",
 		"automattic/jetpack-compat": "^4.0.0",
 		"automattic/jetpack-device-detection": "^3.0.0",
-		"automattic/jetpack-connection": "^6.0.1",
+		"automattic/jetpack-connection": "^6.1.0-alpha",
 		"automattic/jetpack-jitm": "^4.0.0",
 		"automattic/jetpack-logo": "^3.0.0",
 		"automattic/jetpack-plans": "^0.5.0",