Merge pull request #23672 from woocommerce/fix/23366-2

Auto generate usernames when a username is blacklisted by WP

includes/wc-user-functions.php

@@ -117,7 +117,7 @@ if ( ! function_exists( 'wc_create_new_customer' ) ) {
  * @param string $suffix Append string to username to make it unique.
  * @return string Generated username.
  */
-function wc_create_new_customer_username( $email, $new_user_args, $suffix = '' ) {
+function wc_create_new_customer_username( $email, $new_user_args = array(), $suffix = '' ) {
 	$username_parts = array();
 
 	if ( isset( $new_user_args['first_name'] ) ) {
@@ -155,19 +155,60 @@ function wc_create_new_customer_username( $email, $new_user_args, $suffix = '' )
 		$username_parts[] = sanitize_user( $email_username, true );
 	}
 
-	$username = wc_strtolower( implode( '', $username_parts ) );
+	$username = wc_strtolower( implode( '.', $username_parts ) );
 
 	if ( $suffix ) {
 		$username .= $suffix;
 	}
 
+	/**
+	 * WordPress 4.4 - filters the list of blacklisted usernames.
+	 *
+	 * @since 3.7.0
+	 * @param array $usernames Array of blacklisted usernames.
+	 */
+	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
+
+	// Stop illegal logins and generate a new random username.
+	if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) {
+		$new_args = array();
+
+		/**
+		 * Filter generated customer username.
+		 *
+		 * @since 3.7.0
+		 * @param string $username      Generated username.
+		 * @param string $email         New customer email address.
+		 * @param array  $new_user_args Array of new user args, maybe including first and last names.
+		 * @param string $suffix        Append string to username to make it unique.
+		 */
+		$new_args['first_name'] = apply_filters(
+			'woocommerce_generated_customer_username',
+			'woo_user_' . zeroise( wp_rand( 0, 9999 ), 4 ),
+			$email,
+			$new_user_args,
+			$suffix
+		);
+
+		return wc_create_new_customer_username( $email, $new_args, $suffix );
+	}
+
 	if ( username_exists( $username ) ) {
 		// Generate something unique to append to the username in case of a conflict with another user.
 		$suffix = '-' . zeroise( wp_rand( 0, 9999 ), 4 );
 		return wc_create_new_customer_username( $email, $new_user_args, $suffix );
 	}
 
-	return $username;
+	/**
+	 * Filter new customer username.
+	 *
+	 * @since 3.7.0
+	 * @param string $username      Customer username.
+	 * @param string $email         New customer email address.
+	 * @param array  $new_user_args Array of new user args, maybe including first and last names.
+	 * @param string $suffix        Append string to username to make it unique.
+	 */
+	return apply_filters( 'woocommerce_new_customer_username', $username, $email, $new_user_args, $suffix );
 }
 
 /**

tests/unit-tests/customer/functions.php

@@ -10,6 +10,16 @@
  */
 class WC_Tests_Customer_Functions extends WC_Unit_Test_Case {
 
+	/**
+	 * Set illegal login
+	 *
+	 * @param array $logins Array of blacklisted logins.
+	 * @return array
+	 */
+	public function setup_illegal_user_logins( $logins ) {
+		return array( 'test' );
+	}
+
 	/**
 	 * Test wc_create_new_customer.
 	 *
@@ -93,7 +103,7 @@ class WC_Tests_Customer_Functions extends WC_Unit_Test_Case {
 
 		// Test first/last name generation.
 		$this->assertEquals(
-			'bobbobson',
+			'bob.bobson',
 			wc_create_new_customer_username(
 				'bob@bobbobson.com',
 				array(
@@ -114,6 +124,16 @@ class WC_Tests_Customer_Functions extends WC_Unit_Test_Case {
 				)
 			)
 		);
+
+		// Test username generation triggered by illegal_user_logins filter.
+		add_filter( 'illegal_user_logins', array( $this, 'setup_illegal_user_logins' ) );
+
+		$this->assertStringStartsWith(
+			'woo_user_',
+			wc_create_new_customer_username( 'test@test.com' )
+		);
+
+		remove_filter( 'illegal_user_logins', array( $this, 'setup_illegal_user_logins' ) );
 	}
 
 	/**