Refactor application authorization logic

src/wp-admin/authorize-application.php

@@ -11,29 +11,21 @@
 
 $error        = null;
 $new_password = '';
+$user         = wp_get_current_user();
 
 // This is the no-js fallback script. Generally this will all be handled by `auth-app.js`.
 if ( isset( $_POST['action'] ) && 'authorize_application_password' === $_POST['action'] ) {
 	check_admin_referer( 'authorize_application_password' );
 
-	$success_url = $_POST['success_url'];
-	$reject_url  = $_POST['reject_url'];
-	$app_name    = $_POST['app_name'];
-	$app_id      = $_POST['app_id'];
-	$redirect    = '';
-
+	$redirect = '';
 	if ( isset( $_POST['reject'] ) ) {
-		if ( $reject_url ) {
-			$redirect = $reject_url;
-		} else {
-			$redirect = admin_url();
-		}
+		$redirect = $_POST['reject_url'] ?? admin_url();
 	} elseif ( isset( $_POST['approve'] ) ) {
 		$created = WP_Application_Passwords::create_new_application_password(
-			get_current_user_id(),
+			$user->ID,
 			array(
-				'name'   => $app_name,
-				'app_id' => $app_id,
+				'name'   => $_POST['app_name'],
+				'app_id' => $_POST['app_id'],
 			)
 		);
 
@@ -42,14 +34,14 @@
 		} else {
 			list( $new_password ) = $created;
 
-			if ( $success_url ) {
+			if ( $_POST['success_url'] ) {
 				$redirect = add_query_arg(
 					array(
 						'site_url'   => urlencode( site_url() ),
-						'user_login' => urlencode( wp_get_current_user()->user_login ),
+						'user_login' => urlencode( $user->user_login ),
 						'password'   => urlencode( $new_password ),
 					),
-					$success_url
+					$_POST['success_url']
 				);
 			}
 		}
@@ -62,9 +54,6 @@
 	}
 }
 
-// Used in the HTML title tag.
-$title = __( 'Authorize Application' );
-
 $app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
 $app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
 $success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
@@ -77,8 +66,6 @@
 	$reject_url = null;
 }
 
-$user = wp_get_current_user();
-
 $request  = compact( 'app_name', 'app_id', 'success_url', 'reject_url' );
 $is_valid = wp_is_authorize_application_password_request_valid( $request, $user );
 
@@ -132,11 +119,9 @@
 );
 
 require_once ABSPATH . 'wp-admin/admin-header.php';
-
 ?>
 <div class="wrap">
-	<h1><?php echo esc_html( $title ); ?></h1>
-
+	<h1><?php esc_html_e( 'Authorize Application' ); ?></h1>
 	<?php
 	if ( is_wp_error( $error ) ) {
 		wp_admin_notice(
@@ -147,7 +132,6 @@
 		);
 	}
 	?>
-
 	<div class="card auth-app-card">
 		<h2 class="title"><?php _e( 'An application would like to connect to your account.' ); ?></h2>
 		<?php if ( $app_name ) : ?>
@@ -163,7 +147,6 @@
 		<?php else : ?>
 			<p><?php _e( 'Would you like to give this application access to your account? You should only do this if you trust the application in question.' ); ?></p>
 		<?php endif; ?>
-
 		<?php
 		if ( is_multisite() ) {
 			$blogs       = get_blogs_of_user( $user->ID, true );
@@ -199,9 +182,7 @@
 				<?php
 			}
 		}
-		?>
 
-		<?php
 		if ( $new_password ) :
 			$message = '<p class="application-password-display">
 				<label for="new-application-password-value">' . sprintf(
@@ -264,9 +245,7 @@
 				 * @param WP_User $user The user authorizing the application.
 				 */
 				do_action( 'wp_authorize_application_password_form', $request, $user );
-				?>
 
-				<?php
 				submit_button(
 					__( 'Yes, I approve of this connection' ),
 					'primary',
@@ -301,15 +280,15 @@
 				</p>
 
 				<?php
-				submit_button(
-					__( 'No, I do not approve of this connection' ),
-					'secondary',
-					'reject',
-					false,
-					array(
-						'aria-describedby' => 'description-reject',
-					)
-				);
+					submit_button(
+						__( 'No, I do not approve of this connection' ),
+						'secondary',
+						'reject',
+						false,
+						array(
+							'aria-describedby' => 'description-reject',
+						)
+					);
 				?>
 				<p class="description" id="description-reject">
 					<?php