[CMSP-1193] Filter pantheon_cache_default_max_age when nonces are c…

…reated (#282) * require the wp_screen class if it's not loaded * filter default cache max age to less than nonce_life when creating nonces * add tests * update changelog * add props
pantheon-systems · May 28, 2024 · 61d5068 · 61d5068
1 parent 2a17282
commit 61d5068
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -395,6 +395,7 @@ See [CONTRIBUTING.md](https://github.com/pantheon-systems/pantheon-advanced-page
 * Adds new admin alerts and Site Health tests about default cache max age settings and recommendations [[#268](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/268), [#271](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/271)]. The default Pantheon GCDN cache max age value has been updated to 1 week in the [Pantheon MU plugin](https://github.com/pantheon-systems/pantheon-mu-plugin). For more information, see the [release note](https://docs.pantheon.io/release-notes/2024/04/pantheon-mu-plugin-1-4-0-update).
 * Updated UI in Pantheon Page Cache admin page when used in a Pantheon environment (with the Pantheon MU plugin). [[#272](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/272)]
 * Automatically updates the cache max age to the recommended value (1 week) if it was saved at the old default value (600 seconds). [[#269](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/269)]
+* Adds a hook into the `nonce_life` filter when nonces are created on the front-end to set the `pantheon_cache_default_max_age` to less than the nonce lifetime to avoid nonces expiring before the cache does. [[#282](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/282)] props [@ryanshoover](https://github.com/ryanshoover)
 
 ### 1.5.0 (March 11, 2024) ###
 * Adds filter `pantheon_purge_post_type_ignored` to allow an array of post types to ignore before purging cache [[#258](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/258)]

diff --git a/inc/admin-interface.php b/inc/admin-interface.php
@@ -42,6 +42,7 @@ function bootstrap() {
 	add_filter( 'pantheon_cache_max_age_field_after_html', __NAMESPACE__ . '\\add_max_age_setting_description' );
 	add_filter( 'pantheon_cache_max_age_input', __NAMESPACE__ . '\\update_default_ttl_input' );
 	add_filter( 'pantheon_cache_max_age_input_allowed_html', __NAMESPACE__ . '\\max_age_input_allowed_html' );
+	add_filter( 'nonce_life', __NAMESPACE__ . '\\filter_nonce_cache_lifetime' );
 }
 
 /**
@@ -585,3 +586,25 @@ function max_age_updated_admin_notice() {
 	// Update the user meta to prevent this notice from showing again after they've seen it once.
 	update_user_meta( $current_user_id, 'pantheon_max_age_updated_notice', true );
 }
+
+/**
+ * Filter the nonce cache lifetime.
+ *
+ * @param int $lifetime The lifetime of the nonce.
+ *
+ * @since 2.0.0-dev
+ * @return int
+ */
+function filter_nonce_cache_lifetime( $lifetime ) {
+	// Bail early if we're in the admin.
+	if ( is_admin() ) {
+		return $lifetime;
+	}
+
+	// Filter the cache default max age to less than the nonce lifetime when creating nonces on the front-end. This prevents the cache from keeping the nonce around longer than it should.
+	add_filter( 'pantheon_cache_default_max_age', function () use ( $lifetime ) {
+		return $lifetime - HOUR_IN_SECONDS;
+	} );
+
+	return $lifetime;
+}
diff --git a/readme.txt b/readme.txt
@@ -364,6 +364,7 @@ See [CONTRIBUTING.md](https://github.com/pantheon-systems/wp-saml-auth/blob/mast
 * Adds new admin alerts and Site Health tests about default cache max age settings and recommendations [[#268](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/268), [#271](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/271)]. The default Pantheon GCDN cache max age value has been updated to 1 week in the [Pantheon MU plugin](https://github.com/pantheon-systems/pantheon-mu-plugin). For more information, see the [release note](https://docs.pantheon.io/release-notes/2024/04/pantheon-mu-plugin-1-4-0-update).
 * Updated UI in Pantheon Page Cache admin page when used in a Pantheon environment (with the Pantheon MU plugin). [[#272](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/272)]
 * Automatically updates the cache max age to the recommended value (1 week) if it was saved at the old default value (600 seconds). [[#269](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/269)]
+* Adds a hook into the `nonce_life` filter when nonces are created on the front-end to set the `pantheon_cache_default_max_age` to less than the nonce lifetime to avoid nonces expiring before the cache does. [[#282](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/282)] props [@ryanshoover](https://profiles.wordpress.org/ryanshoover/)
 
 = 1.5.0 (11 March 2024) =
 * Adds filter `pantheon_purge_post_type_ignored` to allow an array of post types to ignore before purging cache [[#258](https://github.com/pantheon-systems/pantheon-advanced-page-cache/pull/258)]

diff --git a/tests/phpunit/bootstrap.php b/tests/phpunit/bootstrap.php
@@ -28,5 +28,10 @@ function _manually_load_plugin() {
 	define( 'REST_TESTS_IMPOSSIBLY_HIGH_NUMBER', 99999999 );
 }
 
+// Include WP_Screen class definition if not already included
+if ( ! class_exists( 'WP_Screen' ) ) {
+	require_once $_tests_dir . '/includes/class-wp-screen.php';
+}
+
 require __DIR__ . '/class-pantheon-advanced-page-cache-testcase.php';
 require __DIR__ . '/pantheon-edge-functions.php';
diff --git a/tests/phpunit/test-admin-interface.php b/tests/phpunit/test-admin-interface.php
@@ -29,6 +29,7 @@ public function tearDown(): void {
 		delete_transient( 'papc_max_age_compare' );
 		remove_all_filters( 'pantheon_cache_default_max_age' );
 		remove_all_filters( 'pantheon_apc_disable_admin_notices' );
+		remove_all_filters( 'nonce_life' );
 	}
 
 	/**
@@ -444,4 +445,38 @@ public function max_age_options_mock() {
 			YEAR_IN_SECONDS => 'Perpetual (1 year)',
 		];
 	}
+
+	/**
+	 * Test filter_nonce_cache_lifetime.
+	 * Make sure that the max age is updated when creating nonces on the front-end.
+	 *
+	 * @dataProvider filter_nonce_cache_lifetime_provider
+	 */
+	public function test_filter_nonce_cache_lifetime( $screen, $expected ) {
+		global $current_screen;
+		if ( $screen === 'front-end' ) {
+			$current_screen = null;
+		} else {
+			set_current_screen( $screen );
+		}
+
+		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
+		filter_nonce_cache_lifetime( $nonce_life );
+		$nonce_cache_lifetime = apply_filters( 'pantheon_cache_default_max_age', $nonce_life );
+
+		$this->assertEquals( $expected, $nonce_cache_lifetime, sprintf( '%s test failed to assert that %s was equal to %s', $screen, humanized_max_age( $nonce_cache_lifetime ), humanized_max_age( $expected ) ) );
+	}
+
+	/**
+	 * Data provider for test_filter_nonce_cache_lifetime.
+	 *
+	 * @return array
+	 */
+	public function filter_nonce_cache_lifetime_provider() {
+		// screen, updated max_age
+		return [
+			[ 'dashboard', DAY_IN_SECONDS ],
+			[ 'front-end', DAY_IN_SECONDS - HOUR_IN_SECONDS ],
+		];
+	}
 }