Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Error Protection API: WP_Recovery_Mode_Key_Service class

[2] Fix | Delete

[3] Fix | Delete

* @package WordPress

[4] Fix | Delete

* @since 5.2.0

[5] Fix | Delete

[6] Fix | Delete

[7] Fix | Delete

/**

[8] Fix | Delete

* Core class used to generate and validate keys used to enter Recovery Mode.

[9] Fix | Delete

[10] Fix | Delete

* @since 5.2.0

[11] Fix | Delete

[12] Fix | Delete

#[AllowDynamicProperties]

[13] Fix | Delete

final class WP_Recovery_Mode_Key_Service {

[14] Fix | Delete

[15] Fix | Delete

/**

[16] Fix | Delete

* The option name used to store the keys.

[17] Fix | Delete

[18] Fix | Delete

* @since 5.2.0

[19] Fix | Delete

* @var string

[20] Fix | Delete

[21] Fix | Delete

private $option_name = 'recovery_keys';

[22] Fix | Delete

[23] Fix | Delete

/**

[24] Fix | Delete

* Creates a recovery mode token.

[25] Fix | Delete

[26] Fix | Delete

* @since 5.2.0

[27] Fix | Delete

[28] Fix | Delete

* @return string A random string to identify its associated key in storage.

[29] Fix | Delete

[30] Fix | Delete

public function generate_recovery_mode_token() {

[31] Fix | Delete

return wp_generate_password( 22, false );

[32] Fix | Delete

}

[33] Fix | Delete

[34] Fix | Delete

/**

[35] Fix | Delete

* Creates a recovery mode key.

[36] Fix | Delete

[37] Fix | Delete

* @since 5.2.0

[38] Fix | Delete

[39] Fix | Delete

* @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.

[40] Fix | Delete

[41] Fix | Delete

* @param string $token A token generated by {@see generate_recovery_mode_token()}.

[42] Fix | Delete

* @return string Recovery mode key.

[43] Fix | Delete

[44] Fix | Delete

public function generate_and_store_recovery_mode_key( $token ) {

[45] Fix | Delete

[46] Fix | Delete

global $wp_hasher;

[47] Fix | Delete

[48] Fix | Delete

$key = wp_generate_password( 22, false );

[49] Fix | Delete

[50] Fix | Delete

if ( empty( $wp_hasher ) ) {

[51] Fix | Delete

require_once ABSPATH . WPINC . '/class-phpass.php';

[52] Fix | Delete

$wp_hasher = new PasswordHash( 8, true );

[53] Fix | Delete

}

[54] Fix | Delete

[55] Fix | Delete

$hashed = $wp_hasher->HashPassword( $key );

[56] Fix | Delete

[57] Fix | Delete

$records = $this->get_keys();

[58] Fix | Delete

[59] Fix | Delete

$records[ $token ] = array(

[60] Fix | Delete

'hashed_key' => $hashed,

[61] Fix | Delete

'created_at' => time(),

[62] Fix | Delete

);

[63] Fix | Delete

[64] Fix | Delete

$this->update_keys( $records );

[65] Fix | Delete

[66] Fix | Delete

/**

[67] Fix | Delete

* Fires when a recovery mode key is generated.

[68] Fix | Delete

[69] Fix | Delete

* @since 5.2.0

[70] Fix | Delete

[71] Fix | Delete

* @param string $token The recovery data token.

[72] Fix | Delete

* @param string $key The recovery mode key.

[73] Fix | Delete

[74] Fix | Delete

do_action( 'generate_recovery_mode_key', $token, $key );

[75] Fix | Delete

[76] Fix | Delete

return $key;

[77] Fix | Delete

}

[78] Fix | Delete

[79] Fix | Delete

/**

[80] Fix | Delete

* Verifies if the recovery mode key is correct.

[81] Fix | Delete

[82] Fix | Delete

* Recovery mode keys can only be used once; the key will be consumed in the process.

[83] Fix | Delete

[84] Fix | Delete

* @since 5.2.0

[85] Fix | Delete

[86] Fix | Delete

* @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.

[87] Fix | Delete

[88] Fix | Delete

* @param string $token The token used when generating the given key.

[89] Fix | Delete

* @param string $key The unhashed key.

[90] Fix | Delete

* @param int $ttl Time in seconds for the key to be valid for.

[91] Fix | Delete

* @return true|WP_Error True on success, error object on failure.

