WordPress.org

Make WordPress Core

Changeset 29635


Ignore:
Timestamp:
08/27/2014 02:06:53 AM (5 years ago)
Author:
nacin
Message:

Rename the public methods in the session tokens API.

Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r29620 r29635  
    685685
    686686    $manager = WP_Session_Tokens::get_instance( $user->ID );
    687     if ( ! $manager->verify_token( $token ) ) {
     687    if ( ! $manager->verify( $token ) ) {
    688688        do_action( 'auth_cookie_bad_session_token', $cookie_elements );
    689689        return false;
     
    729729    if ( ! $token ) {
    730730        $manager = WP_Session_Tokens::get_instance( $user_id );
    731         $token = $manager->create_token( $expiration );
     731        $token = $manager->create( $expiration );
    732732    }
    733733
     
    878878
    879879    $manager = WP_Session_Tokens::get_instance( $user_id );
    880     $token = $manager->create_token( $expiration );
     880    $token = $manager->create( $expiration );
    881881
    882882    $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
  • trunk/src/wp-includes/session.php

    r29455 r29635  
    1818    /**
    1919     * Protected constructor.
     20     *
     21     * @since 4.0.0
    2022     *
    2123     * @param int $user_id User whose session to manage.
     
    5153
    5254    /**
    53      * Hashes a token for storage.
     55     * Hashes a session token for storage.
    5456     *
    5557     * @since 4.0.0
    5658     * @access private
    5759     *
    58      * @param string $token Token to hash.
    59      * @return string A hash of the token (a verifier).
     60     * @param string $token Session token to hash.
     61     * @return string A hash of the session token (a verifier).
    6062     */
    6163    final private function hash_token( $token ) {
     
    6466
    6567    /**
     68     * Get a user's session.
     69     *
     70     * @since 4.0.0
     71     * @access public
     72     *
     73     * @param string $token Session token
     74     * @return array User session
     75     */
     76    final public function get( $token ) {
     77        $verifier = $this->hash_token( $token );
     78        return $this->get_session( $verifier );
     79    }
     80
     81    /**
    6682     * Validate a user's session token as authentic.
    6783     *
     
    7490     * @return bool Whether the token is valid for the user.
    7591     */
    76     final public function verify_token( $token ) {
     92    final public function verify( $token ) {
    7793        $verifier = $this->hash_token( $token );
    7894        return (bool) $this->get_session( $verifier );
     
    8096
    8197    /**
    82      * Generate a cookie session identification token.
    83      *
    84      * A session identification token is a long, random string. It is used to
    85      * link a cookie to an expiration time and to ensure that cookies become
    86      * invalidated upon logout. This function generates a token and stores it
    87      * with the associated expiration time.
     98     * Generate a session token and attach session information to it.
     99     *
     100     * A session token is a long, random string. It is used in a cookie
     101     * link that cookie to an expiration time and to ensure the cookie
     102     * becomes invalidated upon logout.
     103     *
     104     * This function generates a token and stores it with the associated
     105     * expiration time (and potentially other session information via the
     106     * `attach_session_information` filter).
    88107     *
    89108     * @since 4.0.0
     
    91110     *
    92111     * @param int $expiration Session expiration timestamp.
    93      * @return string Session identification token.
    94      */
    95     final public function create_token( $expiration ) {
     112     * @return string Session token.
     113     */
     114    final public function create( $expiration ) {
    96115        /**
    97116         * Filter the information attached to the newly created session.
     
