Ensure that API key descriptions are truncated over the REST API.

plugins/woocommerce/includes/class-wc-auth.php

@@ -129,7 +129,8 @@ class WC_Auth {
 				'return_url'   => rawurlencode( $this->get_formatted_url( $data['return_url'] ) ),
 				'callback_url' => rawurlencode( $this->get_formatted_url( $data['callback_url'] ) ),
 				'scope'        => wc_clean( $data['scope'] ),
-			), $url
+			),
+			$url
 		);
 	}
 
@@ -210,12 +211,9 @@ class WC_Auth {
 		global $wpdb;
 
 		$description = sprintf(
-			/* translators: 1: app name 2: scope 3: date 4: time */
+			'%s - API (%s)',
-			__( '%1$s - API %2$s (created on %3$s at %4$s).', 'woocommerce' ),
+			wc_trim_string( wc_clean( $app_name ), 170 ),
-			wc_clean( $app_name ),
+			gmdate( 'Y-m-d H:i:s' )
-			$this->get_i18n_scope( $scope ),
-			date_i18n( wc_date_format() ),
-			date_i18n( wc_time_format() )
 		);
 		$user        = wp_get_current_user();
 
@@ -327,13 +325,15 @@ class WC_Auth {
 			// Login endpoint.
 			if ( 'login' === $route && ! is_user_logged_in() ) {
 				wc_get_template(
-					'auth/form-login.php', array(
+					'auth/form-login.php',
+					array(
 						'app_name'     => wc_clean( $data['app_name'] ),
 						'return_url'   => add_query_arg(
 							array(
 								'success' => 0,
 								'user_id' => wc_clean( $data['user_id'] ),
-							), $this->get_formatted_url( $data['return_url'] )
+							),
+							$this->get_formatted_url( $data['return_url'] )
 						),
 						'redirect_url' => $this->build_url( $data, 'authorize' ),
 					)
@@ -353,13 +353,15 @@ class WC_Auth {
 			} elseif ( 'authorize' === $route && current_user_can( 'manage_woocommerce' ) ) {
 				// Authorize endpoint.
 				wc_get_template(
-					'auth/form-grant-access.php', array(
+					'auth/form-grant-access.php',
+					array(
 						'app_name'    => wc_clean( $data['app_name'] ),
 						'return_url'  => add_query_arg(
 							array(
 								'success' => 0,
 								'user_id' => wc_clean( $data['user_id'] ),
-							), $this->get_formatted_url( $data['return_url'] )
+							),
+							$this->get_formatted_url( $data['return_url'] )
 						),
 						'scope'       => $this->get_i18n_scope( wc_clean( $data['scope'] ) ),
 						'permissions' => $this->get_permissions_in_scope( wc_clean( $data['scope'] ) ),
@@ -386,7 +388,8 @@ class WC_Auth {
 								array(
 									'success' => 1,
 									'user_id' => wc_clean( $data['user_id'] ),
-								), $this->get_formatted_url( $data['return_url'] )
+								),
+								$this->get_formatted_url( $data['return_url'] )
 							)
 						)
 					);

tests/php/includes/class-wc-auth-test.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ * Class WC_Auth_Test file.
+ *
+ * @package WooCommerce\Tests\WC_Auth.
+ */
+
+/**
+ * Class WC_Auth_Test file.
+ */
+class WC_Auth_Test extends \WC_Unit_Test_Case {
+
+	/**
+	 * Test that API keys created via the REST API with long descriptions get saved correctly.
+	 * See: https://github.com/woocommerce/woocommerce/issues/30594.
+	 */
+	public function test_api_key_long_description() {
+		$wc_auth        = new WC_Auth();
+		$reflected_auth = new ReflectionClass( WC_Auth::class );
+		$create_keys    = $reflected_auth->getMethod( 'create_keys' );
+		$create_keys->setAccessible( true );
+
+		$app_name     = 'This_app_name_is_very_long_and_meant_to_exceed_the_column_length_of_200_characters_';
+		$app_name    .= $app_name;
+		$app_user_id  = 1;
+		$scope        = 'read_write';
+
+		$key_data = $create_keys->invoke( $wc_auth, $app_name, $app_user_id, $scope );
+
+		// Verify the key was inserted successfully.
+		$this->assertNotEquals( 0, $key_data['key_id'], 'API Key with long description was not written to database.' );
+
+		// Clean up.
+		$maybe_delete_key = $reflected_auth->getMethod( 'maybe_delete_key' );
+		$maybe_delete_key->setAccessible( true );
+		$maybe_delete_key->invoke( $wc_auth, $key_data );
+	}
+}