Add a method to confirm user requests by email. First run.

Props mikejolley. See #43443. Built from https://develop.svn.wordpress.org/trunk@42791 git-svn-id: http://core.svn.wordpress.org/trunk@42621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-06 23:47:30 +00:00 · 2018-03-06 23:47:30 +00:00 · 791b11bc3f
parent 6a4b2a022a
commit 791b11bc3f
3 changed files with 307 additions and 6 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1370,9 +1370,9 @@ function clean_user_cache( $user ) {

 /**
 * Determines whether the given username exists.
- * 
+ *
 * For more information on this and similar theme functions, check out
- * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
+ * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
 * Conditional Tags} article in the Theme Developer Handbook.
 *
 * @since 2.0.0
@ -1400,9 +1400,9 @@ function username_exists( $username ) {

 /**
 * Determines whether the given email exists.
- * 
+ *
 * For more information on this and similar theme functions, check out
- * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
+ * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
 * Conditional Tags} article in the Theme Developer Handbook.
 *
 * @since 2.1.0
@ -2809,3 +2809,258 @@ function new_user_email_admin_notice() {
 		echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
 	}
 }
+
+/**
+ * Send a confirmation request email to confirm an action.
+ *
+ * @since 5.0.0
+ *
+ * @param string $action_name        Name of the action that is being confirmed.
+ * @param string $action_description User facing description of the action they will be confirming.
+ * @param string $email              User email address. This can be the address of a registered or non-registered user. Defaults to logged in user email address.
+ *
+ * @return WP_ERROR|bool Will return true/false based on the success of sending the email, or a WP_Error object.
+ */
+function send_confirm_account_action_email( $action_name, $action_description = '', $email = '' ) {
+	$action_name        = sanitize_key( $action_name );
+	$action_description = wp_kses_post( $action_description );
+
+	if ( empty( $action_name ) ) {
+		return new WP_Error( 'invalid_action', __( 'Invalid action' ) );
+	}
+
+	if ( empty( $email ) ) {
+		$user  = wp_get_current_user();
+		$email = $user->ID ? $user->user_email : '';
+	} else {
+		$user = false;
+	}
+
+	$email = sanitize_email( $email );
+
+	if ( ! is_email( $email ) ) {
+		return new WP_Error( 'invalid_email', __( 'Invalid email address' ) );
+	}
+
+	if ( ! $user ) {
+		$user = get_user_by( 'email', $email );
+	}
+
+	// We could be dealing with a registered user account, or a visitor.
+	$is_registered_user = $user && ! is_wp_error( $user );
+	$uid                = $is_registered_user ? $user->ID : hash( 'sha256', $email );
+	$confirm_key        = get_confirm_account_action_key( $action_name, $email );
+
+	if ( is_wp_error( $confirm_key ) ) {
+		return $confirm_key;
+	}
+
+	// Prepare the email content.
+	if ( ! $action_description ) {
+		$action_description = $action_name;
+	}
+
+	/* translators: Do not translate DESCRIPTION, CONFIRM_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
+	$email_text = __(
+		'Howdy,
+
+An account linked to your email address has requested to perform
+the following action:
+
+     ###DESCRIPTION###
+
+To confirm this action, please click on the following link:
+###CONFIRM_URL###
+
+You can safely ignore and delete this email if you do not want to
+take this action.
+
+This email has been sent to ###EMAIL###.
+
+Regards,
+All at ###SITENAME###
+###SITEURL###'
+	);
+
+	$email_data = array(
+		'action_name' => $action_name,
+		'email'       => $email,
+		'description' => $action_description,
+		'confirm_url' => add_query_arg( array(
+			'action'         => 'emailconfirm',
+			'confirm_action' => $action_name,
+			'uid'            => $uid,
+			'confirm_key'    => $confirm_key,
+		), site_url( 'wp-login.php' ) ),
+		'sitename'    => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ),
+		'siteurl'     => network_home_url(),
+	);
+
+	/**
+	 * Filters the text of the email sent when an account action is attempted.
+	 *
+	 * The following strings have a special meaning and will get replaced dynamically:
+	 * ###USERNAME###           The user's username, if the user has an account. Prefixed with single space. Otherwise left blank.
+	 * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for.
+	 * ###CONFIRM_URL### The link to click on to confirm the account action.
+	 * ###EMAIL###              The email we are sending to.
+	 * ###SITENAME###           The name of the site.
+	 * ###SITEURL###            The URL to the site.
+	 *
+	 * @param string $email_text     Text in the email.
+	 * @param array  $email_data {
+	 *     Data relating to the account action email.
+	 *
+	 *     @type string $action_name Name of the action being performed.
+	 *     @type string $email       The email address this is being sent to.
+	 *     @type string $description Description of the action being performed so the user knows what the email is for.
+	 *     @type string $confirm_url The link to click on to confirm the account action.
+	 *     @type string $sitename    The site name sending the mail.
+	 *     @type string $siteurl     The site URL sending the mail.