[92] Fix | Delete

[93] Fix | Delete

public function validate_recovery_mode_key( $token, $key, $ttl ) {

[94] Fix | Delete

global $wp_hasher;

[95] Fix | Delete

[96] Fix | Delete

$records = $this->get_keys();

[97] Fix | Delete

[98] Fix | Delete

if ( ! isset( $records[ $token ] ) ) {

[99] Fix | Delete

return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) );

[100] Fix | Delete

}

[101] Fix | Delete

[102] Fix | Delete

$record = $records[ $token ];

[103] Fix | Delete

[104] Fix | Delete

$this->remove_key( $token );

[105] Fix | Delete

[106] Fix | Delete

if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {

[107] Fix | Delete

return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

if ( empty( $wp_hasher ) ) {

[111] Fix | Delete

require_once ABSPATH . WPINC . '/class-phpass.php';

[112] Fix | Delete

$wp_hasher = new PasswordHash( 8, true );

[113] Fix | Delete

}

[114] Fix | Delete

[115] Fix | Delete

if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {

[116] Fix | Delete

return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

if ( time() > $record['created_at'] + $ttl ) {

[120] Fix | Delete

return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );

[121] Fix | Delete

}

[122] Fix | Delete

[123] Fix | Delete

return true;

[124] Fix | Delete

}

[125] Fix | Delete

[126] Fix | Delete

/**

[127] Fix | Delete

* Removes expired recovery mode keys.

[128] Fix | Delete

[129] Fix | Delete

* @since 5.2.0

[130] Fix | Delete

[131] Fix | Delete

* @param int $ttl Time in seconds for the keys to be valid for.

[132] Fix | Delete

[133] Fix | Delete

public function clean_expired_keys( $ttl ) {

[134] Fix | Delete

[135] Fix | Delete

$records = $this->get_keys();

[136] Fix | Delete

[137] Fix | Delete

foreach ( $records as $key => $record ) {

[138] Fix | Delete

if ( ! isset( $record['created_at'] ) || time() > $record['created_at'] + $ttl ) {

[139] Fix | Delete

unset( $records[ $key ] );

[140] Fix | Delete

}

[141] Fix | Delete

}

[142] Fix | Delete

[143] Fix | Delete

$this->update_keys( $records );

[144] Fix | Delete

}

[145] Fix | Delete

[146] Fix | Delete

/**

[147] Fix | Delete

* Removes a used recovery key.

[148] Fix | Delete

[149] Fix | Delete

* @since 5.2.0

[150] Fix | Delete

[151] Fix | Delete

* @param string $token The token used when generating a recovery mode key.

[152] Fix | Delete

[153] Fix | Delete

private function remove_key( $token ) {

[154] Fix | Delete

[155] Fix | Delete

$records = $this->get_keys();

[156] Fix | Delete

[157] Fix | Delete

if ( ! isset( $records[ $token ] ) ) {

[158] Fix | Delete

return;

[159] Fix | Delete

}

[160] Fix | Delete

[161] Fix | Delete

unset( $records[ $token ] );

[162] Fix | Delete

[163] Fix | Delete

$this->update_keys( $records );

[164] Fix | Delete

}

[165] Fix | Delete

[166] Fix | Delete

/**

[167] Fix | Delete

* Gets the recovery key records.

[168] Fix | Delete

[169] Fix | Delete

* @since 5.2.0

[170] Fix | Delete

[171] Fix | Delete

* @return array Associative array of $token => $data pairs, where $data has keys 'hashed_key'

[172] Fix | Delete

* and 'created_at'.

[173] Fix | Delete

[174] Fix | Delete

private function get_keys() {

[175] Fix | Delete

return (array) get_option( $this->option_name, array() );

[176] Fix | Delete

}

[177] Fix | Delete

[178] Fix | Delete

/**

[179] Fix | Delete

* Updates the recovery key records.

[180] Fix | Delete

[181] Fix | Delete

* @since 5.2.0

[182] Fix | Delete

[183] Fix | Delete

* @param array $keys Associative array of $token => $data pairs, where $data has keys 'hashed_key'

[184] Fix | Delete

* and 'created_at'.

[185] Fix | Delete

* @return bool True on success, false on failure.

[186] Fix | Delete

[187] Fix | Delete

private function update_keys( array $keys ) {

[188] Fix | Delete

return update_option( $this->option_name, $keys );

[189] Fix | Delete

}

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete