Make WordPress Core

Changeset 54477


Ignore:
Timestamp:
10/11/2022 01:43:20 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Users: Fetch user by login in retrieve_password() if not found by email.

This ensures that sending a password reset link works as expected if the user's login and email were initially the same, but the email address was subsequently updated and no longer matches the login, which is still set to the old address.

Follow-up to [6643], [18513], [19056], [37474], [50129], [50140].

Props donmhico, pbearne, azouamauriac, boblindner, daxelrod, audrasjb, SergeyBiryukov.
Fixes #53634.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r54397 r54477  
    30393039    }
    30403040
     3041    $user_login = trim( wp_unslash( $user_login ) );
     3042
    30413043    if ( empty( $user_login ) ) {
    30423044        $errors->add( 'empty_username', __( '<strong>Error:</strong> Please enter a username or email address.' ) );
    30433045    } elseif ( strpos( $user_login, '@' ) ) {
    3044         $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );
     3046        $user_data = get_user_by( 'email', $user_login );
     3047
     3048        if ( empty( $user_data ) ) {
     3049            $user_data = get_user_by( 'login', $user_login );
     3050        }
     3051
    30453052        if ( empty( $user_data ) ) {
    30463053            $errors->add( 'invalid_email', __( '<strong>Error:</strong> There is no account with that username or email address.' ) );
    30473054        }
    30483055    } else {
    3049         $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) );
     3056        $user_data = get_user_by( 'login', $user_login );
    30503057    }
    30513058
  • trunk/tests/phpunit/tests/user/retrievePassword.php

    r52606 r54477  
    4848     */
    4949    public function test_retrieve_password_reset_notification_email() {
    50         $message = 'Sending password reset notification email failed.';
    51         $this->assertNotWPError( retrieve_password( $this->user->user_login ), $message );
     50        $this->assertNotWPError( retrieve_password( $this->user->user_login ), 'Sending password reset notification email failed.' );
    5251    }
    5352
     
    6564        );
    6665
    67         $message = 'Sending password reset notification email succeeded.';
    68         $this->assertWPError( retrieve_password( $this->user->user_login ), $message );
     66        $this->assertWPError( retrieve_password( $this->user->user_login ), 'Sending password reset notification email succeeded.' );
     67    }
     68
     69    /**
     70     * @ticket 53634
     71     */
     72    public function test_retrieve_password_should_fetch_user_by_login_if_not_found_by_email() {
     73        self::factory()->user->create(
     74            array(
     75                'user_login' => 'foo@example.com',
     76                'user_email' => 'bar@example.com',
     77            )
     78        );
     79
     80        $this->assertTrue( retrieve_password( 'foo@example.com' ), 'Fetching user by login failed.' );
     81        $this->assertTrue( retrieve_password( 'bar@example.com' ), 'Fetching user by email failed.' );
    6982    }
    7083}
Note: See TracChangeset for help on using the changeset viewer.