1/**
2 * @output wp-admin/js/auth-app.js
3 */
4
5/* global authApp */
6
7( function( $, authApp ) {
8 var $appNameField = $( '#app_name' ),
9 $approveBtn = $( '#approve' ),
10 $rejectBtn = $( '#reject' ),
11 $form = $appNameField.closest( 'form' ),
12 context = {
13 userLogin: authApp.user_login,
14 successUrl: authApp.success,
15 rejectUrl: authApp.reject
16 };
17
18 $approveBtn.on( 'click', function( e ) {
19 var name = $appNameField.val(),
20 appId = $( 'input[name="app_id"]', $form ).val();
21
22 e.preventDefault();
23
24 if ( $approveBtn.prop( 'aria-disabled' ) ) {
25 return;
26 }
27
28 if ( 0 === name.length ) {
29 $appNameField.trigger( 'focus' );
30 return;
31 }
32
33 $approveBtn.prop( 'aria-disabled', true ).addClass( 'disabled' );
34
35 var request = {
36 name: name
37 };
38
39 if ( appId.length > 0 ) {
40 request.app_id = appId;
41 }
42
43 /**
44 * Filters the request data used to Authorize an Application Password request.
45 *
46 * @since 5.6.0
47 *
48 * @param {Object} request The request data.
49 * @param {Object} context Context about the Application Password request.
50 * @param {string} context.userLogin The user's login username.
51 * @param {string} context.successUrl The URL the user will be redirected to after approving the request.
52 * @param {string} context.rejectUrl The URL the user will be redirected to after rejecting the request.
53 */
54 request = wp.hooks.applyFilters( 'wp_application_passwords_approve_app_request', request, context );
55
56 wp.apiRequest( {
57 path: '/wp/v2/users/me/application-passwords?_locale=user',
58 method: 'POST',
59 data: request
60 } ).done( function( response, textStatus, jqXHR ) {
61
62 /**
63 * Fires when an Authorize Application Password request has been successfully approved.
64 *
65 * In most cases, this should be used in combination with the {@see 'wp_authorize_application_password_form_approved_no_js'}
66 * action to ensure that both the JS and no-JS variants are handled.
67 *
68 * @since 5.6.0
69 *
70 * @param {Object} response The response from the REST API.
71 * @param {string} response.password The newly created password.
72 * @param {string} textStatus The status of the request.
73 * @param {jqXHR} jqXHR The underlying jqXHR object that made the request.
74 */
75 wp.hooks.doAction( 'wp_application_passwords_approve_app_request_success', response, textStatus, jqXHR );
76
77 var raw = authApp.success,
78 url, message, $notice;
79
80 if ( raw ) {
81 url = raw + ( -1 === raw.indexOf( '?' ) ? '?' : '&' ) +
82 'site_url=' + encodeURIComponent( authApp.site_url ) +
83 '&user_login=' + encodeURIComponent( authApp.user_login ) +
84 '&password=' + encodeURIComponent( response.password );
85
86 window.location = url;
87 } else {
88 message = wp.i18n.sprintf(
89 /* translators: %s: Application name. */
90 '<label for="new-application-password-value">' + wp.i18n.__( 'Your new password for %s is:' ) + '</label>',
91 '<strong></strong>'
92 ) + ' <input id="new-application-password-value" type="text" class="code" readonly="readonly" value="" />';
93 $notice = $( '<div></div>' )
94 .attr( 'role', 'alert' )
95 .attr( 'tabindex', -1 )
96 .addClass( 'notice notice-success notice-alt' )
97 .append( $( '<p></p>' ).addClass( 'application-password-display' ).html( message ) )
98 .append( '<p>' + wp.i18n.__( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ) + '</p>' );
99
100 // We're using .text() to write the variables to avoid any chance of XSS.
101 $( 'strong', $notice ).text( response.name );
102 $( 'input', $notice ).val( response.password );
103
104 $form.replaceWith( $notice );
105 $notice.trigger( 'focus' );
106 }
107 } ).fail( function( jqXHR, textStatus, errorThrown ) {
108 var errorMessage = errorThrown,
109 error = null;
110
111 if ( jqXHR.responseJSON ) {
112 error = jqXHR.responseJSON;
113
114 if ( error.message ) {
115 errorMessage = error.message;
116 }
117 }
118
119 var $notice = $( '<div></div>' )
120 .attr( 'role', 'alert' )
121 .addClass( 'notice notice-error' )
122 .append( $( '<p></p>' ).text( errorMessage ) );
123
124 $( 'h1' ).after( $notice );
125
126 $approveBtn.removeProp( 'aria-disabled', false ).removeClass( 'disabled' );
127
128 /**
129 * Fires when an Authorize Application Password request encountered an error when trying to approve the request.
130 *
131 * @since 5.6.0
132 * @since 5.6.1 Corrected action name and signature.
133 *
134 * @param {Object|null} error The error from the REST API. May be null if the server did not send proper JSON.
135 * @param {string} textStatus The status of the request.
136 * @param {string} errorThrown The error message associated with the response status code.
137 * @param {jqXHR} jqXHR The underlying jqXHR object that made the request.
138 */
139 wp.hooks.doAction( 'wp_application_passwords_approve_app_request_error', error, textStatus, errorThrown, jqXHR );
140 } );
141 } );
142
143 $rejectBtn.on( 'click', function( e ) {
144 e.preventDefault();
145
146 /**
147 * Fires when an Authorize Application Password request has been rejected by the user.
148 *
149 * @since 5.6.0
150 *
151 * @param {Object} context Context about the Application Password request.
152 * @param {string} context.userLogin The user's login username.
153 * @param {string} context.successUrl The URL the user will be redirected to after approving the request.
154 * @param {string} context.rejectUrl The URL the user will be redirected to after rejecting the request.
155 */
156 wp.hooks.doAction( 'wp_application_passwords_reject_app', context );
157
158 // @todo: Make a better way to do this so it feels like less of a semi-open redirect.
159 window.location = authApp.reject;
160 } );
161
162 $form.on( 'submit', function( e ) {
163 e.preventDefault();
164 } );
165}( jQuery, authApp ) );
166