Changeset 10029

Timestamp:

07/07/2020 08:02:03 AM (6 years ago)

Author:

dd32

Message:

Login: Allow users to resend the signup confirmation email.

To trigger this, either the user needs to click the resend link on the post-signup profile-info page, or attempt to sign up again using the same username or email.

The emails are rate limited depending on the age of the account, and also based on some WordPress.org anti-spam measures.

See #5278.

Location:

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login

Files:

• admin/ui.php (modified) (1 diff)
• functions-registration.php (modified) (4 diffs)
• functions-restapi.php (modified) (6 diffs)
• js/registration.js (modified) (3 diffs)
• pending-profile.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php

@@ -55 +55 @@
 
     if ( $email ) {
-        wporg_send_confirmation_email( $email );
+        wporg_login_send_confirmation_email( $email );
     }
 

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -92 +92 @@
     }
 
-    wporg_send_confirmation_email( $user_email );
+    wporg_login_send_confirmation_email( $user_email );
 
     $url = home_url( sprintf(
@@ -107 +107 @@
  * Send a "Welcome to WordPress.org" confirmation email.
  */
-function wporg_send_confirmation_email( $user_email ) {
+function wporg_login_send_confirmation_email( $user ) {
     global $wpdb;
 
-    $user = wporg_get_pending_user( $user_email );
+    $user = wporg_get_pending_user( $user );
 
     if ( ! $user || $user['created'] ) {
@@ -117 +117 @@
 
     $user_login = $user['user_login'];
+    $user_email = $user['user_email'];
 
     $activation_key = wp_hash( $user_login . ':' . $user_email, 'activation' );
@@ -150 +151 @@
 function wporg_get_pending_user( $login_or_email ) {
     global $wpdb;
+
+    // Is it a pending user object already?
+    if ( is_array( $login_or_email ) && isset( $login_or_email['pending_id'] ) ) {
+        return $login_or_email;
+    }
 
     $pending_user = $wpdb->get_row( $wpdb->prepare(

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php

@@ -19 +19 @@
         'callback' => 'wporg_login_rest_email_in_use'
     ) );
+
+    register_rest_route( 'wporg/v1', '/resend-confirmation-email/?', array(
+        'methods'  => WP_REST_Server::EDITABLE,
+        'callback' => 'wporg_login_rest_resend_confirmation_email'
+    ) );
 }
 add_action( 'rest_api_init', 'wporg_login_rest_routes' );
@@ -31 +36 @@
         return [
             'available' => false,
-            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' . __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
+            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' .
+                __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
             'avatar' => get_avatar( $user, 64 ),
         ];
@@ -40 +46 @@
         return [
             'available' => false,
-            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' . __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ),
+            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' .
+                __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ) . '<br>' .
+                '<a href="#" class="resend">' . __( 'Resend confirmation email.', 'wporg' ) . '</a>',
             'avatar' => get_avatar( $pending->user_email, 64 ),
         ];
@@ -65 +73 @@
         return [
             'available' => false,
-            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' . __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
+            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' .
+                __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
             'avatar' => get_avatar( $user, 64 ),
         ];
@@ -74 +83 @@
         return [
             'available' => false,
-            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' . __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ),
+            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' .
+                __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ) . '<br>' .
+                '<a href="#" class="resend">' . __( 'Resend confirmation email.', 'wporg' ) . '</a>',
             'avatar' => get_avatar( $email, 64 ),
         ];
@@ -91 +102 @@
     return [ 'available' => true ];
 }
+
+/*
+ * Resend a confirmation email to create an account.
+ * 
+ * This API intentionally doesn't report if it performs the action, always returning the success message.
+ */
+function wporg_login_rest_resend_confirmation_email( $request ) {
+    $account = $request['account'];
+
+    $success_message = sprintf(
+        __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ),
+        '<code>' . esc_html( $account ) . '</code>'
+    );
+
+    $pending_user = wporg_get_pending_user( $request['account'] );
+    if ( ! $pending_user || $pending_user['created'] ) {
+        return $success_message;
+    }
+
+    // Allow for w.org plugins to block the action.
+    if ( null !== ( $pre_register_error = apply_filters( 'wporg_login_pre_registration', null, $pending_user['user_login'], $pending_user['user_email'], $pending_user['meta']['user_mailinglist'] ) ) ) {
+        return $success_message;
+    }
+
+    // Only one email per..
+    // - 1 minute for brand new accounts (<15min)
+    // - 5 minutes for new accounts (<1hr)
+    // - 3 hours there after
+    list( $requested_time, ) = explode( ':', $pending_user['user_activation_key'] );
+    $time_limit = 3 * HOUR_IN_SECONDS;
+
+    if ( time() - strtotime( $pending_user['user_registered'] ) < HOUR_IN_SECONDS ) {
+        $time_limit = 5 * MINUTE_IN_SECONDS;
+    }
+
+    if ( time() - strtotime( $pending_user['user_registered'] ) < 15 * MINUTE_IN_SECONDS ) {
+        $time_limit = MINUTE_IN_SECONDS;
+    }
+
+    if ( ( time() - $requested_time ) < $time_limit ) {
+        return $success_message;
+    }
+
+    wporg_login_send_confirmation_email( $pending_user );
+
+    return $success_message;
+}

