Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
65.00% |
13 / 20 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
| Login_Ajax | |
65.00% |
13 / 20 |
|
50.00% |
1 / 2 |
9.10 | |
0.00% |
0 / 1 |
| __construct | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
| email_magic_link | |
61.11% |
11 / 18 |
|
0.00% |
0 / 1 |
8.12 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Handle the button press on wp-login.php. |
| 4 | * |
| 5 | * @package brianhenryie/bh-wp-autologin-urls |
| 6 | */ |
| 7 | |
| 8 | namespace BrianHenryIE\WP_Autologin_URLs\Login; |
| 9 | |
| 10 | use BrianHenryIE\WP_Autologin_URLs\API_Interface; |
| 11 | use Psr\Log\LoggerAwareTrait; |
| 12 | use Psr\Log\LoggerInterface; |
| 13 | |
| 14 | /** |
| 15 | * Checks the nonce and forwards the message. |
| 16 | * Returns a response to the client & protects privacy. |
| 17 | * |
| 18 | * @see API::send_magic_link() |
| 19 | */ |
| 20 | class Login_Ajax { |
| 21 | use LoggerAwareTrait; |
| 22 | |
| 23 | /** |
| 24 | * This AJAX class is a UI facade. |
| 25 | * |
| 26 | * @see API_Interface::send_magic_link() |
| 27 | * |
| 28 | * @var API_Interface The plugin's main functions. |
| 29 | */ |
| 30 | protected API_Interface $api; |
| 31 | |
| 32 | /** |
| 33 | * Constructor. |
| 34 | * |
| 35 | * @param API_Interface $api The plugin's core functions. |
| 36 | * @param LoggerInterface $logger A PSR logger. |
| 37 | */ |
| 38 | public function __construct( API_Interface $api, LoggerInterface $logger ) { |
| 39 | $this->setLogger( $logger ); |
| 40 | |
| 41 | $this->api = $api; |
| 42 | } |
| 43 | |
| 44 | /** |
| 45 | * Handle the button press for sending the magic link. |
| 46 | * |
| 47 | * @hooked wp_ajax_nopriv_bh_wp_autologin_urls_send_magic_link |
| 48 | */ |
| 49 | public function email_magic_link(): void { |
| 50 | |
| 51 | if ( ! check_ajax_referer( self::class, false, false ) ) { |
| 52 | wp_send_json_error( array( 'message' => 'Bad/no nonce.' ), 400 ); |
| 53 | } |
| 54 | |
| 55 | if ( ! isset( $_POST['username'] ) ) { |
| 56 | wp_send_json_error( 'No username provided.', 400 ); |
| 57 | } |
| 58 | |
| 59 | $username = sanitize_user( wp_unslash( $_POST['username'] ) ); |
| 60 | |
| 61 | $url = null; |
| 62 | if ( ! empty( $_POST['url'] ) ) { |
| 63 | $url = esc_url_raw( wp_unslash( $_POST['url'] ) ); |
| 64 | |
| 65 | // WooCommerce `_wp_http_referer` is relative to the server root (rather than the site url). |
| 66 | // whereas redirect_to on wp-login.php is absolute. |
| 67 | if ( 0 !== strpos( $url, get_site_url() ) ) { |
| 68 | $url = get_http_origin() . $url; |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | $result = $this->api->send_magic_link( $username, $url ); |
| 73 | |
| 74 | $response = array(); |
| 75 | |
| 76 | // Should probably just use an exception. |
| 77 | if ( isset( $result['error'] ) ) { |
| 78 | $response['message'] = __( 'An error occurred when sending the magic login email.', 'bh-wp-autologin-urls' ); |
| 79 | wp_send_json_error( $response, 500 ); |
| 80 | } |
| 81 | |
| 82 | $expires_in_friendly = human_time_diff( time() - $result['expires_in'] ); |
| 83 | |
| 84 | /* translators: %1$s is the length of time e.g. "15 mins". */ |
| 85 | $response['message'] = sprintf( __( 'Check your email for the login link. The link will expire in %1$s.', 'bh-wp-autologin-urls' ), $expires_in_friendly ); |
| 86 | wp_send_json( $response ); |
| 87 | } |
| 88 | } |