Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #30901 from woocommerce/fix/30594-api-key-description-length 

Fix Description Length Preventing REST API Key Creation
This commit is contained in:
Néstor Soriano 2021-10-27 11:10:24 +02:00 committed by GitHub
parent 59ab939282 889022597d
commit 2d405cc8c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 88 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/woocommerce/includes/admin/settings/views/html-keys-edit.php
View File

@ -23,7 +23,7 @@ defined( 'ABSPATH' ) || exit;
</label>
</th>
<td class="forminp">
<input id="key_description" type="text" class="input-text regular-input" value="<?php echo esc_attr( $key_data['description'] ); ?>" />
<input maxlength="200" id="key_description" type="text" class="input-text regular-input" value="<?php echo esc_attr( $key_data['description'] ); ?>" />
</td>
</tr>
<tr valign="top">

4
plugins/woocommerce/includes/class-wc-ajax.php
View File

@ -2126,6 +2126,10 @@ class WC_AJAX {
)
);
if ( 0 === $wpdb->insert_id ) {
throw new Exception( __( 'There was an error generating your API Key.', 'woocommerce' ) );
}
$key_id = $wpdb->insert_id;
$response = $data;
$response['consumer_key'] = $consumer_key;

27
plugins/woocommerce/includes/class-wc-auth.php
View File

@ -129,7 +129,8 @@ class WC_Auth {
'return_url' => rawurlencode( $this->get_formatted_url( $data['return_url'] ) ),
'callback_url' => rawurlencode( $this->get_formatted_url( $data['callback_url'] ) ),
'scope' => wc_clean( $data['scope'] ),
), $url
),
$url
);
}
@ -210,12 +211,9 @@ class WC_Auth {
global $wpdb;
$description = sprintf(
/* translators: 1: app name 2: scope 3: date 4: time */
__( '%1$s - API %2$s (created on %3$s at %4$s).', 'woocommerce' ),
wc_clean( $app_name ),
$this->get_i18n_scope( $scope ),
date_i18n( wc_date_format() ),
date_i18n( wc_time_format() )
'%s - API (%s)',
wc_trim_string( wc_clean( $app_name ), 170 ),
gmdate( 'Y-m-d H:i:s' )
);
$user = wp_get_current_user();
@ -327,13 +325,15 @@ class WC_Auth {
// Login endpoint.
if ( 'login' === $route && ! is_user_logged_in() ) {
wc_get_template(
'auth/form-login.php', array(
'auth/form-login.php',
array(
'app_name' => wc_clean( $data['app_name'] ),
'return_url' => add_query_arg(
array(
'success' => 0,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
),
$this->get_formatted_url( $data['return_url'] )
),
'redirect_url' => $this->build_url( $data, 'authorize' ),
)
@ -353,13 +353,15 @@ class WC_Auth {
} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
// Authorize endpoint.
wc_get_template(
'auth/form-grant-access.php', array(
'auth/form-grant-access.php',
array(
'app_name' => wc_clean( $data['app_name'] ),
'return_url' => add_query_arg(
array(
'success' => 0,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
),
$this->get_formatted_url( $data['return_url'] )
),
'scope' => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
@ -386,7 +388,8 @@ class WC_Auth {
array(
'success' => 1,
'user_id' => wc_clean( $data['user_id'] ),
), $this->get_formatted_url( $data['return_url'] )
),
$this->get_formatted_url( $data['return_url'] )
)
)
);

30
plugins/woocommerce/tests/php/includes/class-wc-ajax-test.php
View File

@ -8,7 +8,7 @@
/**
* Class WC_AJAX_Test file.
*/
class WC_AJAX_Test extends \WC_Unit_Test_Case {
class WC_AJAX_Test extends \WP_Ajax_UnitTestCase {
/**
* Stock should not be reduced from AJAX when an item is added to an order.
@ -84,4 +84,32 @@ class WC_AJAX_Test extends \WC_Unit_Test_Case {
}
}
}
/**
* Creating an API Key with too long of a description should report failure.
*/
public function test_create_api_key_long_description_failure() {
$this->_setRole( 'administrator' );
$description = 'This_description_is_really_very_long_and_is_meant_to_exceed_the_database_column_length_of_200_characters_';
$description .= $description;
$_POST['security'] = wp_create_nonce( 'update-api-key' );
$_POST['key_id'] = 0;
$_POST['user'] = 1;
$_POST['permissions'] = 'read';
$_POST['description'] = $description;
try {
$this->_handleAjax( 'woocommerce_update_api_key' );
} catch ( WPAjaxDieContinueException $e ) {
// wp_die() doesn't actually occur, so we need to clean up WC_AJAX::update_api_key's output buffer.
ob_end_clean();
}
$response = json_decode( $this->_last_response, true );
$this->assertFalse( $response['success'] );
$this->assertEquals( $response['data']['message'], 'There was an error generating your API Key.' );
}
}

38
tests/php/includes/class-wc-auth-test.php Normal file
View File

@ -0,0 +1,38 @@
<?php
/**
* Class WC_Auth_Test file.
*
* @package WooCommerce\Tests\WC_Auth.
*/
/**
* Class WC_Auth_Test file.
*/
class WC_Auth_Test extends \WC_Unit_Test_Case {
/**
* Test that API keys created via the REST API with long descriptions get saved correctly.
* See: https://github.com/woocommerce/woocommerce/issues/30594.
*/
public function test_api_key_long_description() {
$wc_auth = new WC_Auth();
$reflected_auth = new ReflectionClass( WC_Auth::class );
$create_keys = $reflected_auth->getMethod( 'create_keys' );
$create_keys->setAccessible( true );
$app_name = 'This_app_name_is_very_long_and_meant_to_exceed_the_column_length_of_200_characters_';
$app_name .= $app_name;
$app_user_id = 1;
$scope = 'read_write';
$key_data = $create_keys->invoke( $wc_auth, $app_name, $app_user_id, $scope );
// Verify the key was inserted successfully.
$this->assertNotEquals( 0, $key_data['key_id'], 'API Key with long description was not written to database.' );
// Clean up.
$maybe_delete_key = $reflected_auth->getMethod( 'maybe_delete_key' );
$maybe_delete_key->setAccessible( true );
$maybe_delete_key->invoke( $wc_auth, $key_data );
}
}