tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-23 03:23:42 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
161 commits 5 branches 0 tags 3.6 MiB
Commit graph

10 commits

Author SHA1 Message Date
Ian Dunn e4deb6809a
Apply coding standards 2019-12-03 12:09:35 -08:00
Kelly Dwan f32d26ef47
Organize email & authentication code (#101) 
* Split Auth functionality out to new file

* Move email-related code into the email file

* Use `assertFalse` for boolean assertions

* Add `can_manage_pledge` to check user or token against a given pledge

Pulled out of e9763f6678

* Remove duplicate test
 2019-11-20 10:40:45 -05:00
Kelly Dwan 42d44f7dc9
Plugin: Fix all phpcs errors 
This includes autofixes, along with some manual fixes; mostly syntax-related. Some `phpcs:ignore` comments were added for overzealous rules that don't apply.
 2019-11-14 13:48:17 -05:00
Ian Dunn 414c4809e3 Email: Allow tokens to be reused when necessary. 2019-11-12 08:35:06 -08:00
Ian Dunn 7e89d1794a
Email: Send no-cache headers when auth token present for security. 2019-11-07 16:07:51 -08:00
Ian Dunn 87eb8ec43a
Pledge Log: Capture email events. 2019-10-31 20:39:57 -05:00
Ian Dunn 438173c10f
Email: Add notes about auth tokens. 2019-10-26 10:11:45 -07:00
Ian Dunn c4f2fe58ab
Pledge Form: Make email naming consistent. 
This helps distinguish between _pledge_ and _contributor_ emails, and _verifying_ auth tokens and _confirming_ pledges.
 2019-10-26 08:23:41 -07:00
Ian Dunn 35fa99324e
Email: Compare token with hash_equals() to mitigate timing attacks. 
Props timothyblynjacobs
See #46
See https://make.wordpress.org/meta/2019/10/25/security-review-of-authentication-tokens/
 2019-10-25 13:50:53 -07:00
Ian Dunn 5ffca9420f
Email: Send pledge confirmation with authentication token. (#46) 
Email: Send pledge confirmation with authentication token.

Fixes #34.
Fixes #10.
 2019-10-25 12:07:09 -07:00