expire login links #1 #37
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,89 +1,94 @@ | ||
| # One Time Login # | ||
| **Contributors:** danielbachhuber, aaronjorbin, acali, gdespoulain, masakik | ||
| **Tags:** login | ||
| **Requires at least:** 4.4 | ||
| **Tested up to:** 6.2 | ||
| **Stable tag:** 0.5.0 | ||
| **Requires PHP:** 7.1 | ||
| **License:** GPLv2 or later | ||
| **License URI:** http://www.gnu.org/licenses/gpl-2.0.html | ||
|
|
||
| Use WP-CLI to generate a one-time login URL for any user | ||
|
|
||
| ## Description ## | ||
|
|
||
| Need access to a WordPress install but don't want to create a new user account? Use this plugin to generate one-time login URLs for any existing user. | ||
| Then, copy the URL, paste it into your web browser, and... voila! | ||
|
|
||
| Because they are one-time login URLs, they will only work once. If you need access again, you'll need to run the WP-CLI command again. | ||
|
|
||
| # Using WP CLI to generate OTT URLs # | ||
|
|
||
| ==== Example ==== | ||
|
|
||
| wp plugin install one-time-login --activate && wp user one-time-login <user> --count=3 --delay-delete --expiry=0 | ||
|
|
||
| After you run the command above, you'll see a success message like this: | ||
|
|
||
| http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=93974b48e3a418b895fc7ca476f1a607d8b99345 | ||
|
|
||
| Or like this if you asked for more than one: | ||
|
|
||
| http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=2b9c6f5d71d51d530e397ee9da3b50e4e3dd06e7 | ||
| http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=90897da439a116c613fc1c49c372e6b1f7c72ad8 | ||
| http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=68c8074743de849db606500c3caa39a7432dc601 | ||
|
|
||
| ==== Parameters ==== | ||
|
|
||
| * *count*: Generate more than one login token (default: 1); | ||
| * *delay-delete*: Delete existing tokens after 15 minutes, instead of immediately. | ||
| * *expiry*: Delete existing token after "expiry" minutes from creation, even if not used (default: 0 - never expiry). | ||
|
|
||
| # Using WP API to generate OTT URLs # | ||
|
|
||
| ==== Example with cUrl ==== | ||
|
|
||
| curl -X POST \ | ||
| http://wpdev.test/wp-json/one-time-login/v1/token | ||
| -H 'authorization: Basic YWRtaW46eFRQeUJ5c3hEckhkY3BNYjE2endiQ2tj' | ||
| -H 'cache-control: no-cache' | ||
| -H 'postman-token: 8dcfa79a-401a-2c7d-c593-703e683ce785' | ||
| -d '{ | ||
| "user":"admin", | ||
| "count": 3, | ||
| "delay-delete": true | ||
| "expiry": 5 | ||
| }' | ||
|
|
||
| ==== Parameters ==== | ||
|
|
||
| Just as with WP CLI, you can add the **count**, **delay_delete** and **expiry** parameters to your call. | ||
|
|
||
| Feel free to [file issues and pull requests](https://github.com/danielbachhuber/one-time-login) against the project on Github. | ||
|
|
||
| ## Installation ## | ||
|
|
||
| See description for installation and usage instructions. | ||
|
|
||
| ## Changelog ## | ||
|
|
||
| ### 0.5.0 (June 15th, 2023) ### | ||
| * Introduces `--expiry` flag to delete tokens after "expiry" minutes from creation [[#1](https://github.com/danielbachhuber/one-time-login/issues/1)]. | ||
|
|
||
| ### 0.4.0 (August 30th, 2021) ### | ||
| * Introduces `one-time-login/v1/token` WP REST API endpoint to generate tokens [[#28](https://github.com/danielbachhuber/one-time-login/pull/28)]. | ||
|
|
||
| ### 0.3.1 (June 1st, 2021) ### | ||
| * Fires `one_time_login_after_auth_cookie_set` action after the auth cookie is set [[#27](https://github.com/danielbachhuber/one-time-login/pull/27)]. | ||
|
|
||
| ### 0.3.0 (May 24th, 2018) ### | ||
| * Introduces `--delay-delete` flag to delete old tokens after 15 minutes instead of immediately. | ||
| * Improves invalid token message when user is already logged in: "Invalid one-time login token, but you are logged in as 'user_login'. Go to the dashboard instead?". | ||
|
|
||
| ### 0.2.0 (May 3rd, 2018) ### | ||
| * Introduces support for multiple one-time login links. | ||
| * Links to the login screen from the "Invalid token" error message. | ||
|
|
||
| ### 0.1.2 (June 11th, 2016) ### | ||
| * Fires `one_time_login_created` action when login URL is created, and `one_time_login_logged_in` action when user is logged in via one-time login URL. | ||
|
|
||
| ### 0.1.1 (May 26th, 2016) ### | ||
| * Bug fix: Pass `$assoc_args` into the command to ensure the `--porcelain` flag actually works. | ||
|
|
||
| ### 0.1.0 (April 28th, 2016) ### | ||
