Changeset 45211 for trunk/src/wp-includes/class-wp-recovery-mode.php

Timestamp:

04/16/2019 05:08:16 AM (7 years ago)

Author:

flixos90

Message:

Bootstrap/Load: Allow more than one recovery link to be valid at a time.

While currently a recovery link is only made available via the admin email address, this will be expanded in the future. In order to accomplish that, the mechanisms to store and validate recovery keys must support multiple keys to be valid at the same time.

This changeset adds that support, adding an additional token parameter which is part of a recovery link in addition to the key. A key itself is always associated with a token, so the two are only valid in combination. These associations are stored in a new recovery_keys option, which is regularly cleared in a new Cron hook, to prevent potential cluttering from unused recovery keys.

This changeset does not have any user-facing implications otherwise.

Props pbearne, timothyblynjacobs.
Fixes #46595. See #46130.

File:

• trunk/src/wp-includes/class-wp-recovery-mode.php (modified) (5 diffs)

trunk/src/wp-includes/class-wp-recovery-mode.php

@@ -17 +17 @@
 
     /**
+     * Service to handle cookies.
+     *
+     * @since 5.2.0
+     * @var WP_Recovery_Mode_Cookie_Service
+     */
+    private $cookie_service;
+
+    /**
+     * Service to generate a recovery mode key.
+     *
+     * @since 5.2.0
+     * @var WP_Recovery_Mode_Key_Service
+     */
+    private $key_service;
+
+    /**
+     * Service to generate and validate recovery mode links.
+     *
+     * @since 5.2.0
+     * @var WP_Recovery_Mode_Link_Service
+     */
+    private $link_service;
+
+    /**
      * Service to handle sending an email with a recovery mode link.
      *
@@ -23 +47 @@
      */
     private $email_service;
-
-    /**
-     * Service to generate and validate recovery mode links.
-     *
-     * @since 5.2.0
-     * @var WP_Recovery_Mode_Link_Service
-     */
-    private $link_service;
-
-    /**
-     * Service to handle cookies.
-     *
-     * @since 5.2.0
-     * @var WP_Recovery_Mode_Cookie_Service
-     */
-    private $cookie_service;
 
     /**
@@ -71 +79 @@
     public function __construct() {
         $this->cookie_service = new WP_Recovery_Mode_Cookie_Service();
-        $this->link_service   = new WP_Recovery_Mode_Link_Service( $this->cookie_service );
+        $this->key_service    = new WP_Recovery_Mode_Key_Service();
+        $this->link_service   = new WP_Recovery_Mode_Link_Service( $this->cookie_service, $this->key_service );
         $this->email_service  = new WP_Recovery_Mode_Email_Service( $this->link_service );
     }
@@ -85 +94 @@
         add_action( 'wp_logout', array( $this, 'exit_recovery_mode' ) );
         add_action( 'login_form_' . self::EXIT_ACTION, array( $this, 'handle_exit_recovery_mode' ) );
+        add_action( 'recovery_mode_clean_expired_keys', array( $this, 'clean_expired_keys' ) );
+
+        if ( ! wp_next_scheduled( 'recovery_mode_clean_expired_keys' ) && ! wp_installing() ) {
+            wp_schedule_event( time(), 'daily', 'recovery_mode_clean_expired_keys' );
+        }
 
         if ( defined( 'WP_RECOVERY_MODE_SESSION_ID' ) ) {
@@ -231 +245 @@
         wp_safe_redirect( $redirect_to );
         die;
+    }
+
+    /**
+     * Cleans any recovery mode keys that have expired according to the link TTL.
+     *
+     * Executes on a daily cron schedule.
+     *
+     * @since 5.2.0
+     */
+    public function clean_expired_keys() {
+        $this->key_service->clean_expired_keys( $this->get_link_ttl() );
     }