    110129        $token = wp_generate_password( 43, false, false );
    111130
    112         $this->update_token( $token, $session );
     131        $this->update( $token, $session );
    113132
    114133        return $token;
     
    116135
    117136    /**
    118      * Updates a session based on its token.
    119      *
    120      * @since 4.0.0
    121      * @access public
    122      *
    123      * @param string $token Token to update.
     137     * Update a session token.
     138     *
     139     * @since 4.0.0
     140     * @access public
     141     *
     142     * @param string $token Session token to update.
    124143     * @param array  $session Session information.
    125144     */
    126     final public function update_token( $token, $session ) {
     145    final public function update( $token, $session ) {
    127146        $verifier = $this->hash_token( $token );
    128147        $this->update_session( $verifier, $session );
     
    135154     * @access public
    136155     *
    137      * @param string $token Token to destroy.
    138      */
    139     final public function destroy_token( $token ) {
     156     * @param string $token Session token to destroy.
     157     */
     158    final public function destroy( $token ) {
    140159        $verifier = $this->hash_token( $token );
    141160        $this->update_session( $verifier, null );
     
    149168     * @access public
    150169     *
    151      * @param string $token_to_keep Token to keep.
    152      */
    153     final public function destroy_other_tokens( $token_to_keep ) {
     170     * @param string $token_to_keep Session token to keep.
     171     */
     172    final public function destroy_others( $token_to_keep ) {
    154173        $verifier = $this->hash_token( $token_to_keep );
    155174        $session = $this->get_session( $verifier );
     
    157176            $this->destroy_other_sessions( $verifier );
    158177        } else {
    159             $this->destroy_all_tokens();
     178            $this->destroy_all_sessions();
    160179        }
    161180    }
     
    176195
    177196    /**
    178      * Destroy all tokens for a user.
    179      *
    180      * @since 4.0.0
    181      * @access public
    182      */
    183     final public function destroy_all_tokens() {
     197     * Destroy all session tokens for a user.
     198     *
     199     * @since 4.0.0
     200     * @access public
     201     */
     202    final public function destroy_all() {
    184203        $this->destroy_all_sessions();
    185204    }
    186205
    187206    /**
    188      * Destroy all tokens for all users.
     207     * Destroy all session tokens for all users.
    189208     *
    190209     * @since 4.0.0
     
    192211     * @static
    193212     */
    194     final public static function destroy_all_tokens_for_all_users() {
     213    final public static function destroy_all_for_all_users() {
    195214        $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' );
    196215        call_user_func( array( $manager, 'drop_sessions' ) );
     
    205224     * @return array Sessions of a user.
    206225     */
    207     final public function get_all_sessions() {
     226    final public function get_all() {
    208227        return array_values( $this->get_sessions() );
    209228    }
     
    225244     * @access protected
    226245     *
    227      * @param $verifier Verifier of the session to retrieve.
     246     * @param string $verifier Verifier of the session to retrieve.
    228247     * @return array|null The session, or null if it does not exist.
    229248     */
     
    238257     * @access protected
    239258     *
    240      * @param $verifier Verifier of the session to update.
     259     * @param string $verifier Verifier of the session to update.
    241260     */
    242261    abstract protected function update_session( $verifier, $session = null );
     
    249268     * @access protected
    250269     *
    251      * @param $verifier Verifier of the session to keep.
     270     * @param string $verifier Verifier of the session to keep.
    252271     */
    253272    abstract protected function destroy_other_sessions( $verifier );
     
    317336     * @access protected
    318337     *
    319      * @param $verifier Verifier of the session to retrieve.
     338     * @param string $verifier Verifier of the session to retrieve.
    320339     * @return array|null The session, or null if it does not exist
    321340     */
     
    377396     * @access protected
    378397     *
    379      * @param $verifier Verifier of the session to keep.
     398     * @param string $verifier Verifier of the session to keep.
    380399     */
    381400    protected function destroy_other_sessions( $verifier ) {
  • trunk/src/wp-includes/user.php

    r29454 r29635  
    22082208function wp_get_all_sessions() {
    22092209    $manager = WP_Session_Tokens::get_instance( get_current_user_id() );
    2210     return $manager->get_all_sessions();
     2210    return $manager->get_all();
    22112211}
    22122212
     
    22202220    if ( $token ) {
    22212221        $manager = WP_Session_Tokens::get_instance( get_current_user_id() );
    2222         $manager->destroy_token( $token );
     2222        $manager->destroy( $token );
    22232223    }
    22242224}
     
