Fix to disable application passwords (fixes #7).

Author: anderly

disable-user-login.php

@@ -3,7 +3,7 @@
  * Plugin Name: Disable User Login
  * Plugin URI:  http://wordpress.org/plugins/disable-user-login
  * Description: Provides the ability to disable user accounts and prevent them from logging in.
- * Version:     1.3.4
+ * Version:     1.3.5
  *
  * Author:      Saint Systems
  * Author URI:  https://www.saintsystems.com

includes/class-ss-disable-user-login-plugin.php

@@ -15,7 +15,7 @@ final class SS_Disable_User_Login_Plugin {
 	 *
 	 * @var string
 	 */
-	private static $version = '1.3.4';
+	private static $version = '1.3.5';
 
 	/**
 	 * Plugin singleton instance
@@ -135,6 +135,7 @@ private function add_hooks() {
 		add_filter( 'bulk_actions-users',         array( $this, 'bulk_action_disable_users'   )        );
 		add_filter( 'handle_bulk_actions-users',  array( $this, 'handle_bulk_disable_users'   ), 10, 3 );
 		add_filter( 'user_row_actions',           array( $this, 'add_quick_links'             ), 10, 2 );
+		add_filter( 'wp_is_application_passwords_available_for_user', array( $this, 'maybe_disable_application_passwords_for_user' ), 10, 2 );
 
 	} //end function add_hooks
 
@@ -160,6 +161,22 @@ function add_quick_links( $actions, $user_object ) {
 		return $actions;
 	}
 
+	/**
+	 * Prevent users with disabled accounts to use application passwords.
+	 *
+	 * @param bool $allow Whether to enable application passwords for the user. Default true.
+	 * @param WP_User $user user that is trying to access application passwords.
+	 *
+	 * @return bool true if application passwords should be enabled, false if it should be disabled.
+	 */
+	function maybe_disable_application_passwords_for_user( $allow, $user ) {
+		if ( $this->is_user_disabled( $user->ID ) ) {
+			return false;
+		}
+
+		return $allow;
+	}
+
 	/**
 	 * Gets the capability associated with banning a user
 	 * @return string

readme.txt

@@ -5,7 +5,7 @@ Tags: users, user, login, account, disable
 Requires at least: 4.7.0
 Tested up to: 6.1.1
 Requires PHP: 5.6
-Stable tag: 1.3.4
+Stable tag: 1.3.5
 License: GPLv3
 
 Provides the ability to disable user accounts and prevent them from logging in.
@@ -48,6 +48,9 @@ Yes, there is a filter in place for that, `disable_user_login.disabled_message`.
 
 == Changelog ==
 
+= 1.3.5 =
+* Fix to disable application passwords (fixes #7).
+
 = 1.3.4 =
 * Add user enable/disable quick links.