+	 * }
+	 */
+	$content = apply_filters( 'confirm_account_action_email_content', $email_text, $email_data );
+
+	$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
+	$content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
+	$content = str_replace( '###EMAIL###', $email_data['email'], $content );
+	$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
+	$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
+
+	/* translators: %s Site name. */
+	return wp_mail( $email_data['email'], sprintf( __( '[%s] Confirm Account Action' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
+}
+
+/**
+ * Creates, stores, then returns a confirmation key for an account action.
+ *
+ * @since 5.0.0
+ *
+ * @param string $action_name Name of the action this key is being generated for.
+ * @param string $email       User email address. This can be the address of a registered or non-registered user.
+ *
+ * @return string|WP_Error Confirmation key on success. WP_Error on error.
+ */
+function get_confirm_account_action_key( $action_name, $email ) {
+	global $wp_hasher;
+
+	if ( ! is_email( $email ) ) {
+		return new WP_Error( 'invalid_email', __( 'Invalid email address' ) );
+	}
+
+	if ( empty( $action_name ) ) {
+		return new WP_Error( 'invalid_action', __( 'Invalid action' ) );
+	}
+
+	$user = get_user_by( 'email', $email );
+
+	// We could be dealing with a registered user account, or a visitor.
+	$is_registered_user = $user && ! is_wp_error( $user );
+
+	// Generate something random for a confirmation key.
+	$key = wp_generate_password( 20, false );
+
+	// Now insert the key, hashed, into the DB.
+	if ( empty( $wp_hasher ) ) {
+		require_once ABSPATH . WPINC . '/class-phpass.php';
+		$wp_hasher = new PasswordHash( 8, true );
+	}
+
+	$hashed_key = $wp_hasher->HashPassword( $key );
+
+	if ( $is_registered_user ) {
+		$key_saved = (bool) update_user_meta( $user->ID, '_account_action_' . $action_name, implode( ':', array( time(), $hashed_key ) ) );
+	} else {
+		$key_saved = (bool) update_site_option( '_account_action_' . hash( 'sha256', $email ) . '_' . $action_name, implode( ':', array( time(), $hashed_key, $email ) ) );
+	}
+
+	if ( false === $key_saved ) {
+		return new WP_Error( 'no_confirm_account_action_key_update', __( 'Could not save confirm account action key to database.' ) );
+	}
+
+	return $key;
+}
+
+/**
+ * Checks if a key is valid and handles the action based on this.
+ *
+ * @since 5.0.0
+ *
+ * @param string $action_name Name of the action this key is being generated for.
+ * @param string $key         Key to confirm.
+ * @param string $uid         Email hash or user ID.
+ *
+ * @return array|WP_Error WP_Error on failure, action name and user email address on success.
+ */
+function check_confirm_account_action_key( $action_name, $key, $uid ) {
+	global $wp_hasher;
+
+	if ( ! empty( $action_name ) && ! empty( $key ) && ! empty( $uid ) ) {
+		$user = false;
+
+		if ( is_numeric( $uid ) ) {
+			$user = get_user_by( 'id', absint( $uid ) );
+		}
+
+		// We could be dealing with a registered user account, or a visitor.
+		$is_registered_user = $user && ! is_wp_error( $user );
+		$key_request_time = '';
+		$saved_key        = '';
+		$email            = '';
+
+		if ( empty( $wp_hasher ) ) {
+			require_once ABSPATH . WPINC . '/class-phpass.php';
+			$wp_hasher = new PasswordHash( 8, true );
+		}
+
+		// Get the saved key from the database.
+		if ( $is_registered_user ) {
+			$confirm_action_data = get_user_meta( $user->ID, '_account_action_' . $action_name, true );
+			$email               = $user->user_email;
+
+			if ( false !== strpos( $confirm_action_data, ':' ) ) {
+				list( $key_request_time, $saved_key ) = explode( ':', $confirm_action_data, 2 );
+			}
+		} else {
+			$confirm_action_data = get_site_option( '_account_action_' . $uid . '_' . $action_name, '' );
+
+			if ( false !== strpos( $confirm_action_data, ':' ) ) {
+				list( $key_request_time, $saved_key, $email ) = explode( ':', $confirm_action_data, 3 );
+			}
+		}
+
+		if ( ! $saved_key ) {
+			return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
+		}
+
+		/**
+		 * Filters the expiration time of confirm keys.
+		 *
+		 * @param int $expiration The expiration time in seconds.
+		 */
+		$expiration_duration = apply_filters( 'account_action_expiration', DAY_IN_SECONDS );
+		$expiration_time     = $key_request_time + $expiration_duration;
+
+		if ( $wp_hasher->CheckPassword( $key, $saved_key ) ) {
+			if ( $expiration_time && time() < $expiration_time ) {
+				$return = array(
+					'action' => $action_name,
+					'email'  => $email,
+				);
+			} else {
+				$return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
+			}
+
+			// Clean up stored keys.
+			if ( $is_registered_user ) {
+				delete_user_meta( $user->ID, '_account_action_' . $action_name );
+			} else {
+				delete_site_option( '_account_action_' . $uid . '_' . $action_name );
+			}
+
+			return $return;
+		}
+	}
+
+	return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
+}
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.0-alpha-42790';
+$wp_version = '5.0-alpha-42791';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-login.php
+++ b/wp-login.php
@ -427,7 +427,7 @@ if ( isset( $_GET['key'] ) ) {
 }

 // validate action so as to default to the login screen
-if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) {
+if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'emailconfirm' ), true ) && false === has_filter( 'login_form_' . $action ) ) {
 	$action = 'login';
 }

@ -858,6 +858,52 @@ switch ( $action ) {

 		break;

+	case 'emailconfirm' :
+		if ( isset( $_GET['confirm_action'], $_GET['confirm_key'], $_GET['uid'] ) ) {
+			$action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) );
+			$key         = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
+			$uid         = sanitize_text_field( wp_unslash( $_GET['uid'] ) );
+			$result      = check_confirm_account_action_key( $action_name, $key, $uid );
+		} else {
+			$result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
+		}
+
+		if ( is_wp_error( $result ) ) {
+			/**
+			 * Fires an action hook when the account action was not confirmed.
+			 * 
+			 * After running this action hook the page will die.
+			 * 
+			 * @param WP_Error $result Error object.
+			 */
+			do_action( 'account_action_failed', $result );
+
+			wp_die( $result );
+		}
+		
+		/**
+		 * Fires an action hook when the account action has been confirmed by the user.
+		 * 
+		 * Using this you can assume the user has agreed to perform the action by
+		 * clicking on the link in the confirmation email.
+		 * 
+		 * After firing this action hook the page will redirect to wp-login a callback 
+		 * redirects or exits first.
+		 * 
+		 * @param array $result {
+		 *     Data about the action which was confirmed.
+		 *
+		 *     @type string $action Name of the action that was confirmed.
+		 *     @type string $email  Email of the user who confirmed the action.
+		 * }
+		 */
+		do_action( 'account_action_confirmed', $result );
+
+		$message = '<p class="message">' . __( 'Action has been confirmed.' ) . '</p>';
+		login_header( '', $message );
+		login_footer();
+		exit;
+
 	case 'login':
 	default:
 		$secure_cookie   = '';