tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-21 02:23:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Email: Add notes about auth tokens.

Browse source
This commit is contained in:
Ian Dunn 2019-10-26 10:11:45 -07:00
parent ff9767f478
commit 438173c10f
No known key found for this signature in database
GPG key ID: 99B971B50343CBCB
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
plugins/wporg-5ftf/includes/email.php
View file

@ -67,9 +67,12 @@ function send_email( $to, $subject, $message ) {
*/ */
function get_authentication_url( $pledge_id, $action, $action_page_id ) { function get_authentication_url( $pledge_id, $action, $action_page_id ) {
$auth_token = array( $auth_token = array(
// This will create a CSPRN and is similar to how `get_password_reset_key()` works. /*
* This will create a CSPRN and is similar to how `get_password_reset_key()` and
* `generate_recovery_mode_token()` work.
*/
'value' => wp_generate_password( TOKEN_LENGTH, false ), 'value' => wp_generate_password( TOKEN_LENGTH, false ),
// todo should encrypt at rest? core doesn't but others do // todo Ideally should encrypt at rest, see https://core.trac.wordpress.org/ticket/24783.
'expiration' => time() + ( 2 * HOUR_IN_SECONDS ), 'expiration' => time() + ( 2 * HOUR_IN_SECONDS ),
); );