Ticket #20276: 20276.get-session-by-token-and-new-public-api.diff
File 20276.get-session-by-token-and-new-public-api.diff, 10.0 KB (added by , 11 years ago) |
---|
-
src/wp-includes/pluggable.php
684 684 } 685 685 686 686 $manager = WP_Session_Tokens::get_instance( $user->ID ); 687 if ( ! $manager->verify _token( $token ) ) {687 if ( ! $manager->verify( $token ) ) { 688 688 do_action( 'auth_cookie_bad_session_token', $cookie_elements ); 689 689 return false; 690 690 } … … 728 728 729 729 if ( ! $token ) { 730 730 $manager = WP_Session_Tokens::get_instance( $user_id ); 731 $token = $manager->create _token( $expiration );731 $token = $manager->create( $expiration ); 732 732 } 733 733 734 734 $pass_frag = substr($user->user_pass, 8, 4); … … 877 877 } 878 878 879 879 $manager = WP_Session_Tokens::get_instance( $user_id ); 880 $token = $manager->create _token( $expiration );880 $token = $manager->create( $expiration ); 881 881 882 882 $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ); 883 883 $logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token ); -
src/wp-includes/session.php
50 50 } 51 51 52 52 /** 53 * Hashes a token for storage.53 * Hashes a session token for storage. 54 54 * 55 55 * @since 4.0.0 56 56 * @access private 57 57 * 58 * @param string $token Token to hash.59 * @return string A hash of the token (a verifier).58 * @param string $token Session token to hash. 59 * @return string A hash of the session token (a verifier). 60 60 */ 61 61 final private function hash_token( $token ) { 62 62 return hash( 'sha256', $token ); 63 63 } 64 64 65 65 /** 66 * Get a user's session. 67 * 68 * @since 4.0.0 69 * @access public 70 * 71 * @param string $token Session token 72 * @return array User session 73 */ 74 final public function get( $token ) { 75 $verifier = $this->hash_token( $token ); 76 return $this->get_session( $verifier ); 77 } 78 79 /** 66 80 * Validate a user's session token as authentic. 67 81 * 68 82 * Checks that the given token is present and hasn't expired. … … 73 87 * @param string $token Token to verify. 74 88 * @return bool Whether the token is valid for the user. 75 89 */ 76 final public function verify _token( $token ) {90 final public function verify( $token ) { 77 91 $verifier = $this->hash_token( $token ); 78 92 return (bool) $this->get_session( $verifier ); 79 93 } 80 94 81 95 /** 82 * Generate a cookie session identification token.96 * Generate a session token and attach session information to it. 83 97 * 84 * A session identification token is a long, random string. It is used to 85 * link a cookie to an expiration time and to ensure that cookies become 86 * invalidated upon logout. This function generates a token and stores it 87 * with the associated expiration time. 98 * A session token is a long, random string. It is used in a cookie 99 * link that cookie to an expiration time and to ensure the cookie 100 * becomes invalidated upon logout. 88 101 * 102 * This function generates a token and stores it with the associated 103 * expiration time (and potentially other session information via the 104 * `attach_session_information` filter). 105 * 89 106 * @since 4.0.0 90 107 * @access public 91 108 * 92 109 * @param int $expiration Session expiration timestamp. 93 * @return string Session identificationtoken.110 * @return string Session token. 94 111 */ 95 final public function create _token( $expiration ) {112 final public function create( $expiration ) { 96 113 /** 97 114 * Filter the information attached to the newly created session. 98 115 * … … 109 126 110 127 $token = wp_generate_password( 43, false, false ); 111 128 112 $this->update _token( $token, $session );129 $this->update( $token, $session ); 113 130 114 131 return $token; 115 132 } 116 133 117 134 /** 118 * Update s a session based on itstoken.135 * Update a session token. 119 136 * 120 137 * @since 4.0.0 121 138 * @access public 122 139 * 123 * @param string $token Token to update.140 * @param string $token Session token to update. 124 141 * @param array $session Session information. 125 142 */ 126 final public function update _token( $token, $session ) {143 final public function update( $token, $session ) { 127 144 $verifier = $this->hash_token( $token ); 128 145 $this->update_session( $verifier, $session ); 129 146 } … … 134 151 * @since 4.0.0 135 152 * @access public 136 153 * 137 * @param string $token Token to destroy.154 * @param string $token Session token to destroy. 138 155 */ 139 final public function destroy _token( $token ) {156 final public function destroy( $token ) { 140 157 $verifier = $this->hash_token( $token ); 141 158 $this->update_session( $verifier, null ); 142 159 } … … 148 165 * @since 4.0.0 149 166 * @access public 150 167 * 151 * @param string $token_to_keep Token to keep.168 * @param string $token_to_keep Session token to keep. 152 169 */ 153 final public function destroy_other _tokens( $token_to_keep ) {170 final public function destroy_others( $token_to_keep ) { 154 171 $verifier = $this->hash_token( $token_to_keep ); 155 172 $session = $this->get_session( $verifier ); 156 173 if ( $session ) { 157 174 $this->destroy_other_sessions( $verifier ); 158 175 } else { 159 $this->destroy_all_ tokens();176 $this->destroy_all_sessions(); 160 177 } 161 178 } 162 179 … … 175 192 } 176 193 177 194 /** 178 * Destroy all tokens for a user.195 * Destroy all session tokens for a user. 179 196 * 180 197 * @since 4.0.0 181 198 * @access public 182 199 */ 183 final public function destroy_all _tokens() {200 final public function destroy_all() { 184 201 $this->destroy_all_sessions(); 185 202 } 186 203 187 204 /** 188 * Destroy all tokens for all users.205 * Destroy all session tokens for all users. 