Adding CR suggestions

alleyinteractive · Jan 11, 2024 · 91a6d0d · 91a6d0d
1 parent 084571a
commit 91a6d0d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 32 deletions.
diff --git a/src/alley/wp/alleyvate/features/class-login-nonce.php b/src/alley/wp/alleyvate/features/class-login-nonce.php
@@ -49,7 +49,6 @@ final class Login_Nonce implements Feature {
 	 */
 	public function boot(): void {
 		add_action( 'login_form_login', [ self::class, 'action__add_nonce_life_filter' ] );
-		add_action( 'login_form', [ self::class, 'action__add_nonce_to_form' ] );
 		add_action( 'login_head', [ self::class, 'action__add_meta_refresh' ] );
 		add_action( 'after_setup_theme', [ self::class, 'action__pre_validate_login_nonce' ], 9999 );
 	}
@@ -82,6 +81,7 @@ public static function action__add_nonce_to_form(): void {
 	 */
 	public static function action__add_nonce_life_filter(): void {
 		add_filter( 'nonce_life', [ __CLASS__, 'nonce_life_filter' ] );
+		add_action( 'login_form', [ __CLASS__, 'action__add_nonce_to_form' ] );
 	}
 
 	/**

diff --git a/tests/alley/wp/alleyvate/features/test-login-nonce.php b/tests/alley/wp/alleyvate/features/test-login-nonce.php
@@ -75,9 +75,7 @@ protected function tearDown(): void {
 	public function test_logins_require_nonce(): void {
 		global $pagenow;
 
-		$_POST = [
-			'pwd' => 'password',
-		];
+		$_POST = [ 'pwd' => 'password' ];
 
 		$pagenow = 'wp-login.php';
 
@@ -123,42 +121,21 @@ public function test_logins_work_with_nonce(): void {
 	}
 
 	/**
-	 * Test logout bypasses login nonce validation.
+	 * Test the login nonce doesn't affect other wp-login.php actions.
 	 */
-	public function test_logout_bypass_nonce_validation(): void {
-		global $pagenow;
-
-		$_POST = [
-			'action'   => 'logout',
-			'_wpnonce' => wp_create_nonce( '-1' ),
-		];
+	public function test_login_nonce_validates(): void {
+		$token = wp_create_nonce( Login_Nonce::NONCE_ACTION );
 
-		$pagenow = 'wp-login.php';
-
-		try {
-			Login_Nonce::action__pre_validate_login_nonce();
-		} catch ( WP_Die_Exception $e ) {
-			// Do nothing.
-		}
-
-		$this->assertSame( 200, http_response_code() );
+		$this->assertTrue( wp_validate_boolean( wp_verify_nonce( $token, Login_Nonce::NONCE_ACTION ) ) );
 	}
 
 	/**
-	 * Test hooking into `nonce_life`, changes the nonce value of other nonces.
+	 * Test the login nonce doesn't affect other wp-login.php actions.
 	 */
-	public function test_nonce_life_change_affects_other_nonces(): void {
-		$nonce_life_filter = fn() => Login_Nonce::NONCE_TIMEOUT;
-
-		add_filter( 'nonce_life', $nonce_life_filter );
-
+	public function test_logout_nonce_validates(): void {
 		$token = wp_create_nonce( 'log-out' );
 
-		remove_filter( 'nonce_life', $nonce_life_filter );
-
-		$this->assertFalse( wp_validate_boolean( wp_verify_nonce( $token, 'log-out' ) ) );
-
-		$token = wp_create_nonce( 'log-out' );
+		do_action( 'login_init' ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
 
 		$this->assertTrue( wp_validate_boolean( wp_verify_nonce( $token, 'log-out' ) ) );
 	}