one-time-login icon indicating copy to clipboard operation
one-time-login copied to clipboard
verified publisher icon danielbachhuber

Expire one-time login links

Open danielbachhuber opened this issue 9 years ago • 4 comments

Currently, the one-time login link lasts for as long as the plugin is active. We should probably expire the link at some point.

danielbachhuber avatar Apr 28 '16 22:04 danielbachhuber

I see that there is a --delay-delete now so this actually is already implemented and the issue can be closed.

shaneonabike avatar Feb 24 '22 15:02 shaneonabike

--delay-delete is actually a little different: it means the token is deleted in 15 minutes after use, not immediately after use. The token is still valid for an indefinite period of time.

This issue is meant to only make the token valid for a specific period of time.

danielbachhuber avatar Feb 24 '22 16:02 danielbachhuber

Hi, I'm wondering if add an extra param to wp-cli --expiry=10, meaning that token will expire after 10 mins, independent of being used or not. It cam be achieved on function one_time_login_generate_tokens, using the same approach of delay-delete scheduling wp_schedule_single_event() for expiry time. I can make a pull request with this, if interested.

masakik avatar May 16 '23 22:05 masakik

@masakik Sure, I'd be open to a pull request for that!

danielbachhuber avatar May 17 '23 20:05 danielbachhuber