feat: authenticated reader cookie (#1882)

Automattic · Aug 12, 2022 · 352316b · 352316b
1 parent 604ebf7
commit 352316b
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/assets/reader-activation/index.js b/assets/reader-activation/index.js
@@ -140,6 +140,19 @@ export function setAuthenticated( authenticated = true ) {
 	emit( EVENTS.reader, store.reader );
 }
 
+/**
+ * Detect whether the current reader is authenticated.
+ */
+export function refreshAuthentication() {
+	const email = getCookie( 'np_auth_reader' );
+	if ( email ) {
+		setReaderEmail( email );
+		setAuthenticated( true );
+	} else {
+		setReaderEmail( getCookie( 'np_auth_intention' ) );
+	}
+}
+
 /**
  * Get the current reader.
  *
@@ -204,6 +217,7 @@ const readerActivation = {
 	off,
 	setReaderEmail,
 	setAuthenticated,
+	refreshAuthentication,
 	getReader,
 	hasAuthLink,
 	setAuthStrategy,

diff --git a/includes/class-reader-activation.php b/includes/class-reader-activation.php
@@ -16,6 +16,7 @@ final class Reader_Activation {
 
 	const OPTIONS_PREFIX = 'newspack_reader_activation_';
 
+	const AUTH_READER_COOKIE    = 'np_auth_reader';
 	const AUTH_INTENTION_COOKIE = 'np_auth_intention';
 	const SCRIPT_HANDLE         = 'newspack-reader-activation';
 	const AUTH_SCRIPT_HANDLE    = 'newspack-reader-auth';
@@ -51,6 +52,7 @@ public static function init() {
 		if ( self::is_enabled() ) {
 			\add_action( 'wp_enqueue_scripts', [ __CLASS__, 'enqueue_scripts' ] );
 			\add_action( 'clear_auth_cookie', [ __CLASS__, 'clear_auth_intention_cookie' ] );
+			\add_action( 'clear_auth_cookie', [ __CLASS__, 'clear_auth_reader_cookie' ] );
 			\add_action( 'set_auth_cookie', [ __CLASS__, 'clear_auth_intention_cookie' ] );
 			\add_filter( 'login_form_defaults', [ __CLASS__, 'add_auth_intention_to_login_form' ], 20 );
 			\add_action( 'resetpass_form', [ __CLASS__, 'set_reader_verified' ] );
@@ -253,6 +255,39 @@ public static function set_auth_intention_cookie( $email ) {
 		setcookie( self::AUTH_INTENTION_COOKIE, $email, $expire, COOKIEPATH, COOKIE_DOMAIN, true );
 	}
 
+	/**
+	 * Clear cookie that indicates the reader is authenticated.
+	 */
+	public static function clear_auth_reader_cookie() {
+		/** This filter is documented in wp-includes/pluggable.php */
+		if ( ! apply_filters( 'send_auth_cookies', true ) ) {
+			return;
+		}
+
+		// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.cookies_setcookie
+		setcookie( self::AUTH_READER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
+	}
+
+	/**
+	 * Set cookie to indicate the reader has been authenticated.
+	 *
+	 * This cookie expiration doesn't matter, as it's intended to be read right
+	 * after a frontend action that might have registered/authenticated a reader.
+	 *
+	 * Do not use this cookie for validation.
+	 *
+	 * @param \WP_User $user User object.
+	 */
+	public static function set_auth_reader_cookie( $user ) {
+		/** This filter is documented in wp-includes/pluggable.php */
+		if ( ! apply_filters( 'send_auth_cookies', true ) ) {
+			return;
+		}
+
+		// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.cookies_setcookie
+		setcookie( self::AUTH_READER_COOKIE, $user->user_email, time() + HOUR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN, true );
+	}
+
 	/**
 	 * Get the auth intention value.
 	 *
@@ -1014,6 +1049,7 @@ public static function set_current_reader( $user_or_user_id ) {
 		\wp_clear_auth_cookie();
 		\wp_set_current_user( $user->ID );
 		\wp_set_auth_cookie( $user->ID, true );
+		self::set_auth_reader_cookie( $user );
 		\do_action( 'wp_login', $user->user_login, $user );
 		Logger::log( 'Logged in user ' . $user->ID );