danielbachhuber / one-time-login Goto Github PK

Generate a one-time login URL for any user

Home Page: https://runcommand.io/wp/user-one-time-login/

JavaScript 2.77% Shell 25.02% PHP 72.21%

one-time-login's Introduction

One Time Login

Contributors: danielbachhuber, aaronjorbin, acali, gdespoulain
Tags: login
Requires at least: 4.4
Tested up to: 5.8
Stable tag: 0.4.0
Requires PHP: 7.4
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Use WP-CLI to generate a one-time login URL for any user

Description

Need access to a WordPress install but don't want to create a new user account? Use this plugin to generate one-time login URLs for any existing user. Then, copy the URL, paste it into your web browser, and... voila!

Because they are one-time login URLs, they will only work once. If you need access again, you'll need to run the WP-CLI command again.

Using WP CLI to generate OTT URLs

==== Example ====

wp plugin install one-time-login --activate && wp user one-time-login <user> --count=3 --delay-delete

After you run the command above, you'll see a success message like this:

http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=93974b48e3a418b895fc7ca476f1a607d8b99345

Or like this if you asked for more than one:

http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=2b9c6f5d71d51d530e397ee9da3b50e4e3dd06e7
http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=90897da439a116c613fc1c49c372e6b1f7c72ad8
http://wpdev.test/wp-login.php?user_id=1&one_time_login_token=68c8074743de849db606500c3caa39a7432dc601

==== Parameters ====

count: Generate more than one login token (default: 1);
delay-delete: Delete existing tokens after 15 minutes, instead of immediately.

Using WP API to generate OTT URLs

==== Example with cUrl ====

curl -X POST \
	http://wpdev.test/wp-json/one-time-login/v1/token
	-H 'authorization: Basic YWRtaW46eFRQeUJ5c3hEckhkY3BNYjE2endiQ2tj'
	-H 'cache-control: no-cache'
	-H 'postman-token: 8dcfa79a-401a-2c7d-c593-703e683ce785'
	-d '{
		"user":"admin",
		"count": 3,
		"delay-delete": true
	}'

==== Parameters ====

Just as with WP CLI, you can add the count and delay_delete parameters to your call.

Feel free to file issues and pull requests against the project on Github.

Installation

See description for installation and usage instructions.

Changelog

0.4.0 (August 30th, 2021)

Introduces one-time-login/v1/token WP REST API endpoint to generate tokens [#28].

0.3.1 (June 1st, 2021)

Fires one_time_login_after_auth_cookie_set action after the auth cookie is set [#27].

0.3.0 (May 24th, 2018)

Introduces --delay-delete flag to delete old tokens after 15 minutes instead of immediately.
Improves invalid token message when user is already logged in: "Invalid one-time login token, but you are logged in as 'user_login'. Go to the dashboard instead?".

0.2.0 (May 3rd, 2018)

Introduces support for multiple one-time login links.
Links to the login screen from the "Invalid token" error message.

0.1.2 (June 11th, 2016)

Fires one_time_login_created action when login URL is created, and one_time_login_logged_in action when user is logged in via one-time login URL.

0.1.1 (May 26th, 2016)

Bug fix: Pass $assoc_args into the command to ensure the --porcelain flag actually works.

0.1.0 (April 28th, 2016)

Initial release.

one-time-login's People

Contributors

Stargazers

Watchers

Forkers

aaronjorbin jjtroberts jaydeepjivani kermitthehog coderpete davisshaver k-utsubo staxwp angcl enoksaju zindont shaneonabike audetcameron masakik supersoju

one-time-login's Issues

Doesn't work with object caching

We use Redis for object caching and usermeta by default is a cached group. So when a token is generated and saved to the usermeta table it's not saved in Redis. When trying to login using the URL it returns an invalid token error because $tokens var is empty.

A quick fix is to stop caching the usermeta table.

I was thinking maybe it's worth saving tokens somewhere else, to continue caching the usermeta group. Possibly using wp_cache_add if object caching is active and wp_cache_delete to delete it.

Generate multiple one-time login links

As a plugin user, it would be helpful to be able to generate multiple one-time login links so they can be cached in some external system for later use.

Add button to form

Need add button for page login in form

Fix use of $assoc_args

It's not actually passed through to the command.

Expire one-time login links

Currently, the one-time login link lasts for as long as the plugin is active. We should probably expire the link at some point.

update wordpress.org version

Thanks for a great plugin! Wordpress states:

This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

As far as I can tell it works fine with the latest WordPress (5.4), can you verify this and push an update to wordpress.org stating compatibility? Thanks!
https://wordpress.org/plugins/one-time-login/

Link user to login screen from error message

If a user's one-time login link expires, it would be helpful if we pointed them to an alternative way of logging in (e.g. the login screen).

API endpoint

Now, that WordPress implemented application passwords für API requests, what do you think about adding an API endpoint, to generate "one time tokens"?

Allow redirection after login

With the standard WordPress login flow, you can pass the redirect_to URL param when loading wp-login.php to specify a page the user will end up on once completing the login process. It would be great if this could be handled by this plugin either by processing the redirect_to param, or by a new optional argument when creating the token.

The login_redirect hook should be available to the plugin within this context.

restAPI: rest_forbidden 401

Hello, I tried to use the restAPI in your plugin.
And unfortunately I get a "401" "rest_forbidden" as an answer.

Can somebody help me with it?

`wp plugin install --force --version=0.4.0 one-time-login` installs v0.3.1 version

I've installed one-time-login with wp-cli:

$ wp plugin install --force --version=0.4.0 one-time-login
Installing One Time Login (0.4.0)
Downloading installation package from https://downloads.wordpress.org/plugin/one-time-login.0.4.0.zip...
The authenticity of one-time-login.0.4.0.zip could not be verified as no signature was found.
Unpacking the package...
Installing the plugin...
Removing the old version of the plugin...
Plugin updated successfully.
Success: Installed 1 of 1 plugins.

Checksums OK:

$ wp plugin verify-checksums one-time-login
Success: Verified 1 of 1 plugins.

But it's not the v0.4.0 version. Even the plugin header has 0.3.1.

$ wp plugin get one-time-login
+-------------+-----------------------------------------------------------+
| Field       | Value                                                     |
+-------------+-----------------------------------------------------------+
| name        | one-time-login                                            |
| title       | One Time Login                                            |
| author      | Daniel Bachhuber                                          |
| version     | 0.3.1                                                     |
| description | Use WP-CLI to generate a one-time login URL for any user. |
| status      | active                                                    |
+-------------+-----------------------------------------------------------+

I've also diffed the downloaded plugin file (one-time-login.php) with versions from this repo (master, v0.4.0) and it's definitely not v0.3.1, but strangely it differs from v0.3.1 also...

Am I missing something?