189 206 * 190 207 * @since 4.0.0 191 208 * @access public 192 209 * @static 193 210 */ 194 final public static function destroy_all_ tokens_for_all_users() {211 final public static function destroy_all_for_all_users() { 195 212 $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' ); 196 213 call_user_func( array( $manager, 'drop_sessions' ) ); 197 214 } … … 204 221 * 205 222 * @return array Sessions of a user. 206 223 */ 207 final public function get_all _sessions() {224 final public function get_all() { 208 225 return array_values( $this->get_sessions() ); 209 226 } 210 227 -
src/wp-includes/user.php
2207 2207 */ 2208 2208 function wp_get_all_sessions() { 2209 2209 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2210 return $manager->get_all _sessions();2210 return $manager->get_all(); 2211 2211 } 2212 2212 2213 2213 /** … … 2219 2219 $token = wp_get_session_token(); 2220 2220 if ( $token ) { 2221 2221 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2222 $manager->destroy _token( $token );2222 $manager->destroy( $token ); 2223 2223 } 2224 2224 } 2225 2225 … … 2232 2232 $token = wp_get_session_token(); 2233 2233 if ( $token ) { 2234 2234 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2235 $manager->destroy_other _tokens( $token );2235 $manager->destroy_others( $token ); 2236 2236 } 2237 2237 } 2238 2238 … … 2243 2243 */ 2244 2244 function wp_destroy_all_sessions() { 2245 2245 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2246 $manager->destroy_all _tokens();2246 $manager->destroy_all(); 2247 2247 } -
tests/phpunit/tests/user/session.php
18 18 19 19 function test_verify_and_destroy_token() { 20 20 $expiration = time() + DAY_IN_SECONDS; 21 $token = $this->manager->create _token( $expiration );22 $this->assertFalse( $this->manager->verify _token( 'foo' ) );23 $this->assertTrue( $this->manager->verify _token( $token ) );24 $this->manager->destroy _token( $token );25 $this->assertFalse( $this->manager->verify _token( $token ) );21 $token = $this->manager->create( $expiration ); 22 $this->assertFalse( $this->manager->verify( 'foo' ) ); 23 $this->assertTrue( $this->manager->verify( $token ) ); 24 $this->manager->destroy( $token ); 25 $this->assertFalse( $this->manager->verify( $token ) ); 26 26 } 27 27 28 28 function test_destroy_other_tokens() { 29 29 $expiration = time() + DAY_IN_SECONDS; 30 $token_1 = $this->manager->create _token( $expiration );31 $token_2 = $this->manager->create _token( $expiration );32 $token_3 = $this->manager->create _token( $expiration );33 $this->assertTrue( $this->manager->verify _token( $token_1 ) );34 $this->assertTrue( $this->manager->verify _token( $token_2 ) );35 $this->assertTrue( $this->manager->verify _token( $token_3 ) );36 $this->manager->destroy_other _tokens( $token_2 );37 $this->assertFalse( $this->manager->verify _token( $token_1 ) );38 $this->assertTrue( $this->manager->verify _token( $token_2 ) );39 $this->assertFalse( $this->manager->verify _token( $token_3 ) );30 $token_1 = $this->manager->create( $expiration ); 31 $token_2 = $this->manager->create( $expiration ); 32 $token_3 = $this->manager->create( $expiration ); 33 $this->assertTrue( $this->manager->verify( $token_1 ) ); 34 $this->assertTrue( $this->manager->verify( $token_2 ) ); 35 $this->assertTrue( $this->manager->verify( $token_3 ) ); 36 $this->manager->destroy_others( $token_2 ); 37 $this->assertFalse( $this->manager->verify( $token_1 ) ); 38 $this->assertTrue( $this->manager->verify( $token_2 ) ); 39 $this->assertFalse( $this->manager->verify( $token_3 ) ); 40 40 } 41 41 42 42 function test_destroy_all_tokens() { 43 43 $expiration = time() + DAY_IN_SECONDS; 44 $token_1 = $this->manager->create _token( $expiration );45 $token_2 = $this->manager->create _token( $expiration );46 $this->assertTrue( $this->manager->verify _token( $token_1 ) );47 $this->assertTrue( $this->manager->verify _token( $token_2 ) );48 $this->manager->destroy_all _tokens();49 $this->assertFalse( $this->manager->verify _token( $token_1 ) );50 $this->assertFalse( $this->manager->verify _token( $token_2 ) );44 $token_1 = $this->manager->create( $expiration ); 45 $token_2 = $this->manager->create( $expiration ); 46 $this->assertTrue( $this->manager->verify( $token_1 ) ); 47 $this->assertTrue( $this->manager->verify( $token_2 ) ); 48 $this->manager->destroy_all(); 49 $this->assertFalse( $this->manager->verify( $token_1 ) ); 50 $this->assertFalse( $this->manager->verify( $token_2 ) ); 51 51 } 52 52 }