Merge pull request #30901 from woocommerce/fix/30594-api-key-description-length
Fix Description Length Preventing REST API Key Creation
This commit is contained in:
Néstor Soriano
GitHub
commit
2d405cc8c1
|
|
@ -23,7 +23,7 @@ defined( 'ABSPATH' ) || exit;
|
|||
</label>
|
||||
</th>
|
||||
<td class="forminp">
|
||||
<input id="key_description" type="text" class="input-text regular-input" value="<?php echo esc_attr( $key_data['description'] ); ?>" />
|
||||
<input maxlength="200" id="key_description" type="text" class="input-text regular-input" value="<?php echo esc_attr( $key_data['description'] ); ?>" />
|
||||
</td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
|
|
|
|||
|
|
@ -2126,6 +2126,10 @@ class WC_AJAX {
|
|||
)
|
||||
);
|
||||
|
||||
if ( 0 === $wpdb->insert_id ) {
|
||||
throw new Exception( __( 'There was an error generating your API Key.', 'woocommerce' ) );
|
||||
}
|
||||
|
||||
$key_id = $wpdb->insert_id;
|
||||
$response = $data;
|
||||
$response['consumer_key'] = $consumer_key;
|
||||
|
|
|
|||
|
|
@ -129,7 +129,8 @@ class WC_Auth {
|
|||
'return_url' => rawurlencode( $this->get_formatted_url( $data['return_url'] ) ),
|
||||
'callback_url' => rawurlencode( $this->get_formatted_url( $data['callback_url'] ) ),
|
||||
'scope' => wc_clean( $data['scope'] ),
|
||||
), $url
|
||||
),
|
||||
$url
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -210,14 +211,11 @@ class WC_Auth {
|
|||
global $wpdb;
|
||||
|
||||
$description = sprintf(
|
||||
/* translators: 1: app name 2: scope 3: date 4: time */
|
||||
__( '%1$s - API %2$s (created on %3$s at %4$s).', 'woocommerce' ),
|
||||
wc_clean( $app_name ),
|
||||
$this->get_i18n_scope( $scope ),
|
||||
date_i18n( wc_date_format() ),
|
||||
date_i18n( wc_time_format() )
|
||||
'%s - API (%s)',
|
||||
wc_trim_string( wc_clean( $app_name ), 170 ),
|
||||
gmdate( 'Y-m-d H:i:s' )
|
||||
);
|
||||
$user = wp_get_current_user();
|
||||
$user = wp_get_current_user();
|
||||
|
||||
// Created API keys.
|
||||
$permissions = in_array( $scope, array( 'read', 'write', 'read_write' ), true ) ? sanitize_text_field( $scope ) : 'read';
|
||||
|
|
@ -327,13 +325,15 @@ class WC_Auth {
|
|||
// Login endpoint.
|
||||
if ( 'login' === $route && ! is_user_logged_in() ) {
|
||||
wc_get_template(
|
||||
'auth/form-login.php', array(
|
||||
'auth/form-login.php',
|
||||
array(
|
||||
'app_name' => wc_clean( $data['app_name'] ),
|
||||
'return_url' => add_query_arg(
|
||||
array(
|
||||
'success' => 0,
|
||||
'user_id' => wc_clean( $data['user_id'] ),
|
||||
), $this->get_formatted_url( $data['return_url'] )
|
||||
),
|
||||
$this->get_formatted_url( $data['return_url'] )
|
||||
),
|
||||
'redirect_url' => $this->build_url( $data, 'authorize' ),
|
||||
)
|
||||
|
|
@ -353,13 +353,15 @@ class WC_Auth {
|
|||
} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
|
||||
// Authorize endpoint.
