Closed remcotolsma closed 3 years ago
Intuitively I think we should move away from the key
property and use dynamically generated hashes that can be invalidated by setting new secret keys (https://api.wordpress.org/secret-key/1.1/salt/).
The key is currently used in i think return, redirect and subscription action URLs:
Now old payments without key/hash were also allowed through, but for the future we can always require a hash? How bad is it that a return/redirect URL of an old payment no longer works?
For now decided to simply use:
payment {
"key": "..."
}
https://github.com/pronamic/wp-pay-core/commit/eca6822eaf49ee364f44139fb2f844268167b1eb
@rvdsteege How should we name this in JSON?
Is just
key
clear enough?$payment->get_key()
$payment->set_key( $key )
Or should we put this away in
meta
? Did we borrow the concept of akey
from WooCommerce orders?In https://github.com/pronamic/wp-pronamic-pay/issues/201#issue-985197556 i also describe a rewrite rule like:
Also with the note:
In https://docs.google.com/spreadsheets/d/1CJHnHcr9s8lkh4Fq9HQmlAThCK69eXiTC3UktyeQKYw/edit?usp=sharing we also suggested to store the
key
inwp_posts.post_password
.There is no index on the
wp_posts.post_password
so maybewp_posts.post_name
is even a better choice?The current payment/subscription key is also not a
wp_hash( $subscription->get_id() )
key.