[wp-trac] [WordPress Trac] #60029: Admin unable to create new Application Password for user with no role on main site (multisite)

WordPress Trac noreply at wordpress.org
Tue Feb 13 11:44:21 UTC 2024 

#60029: Admin unable to create new Application Password for user with no role on
main site (multisite)
-----------------------------------+------------------------------
 Reporter:  roytanck               |       Owner:  (none)
     Type:  defect (bug)           |      Status:  new
 Priority:  normal                 |   Milestone:  Awaiting Review
Component:  Application Passwords  |     Version:
 Severity:  normal                 |  Resolution:
 Keywords:                         |     Focuses:
-----------------------------------+------------------------------

Comment (by afunujoko1980):

 It appears that there is an issue with creating an Application Password
 for a user with no role on the main site in a WordPress multisite
 environment. This issue occurs specifically when attempting to create the
 password from the network users admin screen (`wp-admin/network/user-
 edit.php`).

 Here's a summary of the steps to reproduce the issue:

 1. Log in as an administrator.
 2. Create at least one additional site (referred to as "subsite").
 3. Create a second user and assign them the subscriber role on the
 "subsite".
 4. Optionally, remove the user from the main site.
 5. Go to the network "Users" screen and edit the user.
 6. Attempt to add an Application Password.

 The result is an error message stating "Invalid user ID."

 This issue could be related to how WordPress handles user roles and
 permissions in a multisite environment, particularly when trying to manage
 Application Passwords for users who do not have a role on the main site.

 To address this issue, you may need to investigate the underlying code
 that handles Application Password creation and user permissions in
 multisite environments. It's possible that a modification or workaround
 may be needed to ensure that users without roles on the main site can
 still create Application Passwords.

 Additionally, you could try creating the Application Password from the
 dashboard of a subsite (`subsite/wp-admin/user-edit.php`), as you
 mentioned that it works from there. This could serve as a temporary
 workaround until a more permanent solution is implemented.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60029#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list