Make WordPress Core

Ticket #58901: 58901.diff

File 58901.diff, 2.0 KB (added by Rahmohn, 13 months ago)

Update to clear the user_activation_key in the user object and add a test

  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 5b9dacc20f..537600800a 100644
    function wp_signon( $credentials = array(), $secure_cookie = '' ) { 
    110110        }
    111111
    112112        wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );
     113
     114        // Flush `user_activation_key` after successful login.
     115        global $wpdb;
     116        $wpdb->update(
     117                $wpdb->users,
     118                array( 'user_activation_key' => '', ),
     119                array( 'ID' => $user->ID ),
     120                array( '%s' ),
     121                array( '%d' )
     122        );
     123
     124        $user->__set( 'user_activation_key', '' );
     125
    113126        /**
    114127         * Fires after the user has successfully logged in.
    115128         *
  • tests/phpunit/tests/auth.php

    diff --git tests/phpunit/tests/auth.php tests/phpunit/tests/auth.php
    index facd456dd0..a8685680a1 100644
    class Tests_Auth extends WP_UnitTestCase { 
    423423                $this->assertInstanceOf( 'WP_Error', $check );
    424424        }
    425425
     426        /**
     427         * Ensure that the user_activation_key is cleared after a successful login.
     428         *
     429         * @ticket 58901
     430         */
     431        public function test_user_activation_key_after_successful_login() {
     432                global $wpdb;
     433
     434                $reset_key                    = get_password_reset_key( $this->user );
     435                $user                         = wp_signon(
     436                        array(
     437                                'user_login'    => self::USER_LOGIN,
     438                                'user_password' => self::USER_PASS,
     439                        )
     440                );
     441                $activation_key_from_database = $wpdb->get_var(
     442                        $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users WHERE ID = %d", $this->user->ID )
     443                );
     444
     445                $this->assertNotWPError( $reset_key, 'The password reset key was not created.' );
     446                $this->assertNotWPError( $user, 'The user was not authenticated.' );
     447                $this->assertEmpty( $user->user_activation_key, 'The `user_activation_key` was not empty on the user object returned by `wp_signon` function.' );
     448                $this->assertEmpty( $activation_key_from_database, 'The `user_activation_key` was not empty in the database.' );
     449        }
     450
    426451        /**
    427452         * Ensure users can log in using both their username and their email address.
    428453         *