WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/16/2019 05:08:16 AM (5 months ago)
Author:
flixos90
Message:

Bootstrap/Load: Allow more than one recovery link to be valid at a time.

While currently a recovery link is only made available via the admin email address, this will be expanded in the future. In order to accomplish that, the mechanisms to store and validate recovery keys must support multiple keys to be valid at the same time.

This changeset adds that support, adding an additional token parameter which is part of a recovery link in addition to the key. A key itself is always associated with a token, so the two are only valid in combination. These associations are stored in a new recovery_keys option, which is regularly cleared in a new Cron hook, to prevent potential cluttering from unused recovery keys.

This changeset does not have any user-facing implications otherwise.

Props pbearne, timothyblynjacobs.
Fixes #46595. See #46130.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-recovery-mode.php

    r45117 r45211  
    1717
    1818    /**
     19     * Service to handle cookies.
     20     *
     21     * @since 5.2.0
     22     * @var WP_Recovery_Mode_Cookie_Service
     23     */
     24    private $cookie_service;
     25
     26    /**
     27     * Service to generate a recovery mode key.
     28     *
     29     * @since 5.2.0
     30     * @var WP_Recovery_Mode_Key_Service
     31     */
     32    private $key_service;
     33
     34    /**
     35     * Service to generate and validate recovery mode links.
     36     *
     37     * @since 5.2.0
     38     * @var WP_Recovery_Mode_Link_Service
     39     */
     40    private $link_service;
     41
     42    /**
    1943     * Service to handle sending an email with a recovery mode link.
    2044     *
     
    2347     */
    2448    private $email_service;
    25 
    26     /**
    27      * Service to generate and validate recovery mode links.
    28      *
    29      * @since 5.2.0
    30      * @var WP_Recovery_Mode_Link_Service
    31      */
    32     private $link_service;
    33 
    34     /**
    35      * Service to handle cookies.
    36      *
    37      * @since 5.2.0
    38      * @var WP_Recovery_Mode_Cookie_Service
    39      */
    40     private $cookie_service;
    4149
    4250    /**
     
    7179    public function __construct() {
    7280        $this->cookie_service = new WP_Recovery_Mode_Cookie_Service();
    73         $this->link_service   = new WP_Recovery_Mode_Link_Service( $this->cookie_service );
     81        $this->key_service    = new WP_Recovery_Mode_Key_Service();
     82        $this->link_service   = new WP_Recovery_Mode_Link_Service( $this->cookie_service, $this->key_service );
    7483        $this->email_service  = new WP_Recovery_Mode_Email_Service( $this->link_service );
    7584    }
     
    8594        add_action( 'wp_logout', array( $this, 'exit_recovery_mode' ) );
    8695        add_action( 'login_form_' . self::EXIT_ACTION, array( $this, 'handle_exit_recovery_mode' ) );
     96        add_action( 'recovery_mode_clean_expired_keys', array( $this, 'clean_expired_keys' ) );
     97
     98        if ( ! wp_next_scheduled( 'recovery_mode_clean_expired_keys' ) && ! wp_installing() ) {
     99            wp_schedule_event( time(), 'daily', 'recovery_mode_clean_expired_keys' );
     100        }
    87101
    88102        if ( defined( 'WP_RECOVERY_MODE_SESSION_ID' ) ) {
     
    231245        wp_safe_redirect( $redirect_to );
    232246        die;
     247    }
     248
     249    /**
     250     * Cleans any recovery mode keys that have expired according to the link TTL.
     251     *
     252     * Executes on a daily cron schedule.
     253     *
     254     * @since 5.2.0
     255     */
     256    public function clean_expired_keys() {
     257        $this->key_service->clean_expired_keys( $this->get_link_ttl() );
    233258    }
    234259
Note: See TracChangeset for help on using the changeset viewer.