WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 4 weeks ago

#47192 new enhancement

Allow users to enter recovery mode via their registered email

Reported by: spacedmonkey Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.2
Component: Site Health Keywords: servehappy has-patch
Focuses: Cc:

Description

In WordPress 5.2 recovery mode was added. Recovery mode is entered when by clicking on a special link sent in an email. The email is sent to the admin_email which is stored as an option. However, the current manager / administrator may not have access to this email inbox.

Users with the activate_plugins capability should be able to request a recovery link sent the user's register email via form, similar to the forgotten password form. This request recovery link form, should always be available (default recovery mode on this single page). The unique recovery link key, should likely be stored in user meta with the possibility to work with multisite setups in the future.

Attachments (2)

47192.diff (9.8 KB) - added by spacedmonkey 2 months ago.
47192.1.diff (9.5 KB) - added by spacedmonkey 4 weeks ago.

Download all attachments as: .zip

Change History (12)

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.


2 months ago

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.


2 months ago

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.


2 months ago

#4 @fierevere
2 months ago

It will be fine to store and show error message in recovery mode too, as some users are unable to get email with recovery mode link and error details.

@spacedmonkey
2 months ago

#5 @spacedmonkey
2 months ago

  • Keywords has-patch added; needs-patch removed

I have uploaded a first patch. Completely untested, but I wanted to get the ball rolling.

I know @TimothyBlynJacobs had some security issue with this idea, like him to look at this first patch to see if he can see any issue.

#6 @TimothyBlynJacobs
2 months ago

I think its tough to discuss the possible security ramifications without a working patch. Off the bat, I don't see the same timing related issue because it looks like the permissions check is happening at a normal time. However, forcing recovery mode like this does worry me. But again, hard to say without digging into it.


As an aside, we shouldn't expose the email service. That is an implementation detail of the recovery mode controller. Instead, the request actions should probably be processed inside WP_Recvoery_Mode so it can pass the selected email address to maybe_send_recovery_mode_email.

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.


6 weeks ago

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.


6 weeks ago

#9 @spacedmonkey
4 weeks ago

  • Component changed from General to Site Health

@spacedmonkey
4 weeks ago

#10 @spacedmonkey
4 weeks ago

I have uploaded a functional patch. Barring some formatting of code, I think this patch has legs.

Note: See TracTickets for help on using tickets.