sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

User: Invalidate `user_activation_key` on password update. 

Props: sstoqnov, sergeybiryukov.



git-svn-id: https://develop.svn.wordpress.org/trunk@47634 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock 2020-04-29 15:23:37 +00:00
parent cfb690cb8e
commit 4354d1fc5c
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/user.php
View File

@ -1812,7 +1812,7 @@ function wp_insert_user( $userdata ) {
}
if ( $update ) {
if ( $user_email !== $old_user_data->user_email ) {
if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
$data['user_activation_key'] = '';
}
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );

22
tests/phpunit/tests/user.php
View File

@ -1036,7 +1036,7 @@ class Tests_User extends WP_UnitTestCase {
$this->assertEquals( $u, wp_cache_get( $updated_user->user_nicename, 'userslugs' ) );
}
function test_changing_email_invalidates_password_reset_key() {
public function test_changing_email_invalidates_password_reset_key() {
global $wpdb;
$user = $this->author;
@ -1068,6 +1068,26 @@ class Tests_User extends WP_UnitTestCase {
$this->assertEmpty( $user->user_activation_key );
}
public function test_changing_password_invalidates_password_reset_key() {
global $wpdb;
$user = $this->author;
$wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
clean_user_cache( $user );
$user = get_userdata( $user->ID );
$this->assertEquals( 'key', $user->user_activation_key );
$userdata = array(
'ID' => $user->ID,
'user_pass' => 'password',
);
wp_update_user( $userdata );
$user = get_userdata( $user->ID );
$this->assertEmpty( $user->user_activation_key );
}
public function test_search_users_login() {
$users = get_users(
array(