From 3391a2ad67fd0c8de2bff7e5b291341041907fe2 Mon Sep 17 00:00:00 2001 From: Frankie Jarrett Date: Thu, 3 Aug 2017 23:39:35 -0500 Subject: [PATCH 1/4] Generate keys/salts, use API as fallback --- src/Config_Command.php | 34 +++++++++++++++++++++++++++++++--- templates/wp-config.mustache | 11 +++++++++-- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/src/Config_Command.php b/src/Config_Command.php index 7668613d3..79b8e35b4 100644 --- a/src/Config_Command.php +++ b/src/Config_Command.php @@ -127,10 +127,22 @@ public function create( $_, $assoc_args ) { $assoc_args['extra-php'] = file_get_contents( 'php://stdin' ); } - // TODO: adapt more resilient code from wp-admin/setup-config.php if ( ! \WP_CLI\Utils\get_flag_value( $assoc_args, 'skip-salts' ) ) { - $assoc_args['keys-and-salts'] = self::_read( - 'https://api.wordpress.org/secret-key/1.1/salt/' ); + try { + $assoc_args['keys-and-salts'] = true; + $assoc_args['auth-key'] = self::unique_key(); + $assoc_args['secure-auth-key'] = self::unique_key(); + $assoc_args['logged-in-key'] = self::unique_key(); + $assoc_args['nonce-key'] = self::unique_key(); + $assoc_args['auth-salt'] = self::unique_key(); + $assoc_args['secure-auth-salt'] = self::unique_key(); + $assoc_args['logged-in-salt'] = self::unique_key(); + $assoc_args['nonce-salt'] = self::unique_key(); + } catch ( Exception $e ) { + $assoc_args['keys-and-salts'] = false; + $assoc_args['keys-and-salts-alt'] = self::_read( + 'https://api.wordpress.org/secret-key/1.1/salt/' ); + } } if ( \WP_CLI\Utils\wp_version_compare( '4.0', '<' ) ) { @@ -350,5 +362,21 @@ private function return_constant_or_global( $assoc_args, $get_constant, $wp_conf return $look_into[ $candidate ]; } + + /** + * Generate a unique key/salt for the wp-config.php file. + * + * @return string + */ + private static function unique_key() { + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; + $key = ''; + + for ( $i = 0; $i < 64; $i++ ) { + $key .= substr( $chars, random_int( 0, strlen( $chars ) - 1 ), 1 ); + } + + return $key; + } } diff --git a/templates/wp-config.mustache b/templates/wp-config.mustache index 265a925cc..93511c1ac 100644 --- a/templates/wp-config.mustache +++ b/templates/wp-config.mustache @@ -47,9 +47,16 @@ define( 'DB_COLLATE', '{{dbcollate}}' ); * @since 2.6.0 */ {{#keys-and-salts}} -{{keys-and-salts}} +define( 'AUTH_KEY', '{{auth-key}}' ); +define( 'SECURE_AUTH_KEY', '{{secure-auth-key}}' ); +define( 'LOGGED_IN_KEY', '{{logged-in-key}}' ); +define( 'NONCE_KEY', '{{nonce-key}}' ); +define( 'AUTH_SALT', '{{auth-salt}}' ); +define( 'SECURE_AUTH_SALT', '{{secure-auth-salt}}' ); +define( 'LOGGED_IN_SALT', '{{logged-in-salt}}' ); +define( 'NONCE_SALT', '{{nonce-salt}}' ); {{/keys-and-salts}} - +{{keys-and-salts-alt}} /** * WordPress Database Table prefix. * From c640f287d45bbb7703077ec3d3cd108f77112c85 Mon Sep 17 00:00:00 2001 From: Frankie Jarrett Date: Fri, 4 Aug 2017 09:22:56 -0500 Subject: [PATCH 2/4] Add tests for generated key/salts --- features/config-create.feature | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/features/config-create.feature b/features/config-create.feature index 340794d10..13575422d 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -69,6 +69,32 @@ Feature: Create a wp-config file """ define('AUTH_SALT', """ + And the wp-config.php file should not contain: + """ + define( 'AUTH_SALT', + """ + + @require-php-7.0 + Scenario: Configure with salts generated + Given an empty directory + And WP files + + When I run `wp core config {CORE_CONFIG_SETTINGS}` + Then the wp-config.php file should contain: + """ + define( 'AUTH_SALT', + """ + + @require-php-5.6 + Scenario: Configure with salts fetched from WordPress.org + Given an empty directory + And WP files + + When I run `wp core config {CORE_CONFIG_SETTINGS}` + Then the wp-config.php file should contain: + """ + define('AUTH_SALT', + """ Scenario: Define WPLANG when running WP < 4.0 Given an empty directory From d547f2f36fb7789923c0c615af9587b74b2fb6b6 Mon Sep 17 00:00:00 2001 From: Frankie Jarrett Date: Fri, 4 Aug 2017 15:07:54 -0500 Subject: [PATCH 3/4] Throw Exception in unique_key() if random_int() is missing --- src/Config_Command.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Config_Command.php b/src/Config_Command.php index 79b8e35b4..07ccc8419 100644 --- a/src/Config_Command.php +++ b/src/Config_Command.php @@ -366,9 +366,15 @@ private function return_constant_or_global( $assoc_args, $get_constant, $wp_conf /** * Generate a unique key/salt for the wp-config.php file. * + * @throws Exception + * * @return string */ private static function unique_key() { + if ( ! function_exists( 'random_int' ) ) { + throw new Exception( "'random_int' does not exist" ); + } + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; $key = ''; From f39a5b2d41fb83c24cea4196c81cfb8a83896ae6 Mon Sep 17 00:00:00 2001 From: Frankie Jarrett Date: Fri, 4 Aug 2017 15:51:05 -0500 Subject: [PATCH 4/4] Use less-than-php Behat tag --- features/config-create.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/config-create.feature b/features/config-create.feature index 13575422d..53b8be5d0 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -26,7 +26,7 @@ Feature: Create a wp-config file When I run `wp core config {CORE_CONFIG_SETTINGS} --extra-php < wp-config-extra.php` Then the wp-config.php file should contain: """ - define('AUTH_SALT', + 'AUTH_SALT', """ And the wp-config.php file should contain: """ @@ -85,7 +85,7 @@ Feature: Create a wp-config file define( 'AUTH_SALT', """ - @require-php-5.6 + @less-than-php-7.0 Scenario: Configure with salts fetched from WordPress.org Given an empty directory And WP files