Changeset 29635
- Timestamp:
- 08/27/2014 02:06:53 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/pluggable.php
r29620 r29635 685 685 686 686 $manager = WP_Session_Tokens::get_instance( $user->ID ); 687 if ( ! $manager->verify _token( $token ) ) {687 if ( ! $manager->verify( $token ) ) { 688 688 do_action( 'auth_cookie_bad_session_token', $cookie_elements ); 689 689 return false; … … 729 729 if ( ! $token ) { 730 730 $manager = WP_Session_Tokens::get_instance( $user_id ); 731 $token = $manager->create _token( $expiration );731 $token = $manager->create( $expiration ); 732 732 } 733 733 … … 878 878 879 879 $manager = WP_Session_Tokens::get_instance( $user_id ); 880 $token = $manager->create _token( $expiration );880 $token = $manager->create( $expiration ); 881 881 882 882 $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ); -
trunk/src/wp-includes/session.php
r29455 r29635 18 18 /** 19 19 * Protected constructor. 20 * 21 * @since 4.0.0 20 22 * 21 23 * @param int $user_id User whose session to manage. … … 51 53 52 54 /** 53 * Hashes a token for storage.55 * Hashes a session token for storage. 54 56 * 55 57 * @since 4.0.0 56 58 * @access private 57 59 * 58 * @param string $token Token to hash.59 * @return string A hash of the token (a verifier).60 * @param string $token Session token to hash. 61 * @return string A hash of the session token (a verifier). 60 62 */ 61 63 final private function hash_token( $token ) { … … 64 66 65 67 /** 68 * Get a user's session. 69 * 70 * @since 4.0.0 71 * @access public 72 * 73 * @param string $token Session token 74 * @return array User session 75 */ 76 final public function get( $token ) { 77 $verifier = $this->hash_token( $token ); 78 return $this->get_session( $verifier ); 79 } 80 81 /** 66 82 * Validate a user's session token as authentic. 67 83 * … … 74 90 * @return bool Whether the token is valid for the user. 75 91 */ 76 final public function verify _token( $token ) {92 final public function verify( $token ) { 77 93 $verifier = $this->hash_token( $token ); 78 94 return (bool) $this->get_session( $verifier ); … … 80 96 81 97 /** 82 * Generate a cookie session identification token. 83 * 84 * A session identification token is a long, random string. It is used to 85 * link a cookie to an expiration time and to ensure that cookies become 86 * invalidated upon logout. This function generates a token and stores it 87 * with the associated expiration time. 98 * Generate a session token and attach session information to it. 99 * 100 * A session token is a long, random string. It is used in a cookie 101 * link that cookie to an expiration time and to ensure the cookie 102 * becomes invalidated upon logout. 103 * 104 * This function generates a token and stores it with the associated 105 * expiration time (and potentially other session information via the 106 * `attach_session_information` filter). 88 107 * 89 108 * @since 4.0.0 … … 91 110 * 92 111 * @param int $expiration Session expiration timestamp. 93 * @return string Session identificationtoken.94 */ 95 final public function create _token( $expiration ) {112 * @return string Session token. 113 */ 114 final public function create( $expiration ) { 96 115 /** 97 116 * Filter the information attached to the newly created session. … … 110 129 $token = wp_generate_password( 43, false, false ); 111 130 112 $this->update _token( $token, $session );131 $this->update( $token, $session ); 113 132 114 133 return $token; … … 116 135 117 136 /** 118 * Update s a session based on itstoken.119 * 120 * @since 4.0.0 121 * @access public 122 * 123 * @param string $token Token to update.137 * Update a session token. 138 * 139 * @since 4.0.0 140 * @access public 141 * 142 * @param string $token Session token to update. 124 143 * @param array $session Session information. 125 144 */ 126 final public function update _token( $token, $session ) {145 final public function update( $token, $session ) { 127 146 $verifier = $this->hash_token( $token ); 128 147 $this->update_session( $verifier, $session ); … … 135 154 * @access public 136 155 * 137 * @param string $token Token to destroy.138 */ 139 final public function destroy _token( $token ) {156 * @param string $token Session token to destroy. 157 */ 158 final public function destroy( $token ) { 140 159 $verifier = $this->hash_token( $token ); 141 160 $this->update_session( $verifier, null ); … … 149 168 * @access public 150 169 * 151 * @param string $token_to_keep Token to keep.152 */ 153 final public function destroy_other _tokens( $token_to_keep ) {170 * @param string $token_to_keep Session token to keep. 171 */ 172 final public function destroy_others( $token_to_keep ) { 154 173 $verifier = $this->hash_token( $token_to_keep ); 155 174 $session = $this->get_session( $verifier ); … … 157 176 $this->destroy_other_sessions( $verifier ); 158 177 } else { 159 $this->destroy_all_ tokens();178 $this->destroy_all_sessions(); 160 179 } 161 180 } … … 176 195 177 196 /** 178 * Destroy all tokens for a user.179 * 180 * @since 4.0.0 181 * @access public 182 */ 183 final public function destroy_all _tokens() {197 * Destroy all session tokens for a user. 198 * 199 * @since 4.0.0 200 * @access public 201 */ 202 final public function destroy_all() { 184 203 $this->destroy_all_sessions(); 185 204 } 186 205 187 206 /** 188 * Destroy all tokens for all users.207 * Destroy all session tokens for all users. 