@@ -250,7 +250,9 @@ Feature: Manage user custom fields
250250 {UUID1} {UUID2}
251251 """
252252
253- @require-wp-5.6
253+ # WordPress 6.8 uses BLAKE2b with wp_fast_hash() / wp_verify_fast_hash() for hashing application passwords.
254+ # See https://make.wordpress.org/core/2025/02/17/wordpress-6-8-will-use-bcrypt-for-password-hashing/
255+ @require-wp-5.6 @less-than-wp-6.8
254256 Scenario : Get particular user application password hash
255257 Given a WP install
256258
@@ -261,16 +263,41 @@ Feature: Manage user custom fields
261263 When I try the previous command again
262264 Then the return code should be 1
263265
264- Given
266+ When
265267 And save STDOUT as {PASSWORD}
266268 And I run `wp user application-password list {USER_ID} --name=someapp --field=uuid`
267269 And save STDOUT as {UUID}
268270
269- Given 's/\$ /\\\$ /g' `
271+ When 's/\$ /\\\$ /g' `
270272 And save STDOUT as {HASH}
271273
272274 When I run `wp eval "var_export( wp_check_password( '{PASSWORD}', '{HASH}', {USER_ID} ) );" `
273275 Then STDOUT should contain:
274276 """
275277 true
276278 """
279+
280+ @require-wp-6.8
281+ Scenario : Get particular user application password hash
282+ Given a WP install
283+
284+ When I run `wp user create testuser testuser@example.com --porcelain`
285+ Then STDOUT should be a number
286+ And save STDOUT as {USER_ID}
287+
288+ When I try the previous command again
289+ Then the return code should be 1
290+
291+ When I run `wp user application-password create {USER_ID} someapp --porcelain`
292+ And save STDOUT as {PASSWORD}
293+ And I run `wp user application-password list {USER_ID} --name=someapp --field=uuid`
294+ And save STDOUT as {UUID}
295+
296+ When I run `wp user application-password get {USER_ID} {UUID} --field=password | sed 's/\$ /\\\$ /g' `
297+ And save STDOUT as {HASH}
298+
299+ When I run `wp eval "var_export( wp_verify_fast_hash( '{PASSWORD}', '{HASH}', {USER_ID} ) );" `
300+ Then STDOUT should contain:
301+ """
302+ true
303+ """
0 commit comments