|
||||
wc_get_template(
|
||||
'auth/form-grant-access.php', array(
|
||||
'auth/form-grant-access.php',
|
||||
array(
|
||||
'app_name' => wc_clean( $data['app_name'] ),
|
||||
'return_url' => add_query_arg(
|
||||
array(
|
||||
'success' => 0,
|
||||
'user_id' => wc_clean( $data['user_id'] ),
|
||||
), $this->get_formatted_url( $data['return_url'] )
|
||||
),
|
||||
$this->get_formatted_url( $data['return_url'] )
|
||||
),
|
||||
'scope' => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
|
||||
'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
|
||||
|
|
@ -386,7 +388,8 @@ class WC_Auth {
|
|||
array(
|
||||
'success' => 1,
|
||||
'user_id' => wc_clean( $data['user_id'] ),
|
||||
), $this->get_formatted_url( $data['return_url'] )
|
||||
),
|
||||
$this->get_formatted_url( $data['return_url'] )
|
||||
)
|
||||
)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
/**
|
||||
* Class WC_AJAX_Test file.
|
||||
*/
|
||||
class WC_AJAX_Test extends \WC_Unit_Test_Case {
|
||||
class WC_AJAX_Test extends \WP_Ajax_UnitTestCase {
|
||||
|
||||
/**
|
||||
* Stock should not be reduced from AJAX when an item is added to an order.
|
||||
|
|
@ -84,4 +84,32 @@ class WC_AJAX_Test extends \WC_Unit_Test_Case {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creating an API Key with too long of a description should report failure.
|
||||
*/
|
||||
public function test_create_api_key_long_description_failure() {
|
||||
$this->_setRole( 'administrator' );
|
||||
|
||||
$description = 'This_description_is_really_very_long_and_is_meant_to_exceed_the_database_column_length_of_200_characters_';
|
||||
$description .= $description;
|
||||
|
||||
$_POST['security'] = wp_create_nonce( 'update-api-key' );
|
||||
$_POST['key_id'] = 0;
|
||||
$_POST['user'] = 1;
|
||||
$_POST['permissions'] = 'read';
|
||||
$_POST['description'] = $description;
|
||||
|
||||
try {
|
||||
$this->_handleAjax( 'woocommerce_update_api_key' );
|
||||
} catch ( WPAjaxDieContinueException $e ) {
|
||||
// wp_die() doesn't actually occur, so we need to clean up WC_AJAX::update_api_key's output buffer.
|
||||
ob_end_clean();
|
||||
}
|
||||
|
||||
$response = json_decode( $this->_last_response, true );
|
||||
|
||||
$this->assertFalse( $response['success'] );
|
||||
$this->assertEquals( $response['data']['message'], 'There was an error generating your API Key.' );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
/**
|
||||
* Class WC_Auth_Test file.
|
||||
*
|
||||
* @package WooCommerce\Tests\WC_Auth.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class WC_Auth_Test file.
|
||||
*/
|
||||
class WC_Auth_Test extends \WC_Unit_Test_Case {
|
||||
|
||||
/**
|
||||
* Test that API keys created via the REST API with long descriptions get saved correctly.
|
||||
* See: https://github.com/woocommerce/woocommerce/issues/30594.
|
||||
*/
|
||||
public function test_api_key_long_description() {
|
||||
$wc_auth = new WC_Auth();
|
||||
$reflected_auth = new ReflectionClass( WC_Auth::class );
|
||||
$create_keys = $reflected_auth->getMethod( 'create_keys' );
|
||||
$create_keys->setAccessible( true );
|
||||
|
||||
$app_name = 'This_app_name_is_very_long_and_meant_to_exceed_the_column_length_of_200_characters_';
|
||||
$app_name .= $app_name;
|
||||
$app_user_id = 1;
|
||||
$scope = 'read_write';
|
||||
|
||||
$key_data = $create_keys->invoke( $wc_auth, $app_name, $app_user_id, $scope );
|
||||
|
||||
// Verify the key was inserted successfully.
|
||||
$this->assertNotEquals( 0, $key_data['key_id'], 'API Key with long description was not written to database.' );
|
||||
|
||||
// Clean up.
|
||||
$maybe_delete_key = $reflected_auth->getMethod( 'maybe_delete_key' );
|
||||
$maybe_delete_key->setAccessible( true );
|
||||
$maybe_delete_key->invoke( $wc_auth, $key_data );
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue