Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
65.00% |
13 / 20 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
Login_Ajax | |
65.00% |
13 / 20 |
|
50.00% |
1 / 2 |
9.10 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
email_magic_link | |
61.11% |
11 / 18 |
|
0.00% |
0 / 1 |
8.12 |
1 | <?php |
2 | /** |
3 | * Handle the button press on wp-login.php. |
4 | * |
5 | * @package brianhenryie/bh-wp-autologin-urls |
6 | */ |
7 | |
8 | namespace BrianHenryIE\WP_Autologin_URLs\Login; |
9 | |
10 | use BrianHenryIE\WP_Autologin_URLs\API_Interface; |
11 | use Psr\Log\LoggerAwareTrait; |
12 | use Psr\Log\LoggerInterface; |
13 | |
14 | /** |
15 | * Checks the nonce and forwards the message. |
16 | * Returns a response to the client & protects privacy. |
17 | * |
18 | * @see API::send_magic_link() |
19 | */ |
20 | class Login_Ajax { |
21 | use LoggerAwareTrait; |
22 | |
23 | /** |
24 | * This AJAX class is a UI facade. |
25 | * |
26 | * @see API_Interface::send_magic_link() |
27 | * |
28 | * @var API_Interface The plugin's main functions. |
29 | */ |
30 | protected API_Interface $api; |
31 | |
32 | /** |
33 | * Constructor. |
34 | * |
35 | * @param API_Interface $api The plugin's core functions. |
36 | * @param LoggerInterface $logger A PSR logger. |
37 | */ |
38 | public function __construct( API_Interface $api, LoggerInterface $logger ) { |
39 | $this->setLogger( $logger ); |
40 | |
41 | $this->api = $api; |
42 | } |
43 | |
44 | /** |
45 | * Handle the button press for sending the magic link. |
46 | * |
47 | * @hooked wp_ajax_nopriv_bh_wp_autologin_urls_send_magic_link |
48 | */ |
49 | public function email_magic_link(): void { |
50 | |
51 | if ( ! check_ajax_referer( self::class, false, false ) ) { |
52 | wp_send_json_error( array( 'message' => 'Bad/no nonce.' ), 400 ); |
53 | } |
54 | |
55 | if ( ! isset( $_POST['username'] ) ) { |
56 | wp_send_json_error( 'No username provided.', 400 ); |
57 | } |
58 | |
59 | $username = sanitize_user( wp_unslash( $_POST['username'] ) ); |
60 | |
61 | $url = null; |
62 | if ( ! empty( $_POST['url'] ) ) { |
63 | $url = esc_url_raw( wp_unslash( $_POST['url'] ) ); |
64 | |
65 | // WooCommerce `_wp_http_referer` is relative to the server root (rather than the site url). |
66 | // whereas redirect_to on wp-login.php is absolute. |
67 | if ( 0 !== strpos( $url, get_site_url() ) ) { |
68 | $url = get_http_origin() . $url; |
69 | } |
70 | } |
71 | |
72 | $result = $this->api->send_magic_link( $username, $url ); |
73 | |
74 | $response = array(); |
75 | |
76 | // Should probably just use an exception. |
77 | if ( isset( $result['error'] ) ) { |
78 | $response['message'] = __( 'An error occurred when sending the magic login email.', 'bh-wp-autologin-urls' ); |
79 | wp_send_json_error( $response, 500 ); |
80 | } |
81 | |
82 | $expires_in_friendly = human_time_diff( time() - $result['expires_in'] ); |
83 | |
84 | /* translators: %1$s is the length of time e.g. "15 mins". */ |
85 | $response['message'] = sprintf( __( 'Check your email for the login link. The link will expire in %1$s.', 'bh-wp-autologin-urls' ), $expires_in_friendly ); |
86 | wp_send_json( $response ); |
87 | } |
88 | } |