    22332233    if ( $token ) {
    22342234        $manager = WP_Session_Tokens::get_instance( get_current_user_id() );
    2235         $manager->destroy_other_tokens( $token );
     2235        $manager->destroy_others( $token );
    22362236    }
    22372237}
     
    22442244function wp_destroy_all_sessions() {
    22452245    $manager = WP_Session_Tokens::get_instance( get_current_user_id() );
    2246     $manager->destroy_all_tokens();
    2247 }
     2246    $manager->destroy_all();
     2247}
  • trunk/tests/phpunit/tests/user/session.php

    r29221 r29635  
    1919    function test_verify_and_destroy_token() {
    2020        $expiration = time() + DAY_IN_SECONDS;
    21         $token = $this->manager->create_token( $expiration );
    22         $this->assertFalse( $this->manager->verify_token( 'foo' ) );
    23         $this->assertTrue( $this->manager->verify_token( $token ) );
    24         $this->manager->destroy_token( $token );
    25         $this->assertFalse( $this->manager->verify_token( $token ) );
     21        $token = $this->manager->create( $expiration );
     22        $this->assertFalse( $this->manager->verify( 'foo' ) );
     23        $this->assertTrue( $this->manager->verify( $token ) );
     24        $this->manager->destroy( $token );
     25        $this->assertFalse( $this->manager->verify( $token ) );
    2626    }
    2727
    2828    function test_destroy_other_tokens() {
    2929        $expiration = time() + DAY_IN_SECONDS;
    30         $token_1 = $this->manager->create_token( $expiration );
    31         $token_2 = $this->manager->create_token( $expiration );
    32         $token_3 = $this->manager->create_token( $expiration );
    33         $this->assertTrue( $this->manager->verify_token( $token_1 ) );
    34         $this->assertTrue( $this->manager->verify_token( $token_2 ) );
    35         $this->assertTrue( $this->manager->verify_token( $token_3 ) );
    36         $this->manager->destroy_other_tokens( $token_2 );
    37         $this->assertFalse( $this->manager->verify_token( $token_1 ) );
    38         $this->assertTrue( $this->manager->verify_token( $token_2 ) );
    39         $this->assertFalse( $this->manager->verify_token( $token_3 ) );
     30        $token_1 = $this->manager->create( $expiration );
     31        $token_2 = $this->manager->create( $expiration );
     32        $token_3 = $this->manager->create( $expiration );
     33        $this->assertTrue( $this->manager->verify( $token_1 ) );
     34        $this->assertTrue( $this->manager->verify( $token_2 ) );
     35        $this->assertTrue( $this->manager->verify( $token_3 ) );
     36        $this->manager->destroy_others( $token_2 );
     37        $this->assertFalse( $this->manager->verify( $token_1 ) );
     38        $this->assertTrue( $this->manager->verify( $token_2 ) );
     39        $this->assertFalse( $this->manager->verify( $token_3 ) );
    4040    }
    4141
    4242    function test_destroy_all_tokens() {
    4343        $expiration = time() + DAY_IN_SECONDS;
    44         $token_1 = $this->manager->create_token( $expiration );
    45         $token_2 = $this->manager->create_token( $expiration );
    46         $this->assertTrue( $this->manager->verify_token( $token_1 ) );
    47         $this->assertTrue( $this->manager->verify_token( $token_2 ) );
    48         $this->manager->destroy_all_tokens();
    49         $this->assertFalse( $this->manager->verify_token( $token_1 ) );
    50         $this->assertFalse( $this->manager->verify_token( $token_2 ) );
     44        $token_1 = $this->manager->create( $expiration );
     45        $token_2 = $this->manager->create( $expiration );
     46        $this->assertTrue( $this->manager->verify( $token_1 ) );
     47        $this->assertTrue( $this->manager->verify( $token_2 ) );
     48        $this->manager->destroy_all();
     49        $this->assertFalse( $this->manager->verify( $token_1 ) );
     50        $this->assertFalse( $this->manager->verify( $token_2 ) );
    5151    }
    5252}
Note: See TracChangeset for help on using the changeset viewer.