Created new function to generate webhook secrets based on the user ID and username, closes #10881

includes/admin/class-wc-admin-webhooks.php

@@ -80,7 +80,7 @@ class WC_Admin_Webhooks {
 	 * @param WC_Webhook $webhook
 	 */
 	private function update_secret( $webhook ) {
-		$secret = ! empty( $_POST['webhook_secret'] ) ? $_POST['webhook_secret'] : get_user_meta( get_current_user_id(), 'woocommerce_api_consumer_secret', true );
+		$secret = ! empty( $_POST['webhook_secret'] ) ? $_POST['webhook_secret'] : wc_webhook_generate_secret();
 
 		$webhook->set_secret( $secret );
 	}

includes/api/class-wc-rest-webhooks-controller.php

@@ -72,9 +72,6 @@ class WC_REST_Webhooks_Controller extends WC_REST_Posts_Controller {
 					'delivery_url' => array(
 						'required' => true,
 					),
-					'secret' => array(
-						'required' => true,
-					),
 				) ),
 			),
 			'schema' => array( $this, 'get_public_item_schema' ),
@@ -159,7 +156,7 @@ class WC_REST_Webhooks_Controller extends WC_REST_Posts_Controller {
 		$webhook->set_delivery_url( $request['delivery_url'] );
 
 		// Set secret.
-		$webhook->set_secret( $request['secret'] );
+		$webhook->set_secret( ! empty( $request['secret'] ) ? $request['secret'] : wc_webhook_generate_secret() );
 
 		// Set status.
 		if ( ! empty( $request['status'] ) ) {
@@ -509,7 +506,7 @@ class WC_REST_Webhooks_Controller extends WC_REST_Posts_Controller {
 					'readonly'    => true,
 				),
 				'secret' => array(
-					'description' => __( "Secret key used to generate a hash of the delivered webhook and provided in the request headers. This will default to the current API user's consumer secret if not provided.", 'woocommerce' ),
+					'description' => __( "Secret key used to generate a hash of the delivered webhook and provided in the request headers. This will default is a MD5 hash from the current user's ID|username if not provided.", 'woocommerce' ),
 					'type'        => 'string',
 					'format'      => 'uri',
 					'context'     => array( 'edit' ),

includes/api/legacy/v2/class-wc-api-webhooks.php

@@ -210,7 +210,7 @@ class WC_API_Webhooks extends WC_API_Resource {
 			$webhook->set_delivery_url( $data['delivery_url'] );
 
 			// set secret if provided, defaults to API users consumer secret
-			$webhook->set_secret( ! empty( $data['secret'] ) ? $data['secret'] : get_user_meta( get_current_user_id(), 'woocommerce_api_consumer_secret', true ) );
+			$webhook->set_secret( ! empty( $data['secret'] ) ? $data['secret'] : wc_webhook_generate_secret() );
 
 			// send ping
 			$webhook->deliver_ping();

includes/api/legacy/v3/class-wc-api-webhooks.php

@@ -210,7 +210,7 @@ class WC_API_Webhooks extends WC_API_Resource {
 			$webhook->set_delivery_url( $data['delivery_url'] );
 
 			// set secret if provided, defaults to API users consumer secret
-			$webhook->set_secret( ! empty( $data['secret'] ) ? $data['secret'] : get_user_meta( get_current_user_id(), 'woocommerce_api_consumer_secret', true ) );
+			$webhook->set_secret( ! empty( $data['secret'] ) ? $data['secret'] : wc_webhook_generate_secret() );
 
 			// send ping
 			$webhook->deliver_ping();

includes/wc-webhook-functions.php

@@ -25,3 +25,22 @@ function wc_get_webhook_statuses() {
 		'disabled' => __( 'Disabled', 'woocommerce' ),
 	) );
 }
+
+/**
+ * Generate webhook secret based in the user data.
+ *
+ * @since 2.6.0
+ * @param int $user_id User ID.
+ * @return string Secret of empty string if not found the user.
+ */
+function wc_webhook_generate_secret( $user_id = 0 ) {
+	if ( 0 === $user_id ) {
+		$user_id = get_current_user_id();
+	}
+
+	if ( $user = get_userdata( $user_id ) ) {
+		return md5( $user_id . '|' . $user->data->user_login );
+	}
+
+	return '';
+}