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/js/registration.js

@@ -20 +20 @@
 
                 $.get( rest_url, function( datas ) {
-                    $this.parents( 'p' ).nextUntil( 'p', 'div.message.error' ).remove();
+                    $this.closest( 'p' ).nextUntil( 'p', 'div.message' ).remove();
                     $this.removeClass( 'good' );
 
                     if ( ! datas.available ) {
                         $this.addClass( 'error' );
-                        $this.parents( 'p' ).after(
+                        $this.closest( 'p' ).after(
                             '<div class="message error' + ( datas.avatar ? ' with-avatar' : '' ) +  '"><p>' +
                             ( datas.avatar ? datas.avatar : '' ) + '<span>' +
@@ -31 +31 @@
                             '</span></p></div>'
                         );
+                        $this.closest( 'p' ).next('div.message.error').find( '.resend' ).data( 'account', $this.val() );
                     } else {
                         $this.addClass( 'good' );
@@ -36 +37 @@
                 } );
             } );
+
+            $loginForm.on( 'click', '.resend', function( e ) {
+                var $this = $(this),
+                    account = $this.data('account');
+
+                e.preventDefault();
+
+                $this.closest( 'div.message' ).next('div.message.info').remove();
+
+                $.post(
+                    wporg_registration.rest_url + '/resend-confirmation-email',
+                    {
+                        account: account,
+                    },
+                    function( datas ) {
+                        $this.closest( 'div.message' ).after(
+                            '<div class="message info"><p><span>' + datas + '</span></p></div>'
+                        );
+                    }
+                );
+
+            });
 
             // If the form has data in it upon load, immediately trigger the validation.

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php

@@ -50 +50 @@
 get_header();
 ?>
-<div class="message info">
-    <p><?php
-        printf(
-            /* translators: %s Email address */
-            __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ),
-            '<code>' . esc_html( $pending_user['user_email'] ) . '</code>'
-        );
-    ?></p>
-</div>
+<form name="registerform" id="registerform" action="" method="post">
 
-<p class="intro">
-<?php _e( 'Complete your WordPress.org Profile information.', 'wporg' ); ?>
-</p>
+    <div class="message info">
+        <p><?php
+            printf(
+                /* translators: %s Email address */
+                __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ) . '<br>' .
+                '<a href="#" class="resend" data-account="%s">' . __( 'Resend confirmation email.', 'wporg' ) . '</a>',
+                '<code>' . esc_html( $pending_user['user_email'] ) . '</code>',
+                esc_attr( $pending_user['user_email'] )
+            );
+        ?></p>
+    </div>
 
-<form name="registerform" id="registerform" action="" method="post">
+    <p class="intro">
+    <?php _e( 'Complete your WordPress.org Profile information.', 'wporg' ); ?>
+    </p>
 
     <p class="login-login">