Store `_pronamic_payment_key` in JSON

remcotolsma commented 3 years ago

@rvdsteege How should we name this in JSON?

payment {
    "key": "..."
}

Is just key clear enough?

$payment->get_key()
$payment->set_key( $key )

Or should we put this away in meta? Did we borrow the concept of a key from WooCommerce orders?

In https://github.com/pronamic/wp-pronamic-pay/issues/201#issue-985197556 i also describe a rewrite rule like:

http://pay.local/abonnement-inzien/{secret_40_chars_sha_1_hash}
http://pay.local/abonnement-inzien/9cf95dacd226dcf43da376cdb6cbba7035218921

Also with the note:

Use wp_hash( $subscription->get_id() ) for an unique hash in a public URL, if users generate new salts (https://api.wordpress.org/secret-key/1.1/salt/) the old public links will also no longer work.

In https://docs.google.com/spreadsheets/d/1CJHnHcr9s8lkh4Fq9HQmlAThCK69eXiTC3UktyeQKYw/edit?usp=sharing we also suggested to store the key in wp_posts.post_password.

There is no index on the wp_posts.post_password so maybe wp_posts.post_name is even a better choice?

The current payment/subscription key is also not a wp_hash( $subscription->get_id() ) key.

remcotolsma commented 3 years ago

Intuitively I think we should move away from the key property and use dynamically generated hashes that can be invalidated by setting new secret keys (https://api.wordpress.org/secret-key/1.1/salt/).

The key is currently used in i think return, redirect and subscription action URLs:

Now old payments without key/hash were also allowed through, but for the future we can always require a hash? How bad is it that a return/redirect URL of an old payment no longer works?

remcotolsma commented 3 years ago

For now decided to simply use:

payment {
    "key": "..."
}

https://github.com/pronamic/wp-pay-core/commit/eca6822eaf49ee364f44139fb2f844268167b1eb

pronamic / wp-pronamic-pay

Store `_pronamic_payment_key` in JSON #237