189 208 * 190 209 * @since 4.0.0 … … 192 211 * @static 193 212 */ 194 final public static function destroy_all_ tokens_for_all_users() {213 final public static function destroy_all_for_all_users() { 195 214 $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' ); 196 215 call_user_func( array( $manager, 'drop_sessions' ) ); … … 205 224 * @return array Sessions of a user. 206 225 */ 207 final public function get_all _sessions() {226 final public function get_all() { 208 227 return array_values( $this->get_sessions() ); 209 228 } … … 225 244 * @access protected 226 245 * 227 * @param $verifier Verifier of the session to retrieve.246 * @param string $verifier Verifier of the session to retrieve. 228 247 * @return array|null The session, or null if it does not exist. 229 248 */ … … 238 257 * @access protected 239 258 * 240 * @param $verifier Verifier of the session to update.259 * @param string $verifier Verifier of the session to update. 241 260 */ 242 261 abstract protected function update_session( $verifier, $session = null ); … … 249 268 * @access protected 250 269 * 251 * @param $verifier Verifier of the session to keep.270 * @param string $verifier Verifier of the session to keep. 252 271 */ 253 272 abstract protected function destroy_other_sessions( $verifier ); … … 317 336 * @access protected 318 337 * 319 * @param $verifier Verifier of the session to retrieve.338 * @param string $verifier Verifier of the session to retrieve. 320 339 * @return array|null The session, or null if it does not exist 321 340 */ … … 377 396 * @access protected 378 397 * 379 * @param $verifier Verifier of the session to keep.398 * @param string $verifier Verifier of the session to keep. 380 399 */ 381 400 protected function destroy_other_sessions( $verifier ) { -
trunk/src/wp-includes/user.php
r29454 r29635 2208 2208 function wp_get_all_sessions() { 2209 2209 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2210 return $manager->get_all _sessions();2210 return $manager->get_all(); 2211 2211 } 2212 2212 … … 2220 2220 if ( $token ) { 2221 2221 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2222 $manager->destroy _token( $token );2222 $manager->destroy( $token ); 2223 2223 } 2224 2224 } … … 2233 2233 if ( $token ) { 2234 2234 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2235 $manager->destroy_other _tokens( $token );2235 $manager->destroy_others( $token ); 2236 2236 } 2237 2237 } … … 2244 2244 function wp_destroy_all_sessions() { 2245 2245 $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); 2246 $manager->destroy_all _tokens();2247 } 2246 $manager->destroy_all(); 2247 } -
trunk/tests/phpunit/tests/user/session.php
r29221 r29635 19 19 function test_verify_and_destroy_token() { 20 20 $expiration = time() + DAY_IN_SECONDS; 21 $token = $this->manager->create _token( $expiration );22 $this->assertFalse( $this->manager->verify _token( 'foo' ) );23 $this->assertTrue( $this->manager->verify _token( $token ) );24 $this->manager->destroy _token( $token );25 $this->assertFalse( $this->manager->verify _token( $token ) );21 $token = $this->manager->create( $expiration ); 22 $this->assertFalse( $this->manager->verify( 'foo' ) ); 23 $this->assertTrue( $this->manager->verify( $token ) ); 24 $this->manager->destroy( $token ); 25 $this->assertFalse( $this->manager->verify( $token ) ); 26 26 } 27 27 28 28 function test_destroy_other_tokens() { 29 29 $expiration = time() + DAY_IN_SECONDS; 30 $token_1 = $this->manager->create _token( $expiration );31 $token_2 = $this->manager->create _token( $expiration );32 $token_3 = $this->manager->create _token( $expiration );33 $this->assertTrue( $this->manager->verify _token( $token_1 ) );34 $this->assertTrue( $this->manager->verify _token( $token_2 ) );35 $this->assertTrue( $this->manager->verify _token( $token_3 ) );36 $this->manager->destroy_other _tokens( $token_2 );37 $this->assertFalse( $this->manager->verify _token( $token_1 ) );38 $this->assertTrue( $this->manager->verify _token( $token_2 ) );39 $this->assertFalse( $this->manager->verify _token( $token_3 ) );30 $token_1 = $this->manager->create( $expiration ); 31 $token_2 = $this->manager->create( $expiration ); 32 $token_3 = $this->manager->create( $expiration ); 33 $this->assertTrue( $this->manager->verify( $token_1 ) ); 34 $this->assertTrue( $this->manager->verify( $token_2 ) ); 35 $this->assertTrue( $this->manager->verify( $token_3 ) ); 36 $this->manager->destroy_others( $token_2 ); 37 $this->assertFalse( $this->manager->verify( $token_1 ) ); 38 $this->assertTrue( $this->manager->verify( $token_2 ) ); 39 $this->assertFalse( $this->manager->verify( $token_3 ) ); 40 40 } 41 41 42 42 function test_destroy_all_tokens() { 43 43 $expiration = time() + DAY_IN_SECONDS; 44 $token_1 = $this->manager->create _token( $expiration );45 $token_2 = $this->manager->create _token( $expiration );46 $this->assertTrue( $this->manager->verify _token( $token_1 ) );47 $this->assertTrue( $this->manager->verify _token( $token_2 ) );48 $this->manager->destroy_all _tokens();49 $this->assertFalse( $this->manager->verify _token( $token_1 ) );50 $this->assertFalse( $this->manager->verify _token( $token_2 ) );44 $token_1 = $this->manager->create( $expiration ); 45 $token_2 = $this->manager->create( $expiration ); 46 $this->assertTrue( $this->manager->verify( $token_1 ) ); 47 $this->assertTrue( $this->manager->verify( $token_2 ) ); 48 $this->manager->destroy_all(); 49 $this->assertFalse( $this->manager->verify( $token_1 ) ); 50 $this->assertFalse( $this->manager->verify( $token_2 ) ); 51 51 } 52 52 }
Note: See TracChangeset
for help on using the changeset viewer.