From ec80646878bfe96cd14d9b5b49e2d51283206762 Mon Sep 17 00:00:00 2001
From: Timothy Jacobs <timothyblynjacobs@git.wordpress.org>
Date: Tue, 24 Sep 2024 16:38:36 +0000
Subject: [PATCH] App Passwords: Don't prevent non-unique App Password names.

In [50030] we enforced that Application Passwords have unique names. This was done with the assumption that applications would not connect to a user multiple times. However, in practice we've seen applications run into issues with the unique name constraint. Depending on the app, they may not know if they've been authorized before, or they may intentionally allow connecting multiple times. To prevent friction, App developers need to make their App Name unique, and in doing so often include things like the current date & time, which is already included in the App Passwords list table.

This commit removes this requirement to simplify usage of the Authorize Application flow.

Props mark-k, Boniu91, timothyblynjacobs, peterwilsoncc.
Fixes #54213.


git-svn-id: https://develop.svn.wordpress.org/trunk@59084 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../class-wp-application-passwords.php         |  4 ----
 .../profile/applications-passwords.test.js     | 17 -----------------
 .../tests/rest-api/application-passwords.php   | 18 ++++++++++--------
 3 files changed, 10 insertions(+), 29 deletions(-)

diff --git a/src/wp-includes/class-wp-application-passwords.php b/src/wp-includes/class-wp-application-passwords.php
index 38ec4915de..b76b5c7e2a 100644
--- a/src/wp-includes/class-wp-application-passwords.php
+++ b/src/wp-includes/class-wp-application-passwords.php
@@ -94,10 +94,6 @@ class WP_Application_Passwords {
 			return new WP_Error( 'application_password_empty_name', __( 'An application name is required to create an application password.' ), array( 'status' => 400 ) );
 		}
 
-		if ( self::application_name_exists_for_user( $user_id, $args['name'] ) ) {
-			return new WP_Error( 'application_password_duplicate_name', __( 'Each application name should be unique.' ), array( 'status' => 409 ) );
-		}
-
 		$new_password    = wp_generate_password( static::PW_LENGTH, false );
 		$hashed_password = wp_hash_password( $new_password );
 
diff --git a/tests/e2e/specs/profile/applications-passwords.test.js b/tests/e2e/specs/profile/applications-passwords.test.js
index bb7db439d3..3ff4ef4ad7 100644
--- a/tests/e2e/specs/profile/applications-passwords.test.js
+++ b/tests/e2e/specs/profile/applications-passwords.test.js
@@ -40,23 +40,6 @@ test.describe( 'Manage applications passwords', () => {
 		);
 	} );
 
-	test('should not allow to create two applications passwords with the same name', async ( {
-		page,
-		applicationPasswords
-	} ) => {
-		await applicationPasswords.create();
-		await applicationPasswords.create();
-
-		const errorMessage = page.getByRole( 'alert' );
-
-		await expect( errorMessage ).toHaveClass( /notice-error/ );
-		await expect(
-			errorMessage
-		).toContainText(
-			'Each application name should be unique.'
-		);
-	});
-
 	test( 'should correctly revoke a single application password', async ( {
 		page,
 		applicationPasswords
diff --git a/tests/phpunit/tests/rest-api/application-passwords.php b/tests/phpunit/tests/rest-api/application-passwords.php
index a630719ee8..3dd76c0f94 100644
--- a/tests/phpunit/tests/rest-api/application-passwords.php
+++ b/tests/phpunit/tests/rest-api/application-passwords.php
@@ -77,14 +77,6 @@ class Test_WP_Application_Passwords extends WP_UnitTestCase {
 				),
 				'args'     => array( 'name' => '<script>console.log("Hello")</script>' ),
 			),
-			'application_password_duplicate_name when name exists' => array(
-				'expected' => array(
-					'error_code'    => 'application_password_duplicate_name',
-					'error_message' => 'Each application name should be unique.',
-				),
-				'args'     => array( 'name' => 'test2' ),
-				'names'    => array( 'test1', 'test2' ),
-			),
 		);
 	}
 
@@ -196,4 +188,14 @@ class Test_WP_Application_Passwords extends WP_UnitTestCase {
 			),
 		);
 	}
+
+	/**
+	 * @ticket 51941
+	 */
+	public function test_can_create_duplicate_app_password_names() {
+		$created = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'My App' ) );
+		$this->assertNotWPError( $created, 'First attempt to create an application password should not return an error' );
+		$created = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'My App' ) );
+		$this->assertNotWPError( $created, 'Second attempt to create an application password should not return an error' );
+	}
 }