WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
08/13/2025 08:12:46 PM (3 months ago)
Author:
davidbaumwald
Message:

Users: Fire wp_set_password action when creating or updating a user's password.

Various filters and actions fire during user creation and editing, making available all manner of user data to be acted upon by custom code. However, a user's password was not included in the data that was made available.

This change now fires an existing action, wp_set_password, during initial user creation and when an existing user's password is updated.

Props ChloeD, scribu, dd32, pento, chriscct7, johnbillion, logicrays, nimeshatxecurify.
Fixes #22114.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/user.php

    r60253 r60634  
    23542354        $this->assertSame( 1, $db_update_count );
    23552355    }
     2356
     2357    /**
     2358     * Tests that `wp_set_password` action is triggered correctly during `wp_insert_user()`.
     2359     *
     2360     * @ticket 22114
     2361     */
     2362    public function test_set_password_action_fires_during_wp_insert_user() {
     2363        $mock_action = new MockAction();
     2364
     2365        add_action( 'wp_set_password', array( $mock_action, 'action' ), 10, 3 );
     2366
     2367        $userdata = array(
     2368            'user_login' => 'testuser_' . wp_rand(),
     2369            'user_pass'  => 'initialpassword',
     2370            'user_email' => 'testuser@example.com',
     2371        );
     2372
     2373        $user_id = wp_insert_user( $userdata );
     2374
     2375        // Assert that `wp_set_password` was triggered once during user creation.
     2376        $this->assertSame( 1, $mock_action->get_call_count(), 'wp_set_password was not triggered during user creation.' );
     2377
     2378        $args = $mock_action->get_args();
     2379
     2380        $this->assertSame( $userdata['user_pass'], $args[0][0], 'Wrong password argument in action.' );
     2381        $this->assertSame( $user_id, $args[0][1], 'Wrong user ID in action.' );
     2382    }
     2383
     2384    /**
     2385     * Tests that `wp_set_password` action is triggered correctly during `wp_update_user()`.
     2386     *
     2387     * @ticket 22114
     2388     */
     2389    public function test_set_password_action_on_user_update() {
     2390        $mock_action = new MockAction();
     2391
     2392        add_action( 'wp_set_password', array( $mock_action, 'action' ), 10, 3 );
     2393
     2394        $user_id = $this->factory()->user->create(
     2395            array(
     2396                'role'       => 'subscriber',
     2397                'user_login' => 'testuser_update',
     2398                'user_email' => 'testuser_update@example.com',
     2399                'user_pass'  => 'initialpassword',
     2400            )
     2401        );
     2402
     2403        $mock_action->reset();
     2404
     2405        $updated_password = 'newpassword123';
     2406
     2407        $userdata = array(
     2408            'ID'        => $user_id,
     2409            'user_pass' => $updated_password,
     2410        );
     2411
     2412        wp_update_user( $userdata );
     2413
     2414        $this->assertSame( 1, $mock_action->get_call_count(), 'wp_set_password was not triggered during password update.' );
     2415
     2416        $args = $mock_action->get_args();
     2417
     2418        $this->assertSame( $updated_password, $args[0][0], 'Invalid password in wp_set_password action.' );
     2419        $this->assertSame( $user_id, $args[0][1], 'Invalid user ID in wp_set_password action.' );
     2420    }
    23562421}
Note: See TracChangeset for help on using the changeset viewer.