diff --git a/features/config-create.feature b/features/config-create.feature index 340794d10..53b8be5d0 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -26,7 +26,7 @@ Feature: Create a wp-config file When I run `wp core config {CORE_CONFIG_SETTINGS} --extra-php < wp-config-extra.php` Then the wp-config.php file should contain: """ - define('AUTH_SALT', + 'AUTH_SALT', """ And the wp-config.php file should contain: """ @@ -69,6 +69,32 @@ Feature: Create a wp-config file """ define('AUTH_SALT', """ + And the wp-config.php file should not contain: + """ + define( 'AUTH_SALT', + """ + + @require-php-7.0 + Scenario: Configure with salts generated + Given an empty directory + And WP files + + When I run `wp core config {CORE_CONFIG_SETTINGS}` + Then the wp-config.php file should contain: + """ + define( 'AUTH_SALT', + """ + + @less-than-php-7.0 + Scenario: Configure with salts fetched from WordPress.org + Given an empty directory + And WP files + + When I run `wp core config {CORE_CONFIG_SETTINGS}` + Then the wp-config.php file should contain: + """ + define('AUTH_SALT', + """ Scenario: Define WPLANG when running WP < 4.0 Given an empty directory diff --git a/src/Config_Command.php b/src/Config_Command.php index 7668613d3..07ccc8419 100644 --- a/src/Config_Command.php +++ b/src/Config_Command.php @@ -127,10 +127,22 @@ public function create( $_, $assoc_args ) { $assoc_args['extra-php'] = file_get_contents( 'php://stdin' ); } - // TODO: adapt more resilient code from wp-admin/setup-config.php if ( ! \WP_CLI\Utils\get_flag_value( $assoc_args, 'skip-salts' ) ) { - $assoc_args['keys-and-salts'] = self::_read( - 'https://api.wordpress.org/secret-key/1.1/salt/' ); + try { + $assoc_args['keys-and-salts'] = true; + $assoc_args['auth-key'] = self::unique_key(); + $assoc_args['secure-auth-key'] = self::unique_key(); + $assoc_args['logged-in-key'] = self::unique_key(); + $assoc_args['nonce-key'] = self::unique_key(); + $assoc_args['auth-salt'] = self::unique_key(); + $assoc_args['secure-auth-salt'] = self::unique_key(); + $assoc_args['logged-in-salt'] = self::unique_key(); + $assoc_args['nonce-salt'] = self::unique_key(); + } catch ( Exception $e ) { + $assoc_args['keys-and-salts'] = false; + $assoc_args['keys-and-salts-alt'] = self::_read( + 'https://api.wordpress.org/secret-key/1.1/salt/' ); + } } if ( \WP_CLI\Utils\wp_version_compare( '4.0', '<' ) ) { @@ -350,5 +362,27 @@ private function return_constant_or_global( $assoc_args, $get_constant, $wp_conf return $look_into[ $candidate ]; } + + /** + * Generate a unique key/salt for the wp-config.php file. + * + * @throws Exception + * + * @return string + */ + private static function unique_key() { + if ( ! function_exists( 'random_int' ) ) { + throw new Exception( "'random_int' does not exist" ); + } + + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; + $key = ''; + + for ( $i = 0; $i < 64; $i++ ) { + $key .= substr( $chars, random_int( 0, strlen( $chars ) - 1 ), 1 ); + } + + return $key; + } } diff --git a/templates/wp-config.mustache b/templates/wp-config.mustache index 265a925cc..93511c1ac 100644 --- a/templates/wp-config.mustache +++ b/templates/wp-config.mustache @@ -47,9 +47,16 @@ define( 'DB_COLLATE', '{{dbcollate}}' ); * @since 2.6.0 */ {{#keys-and-salts}} -{{keys-and-salts}} +define( 'AUTH_KEY', '{{auth-key}}' ); +define( 'SECURE_AUTH_KEY', '{{secure-auth-key}}' ); +define( 'LOGGED_IN_KEY', '{{logged-in-key}}' ); +define( 'NONCE_KEY', '{{nonce-key}}' ); +define( 'AUTH_SALT', '{{auth-salt}}' ); +define( 'SECURE_AUTH_SALT', '{{secure-auth-salt}}' ); +define( 'LOGGED_IN_SALT', '{{logged-in-salt}}' ); +define( 'NONCE_SALT', '{{nonce-salt}}' ); {{/keys-and-salts}} - +{{keys-and-salts-alt}} /** * WordPress Database Table prefix. *