Application Passwords: Correct the schema of the app_id property of the application passwords REST API endpoint.

johnbillion · johnbillion · commit a5f6b9c39307 · 2025-07-02T11:58:22.000Z
This property can contain either a UUID or an empty string. Props sukhendu2002, johnbillion. Fixes #53692 git-svn-id: https://develop.svn.wordpress.org/trunk@60404 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php
@@ -802,7 +802,16 @@ public function get_item_schema() {
 				'app_id'    => array(
 					'description' => __( 'A UUID provided by the application to uniquely identify it. It is recommended to use an UUID v5 with the URL or DNS namespace.' ),
 					'type'        => 'string',
-					'format'      => 'uuid',
+					'oneOf'       => array(
+						array(
+							'type'   => 'string',
+							'format' => 'uuid',
+						),
+						array(
+							'type' => 'string',
+							'enum' => array( '' ),
+						),
+					),
 					'context'     => array( 'view', 'edit', 'embed' ),
 				),
 				'name'      => array(
diff --git a/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php b/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php
@@ -847,6 +847,49 @@ public function test_prepare_item() {
 		$this->check_response( $prepared->get_data(), $item );
 	}
 
+	/**
+	 * @ticket 53692
+	 */
+	public function test_create_item_with_empty_app_id() {
+		wp_set_current_user( self::$admin );
+
+		$request = new WP_REST_Request( 'POST', '/wp/v2/users/me/application-passwords' );
+		$request->set_body_params(
+			array(
+				'name'   => 'Test',
+				'app_id' => '',
+			)
+		);
+
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data();
+
+		$this->assertSame( 201, $response->get_status() );
+		$this->assertSame( '', $data['app_id'] );
+	}
+
+	/**
+	 * @ticket 53692
+	 */
+	public function test_create_item_with_uuid_app_id() {
+		wp_set_current_user( self::$admin );
+
+		$uuid    = wp_generate_uuid4();
+		$request = new WP_REST_Request( 'POST', '/wp/v2/users/me/application-passwords' );
+		$request->set_body_params(
+			array(
+				'name'   => 'Test',
+				'app_id' => $uuid,
+			)
+		);
+
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data();
+
+		$this->assertSame( 201, $response->get_status() );
+		$this->assertSame( $uuid, $data['app_id'] );
+	}
+
 	/**
 	 * Checks the password response matches the expected format.
 	 *
diff --git a/tests/qunit/fixtures/wp-api-generated.js b/tests/qunit/fixtures/wp-api-generated.js
@@ -10053,7 +10053,18 @@ mockedApiResponse.Schema = {
                         "app_id": {
                             "description": "A UUID provided by the application to uniquely identify it. It is recommended to use an UUID v5 with the URL or DNS namespace.",
                             "type": "string",
-                            "format": "uuid",
+                            "oneOf": [
+                                {
+                                    "type": "string",
+                                    "format": "uuid"
+                                },
+                                {
+                                    "type": "string",
+                                    "enum": [
+                                        ""
+                                    ]
+                                }
+                            ],
                             "required": false
                         },
                         "name": {
@@ -10137,7 +10148,18 @@ mockedApiResponse.Schema = {
                         "app_id": {
                             "description": "A UUID provided by the application to uniquely identify it. It is recommended to use an UUID v5 with the URL or DNS namespace.",
                             "type": "string",
-                            "format": "uuid",
+                            "oneOf": [
+                                {
+                                    "type": "string",
+                                    "format": "uuid"
+                                },
+                                {
+                                    "type": "string",
+                                    "enum": [
+                                        ""
+                                    ]
+                                }
+                            ],
                             "required": false
                         },
                         "name": {