| * Initial release. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,7 +7,7 @@ | |
| * Author URI: https://danielbachhuber.com | ||
| * Text Domain: one-time-login | ||
| * Domain Path: /languages | ||
| * Version: 0.5.0 | ||
| * | ||
| * @package One_Time_Login | ||
| */ | ||
|
|
@@ -17,11 +17,12 @@ | |
| * | ||
| * @param WP_User|null $user ID, email address, or user login for the user. | ||
| * @param int $count Generate a specified number of login tokens (default: 1). | ||
| * @param bool $delay_delete Delete existing tokens after 15 minutes, instead of immediately. | ||
| * @param int $expiry Delete existing token after $expiry minutes from creation, even if not used (default: 0 - not expiry). | ||
| * | ||
| * @return array | ||
| */ | ||
| function one_time_login_generate_tokens( $user, $count, $delay_delete, $expiry ) { | ||
| $tokens = $new_tokens = array(); | ||
| $login_urls = array(); | ||
|
|
||
|
|
@@ -47,7 +48,11 @@ function one_time_login_generate_tokens( $user, $count, $delay_delete ) { | |
| 'one_time_login_token' => $token, | ||
| ); | ||
| $login_urls[] = add_query_arg( $query_args, wp_login_url() ); | ||
| if ( $expiry ) { | ||
| wp_schedule_single_event( time() + ( $expiry * MINUTE_IN_SECONDS ), 'one_time_login_cleanup_expired_tokens', array( $user->ID, $tokens ) ); | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| return $login_urls; | ||
|
|
@@ -61,6 +66,7 @@ function one_time_login_generate_tokens( $user, $count, $delay_delete ) { | |
| * <user> | ||
| * [--count=<count>] | ||
| * [--delay-delete] | ||
| * [--expiry=<minutes>] | ||
| * | ||
| * ## EXAMPLES | ||
| * | ||
|
|
@@ -76,16 +82,18 @@ function one_time_login_wp_cli_command( $args, $assoc_args ) { | |
| $fetcher = new WP_CLI\Fetchers\User; | ||
| $user = $fetcher->get_check( $args[0] ); | ||
| $delay_delete = WP_CLI\Utils\get_flag_value( $assoc_args, 'delay-delete' ); | ||
| $expiry = WP_CLI\Utils\get_flag_value( $assoc_args, 'expiry' ); | ||
| $count = (int) ( $assoc_args['count'] ?? 1 ); | ||
|
|
||
| $login_urls = one_time_login_generate_tokens( $user, $count, $delay_delete, $expiry ); | ||
| foreach ( $login_urls as $login_url ) { | ||
| WP_CLI::log( $login_url ); | ||
| } | ||
| } | ||
|
|
||
| if ( class_exists( 'WP_CLI' ) ) { | ||
| $args = ['synopsis' => '<user> [--count=<count>] [--delay-delete] [--expiry=<minutes>]']; | ||
|
There was a problem hiding this comment. A better approach would be to update the PHPdoc to include the synopsis. Can you make that change? Here's an overview to the standard: https://make.wordpress.org/cli/handbook/guides/commands-cookbook/#annotating-with-phpdoc There was a problem hiding this comment. Sure. Digging a bit more found that PHPdocblock need a description on each param do be parsed correctly on php-cli, like this:
|
||
| WP_CLI::add_command( 'user one-time-login', 'one_time_login_wp_cli_command', $args ); | ||
| } | ||
|
|
||
| /** | ||
|
|
@@ -95,6 +103,7 @@ function one_time_login_wp_cli_command( $args, $assoc_args ) { | |
| * | ||
| * /count/<count>/ | ||
| * /delay-delete/<0 or 1> | ||
| * /expiry/<minutes> | ||
masakik marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * | ||
| * ## EXAMPLES | ||
| * | ||
|
|
@@ -111,9 +120,10 @@ function one_time_login_api_request( WP_REST_Request $request ) { | |
|
|
||
| $user = get_user_by( 'login', $request['user'] ); | ||
| $delay_delete = (bool) ( $request['delay_delete'] ?? false ); | ||
| $expiry = (int) ( $request['expiry'] ?? 0 ); | ||
| $count = (int) ( $request['count'] ?? 1 ); | ||
|
|
||
| $login_urls = one_time_login_generate_tokens( $user, $count, $delay_delete, $expiry ); | ||
|
|
||
| return new WP_REST_Response( $login_urls ); | ||
| } | ||
|
|
@@ -145,6 +155,12 @@ function one_time_login_rest_api_init() { | |
| return is_numeric( $param ); | ||
| }, | ||
| ), | ||
| 'expiry' => array( | ||
| 'required' => false, | ||
| 'validate_callback' => function ( $param ) { | ||
| return is_numeric( $param ); | ||
| }, | ||
| ), | ||
| ), | ||
| 'permission_callback' => function ( WP_REST_Request $request ) { | ||
| if ( empty( $request['user'] ) ) { | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we default to
0so we don't break existing calls to this function?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as $delay_delete, default value is set on calling function. I can change this but I think this way keeps the current standard.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd be best to make this change.