'Authentication failed' message converted in plain text #63

sviluppomania · 2022-03-17T22:59:42Z

A failed authentication on /token no more returns an HTML message.

Before this commit, the /token endopoint was returning thw Wordpress default error for a failed login. This was an HTML string with a link to recover the password.

Dealing with REST API it's better to always have plain text as a message

A failed authentication on /token no more returns an HTML message. Before this commit, the /token endopoint was returning thw Wordpress default error for a failed login. This was an HTML string with a link to recover the password. Dealing with REST API it's better to always have plain text as a message

sun · 2024-04-05T22:37:41Z

class-auth.php

 					'statusCode' => 401,
 					'code'       => $error_code,
-					'message'    => strip_tags( $user->get_error_message( $error_code ) ),
+					'message'    => strip_tags('Authentication failed: '.$error_code),


The existing code removes HTML tags already, so I'm not sure what this PR actually changes (other than removing a potentially more helpful error message for the end-user)…?

sun added the needs tests Automated tests should be adjusted in './tests' label May 18, 2022

sun reviewed Apr 5, 2024

View reviewed changes

sun removed the needs tests Automated tests should be adjusted in './tests' label Apr 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

'Authentication failed' message converted in plain text #63

'Authentication failed' message converted in plain text #63

Uh oh!

sviluppomania commented Mar 17, 2022

Uh oh!

sun Apr 5, 2024

Uh oh!

Uh oh!

Uh oh!

'Authentication failed' message converted in plain text #63

Are you sure you want to change the base?

'Authentication failed' message converted in plain text #63

Uh oh!

Conversation

sviluppomania commented Mar 17, 2022

Uh oh!

sun Apr 5, 2024

Choose a reason for hiding this comment

Uh oh!

Uh oh!