PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 11.0.0-beta.1
WooCommerce v11.0.0-beta.1
11.0.0-beta.1 10.9.4 10.9.3 10.9.2 10.9.1 10.9.0 10.9.0-rc.1 10.9.0-beta.2 10.9.0-beta.1 10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / src / Internal / CustomerEmailVerification / VerificationController.php
woocommerce / src / Internal / CustomerEmailVerification Last commit date
Admin 4 days ago Emails 4 days ago CustomerEmailVerification.php 4 days ago EmailVerificationService.php 4 days ago VerificationController.php 4 days ago VerificationEventListener.php 4 days ago
VerificationController.php
390 lines
1 <?php
2 declare( strict_types=1 );
3
4 namespace Automattic\WooCommerce\Internal\CustomerEmailVerification;
5
6 /**
7 * Drives the customer email-verification UI on My Account and processes its verify-links.
8 *
9 * Verification uses a one-time link emailed to the customer. Opening the link verifies the address
10 * directly — but ONLY when the request is authenticated as the link's target user. The login gate is
11 * the control, not the HTTP verb.
12 *
13 * This intentionally mirrors WordPress core's own email-change confirmation links, which likewise
14 * complete a sensitive change on an authenticated GET carrying an unguessable secret — no interstitial,
15 * form, or nonce — relying on the auth gate plus the secret:
16 *
17 * - Administration email change: wp-admin/options.php (`adminhash`) —
18 * https://github.com/WordPress/WordPress/blob/master/wp-admin/options.php
19 * - Profile email change: wp-admin/user-edit.php (`newuseremail`) —
20 * https://github.com/WordPress/WordPress/blob/master/wp-admin/user-edit.php
21 *
22 * What makes the link safe:
23 *
24 * - A prefetch (email client or security scanner) is never logged in as the customer, so it can never
25 * reach the verify branch — it only ever sees the My Account login. It cannot consume the key.
26 * - The key is a one-time, time-limited secret bound by hash to the account's current email, so it is
27 * inert without an authenticated session as the target: a leaked key cannot be spent by anyone who is
28 * not already that user (which is also why, like core, it is safe to carry the key in the URL).
29 * - An attacker who registered an account with someone else's email can't read the victim's inbox, so
30 * never receives the link; and the victim can only reach a logged-in-as-target state by resetting the
31 * password, which invalidates the attacker's session.
32 *
33 * No auth cookie is ever minted by the link (that would be exploitable as login CSRF): a logged-out
34 * visitor is shown the My Account login on the link itself, and signing in returns them to the link
35 * (the verify params are preserved in its URL) to complete it as themselves.
36 *
37 * @since 11.0.0
38 */
39 class VerificationController {
40
41 /**
42 * Nonce action used to protect the send-verification request.
43 */
44 private const SEND_NONCE_ACTION = 'woocommerce-send-verification-email';
45
46 /**
47 * Query param used to trigger the send-verification request.
48 */
49 private const SEND_PARAM = 'wc_send_verification';
50
51 /**
52 * Query param carrying the plaintext verification key.
53 */
54 private const KEY_PARAM = 'wc_verify_email_key';
55
56 /**
57 * Query param carrying the target user ID.
58 */
59 private const USER_PARAM = 'wc_verify_email_user';
60
61 /**
62 * Query param carrying a one-off result code to print as a notice on the account page.
63 */
64 private const NOTICE_PARAM = 'wc_verify_notice';
65
66 /**
67 * Minimum seconds between sends (rate limit).
68 */
69 private const SEND_RATE_LIMIT = 60;
70
71 /**
72 * Verification service.
73 *
74 * @var EmailVerificationService
75 */
76 private $service;
77
78 /**
79 * Constructor. Registers hooks.
80 */
81 public function __construct() {
82 add_action( 'template_redirect', array( $this, 'maybe_process_request' ) );
83 add_action( 'woocommerce_before_account_orders', array( $this, 'print_result_notice' ), 5 );
84 add_action( 'woocommerce_before_account_orders', array( $this, 'render_prompt' ) );
85 }
86
87 /**
88 * Inject dependencies.
89 *
90 * @internal
91 * @param EmailVerificationService $service Verification service.
92 */
93 final public function init( EmailVerificationService $service ): void {
94 $this->service = $service;
95 }
96
97 /**
98 * Route an incoming request: a send request or an opened verify-link.
99 *
100 * Opening the emailed link is a GET, which email clients and security scanners routinely prefetch.
101 * Verification is gated on authentication ({@see self::handle_verify_link()}), so a prefetch — always
102 * logged out — only ever reaches the My Account login and can never consume the key.
103 *
104 * @since 11.0.0
105 */
106 public function maybe_process_request(): void {
107 if ( isset( $_GET[ self::SEND_PARAM ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
108 $this->handle_send_request();
109 return;
110 }
111
112 // No nonce on the verify-link: like WordPress core's email-change confirmation links, the
113 // unguessable one-time key is the CSRF defence and the login gate is the authority.
114 // phpcs:disable WordPress.Security.NonceVerification.Recommended
115 if ( isset( $_GET[ self::KEY_PARAM ], $_GET[ self::USER_PARAM ] ) ) {
116 $this->handle_verify_link(
117 absint( wp_unslash( $_GET[ self::USER_PARAM ] ) ),
118 sanitize_text_field( wp_unslash( $_GET[ self::KEY_PARAM ] ) )
119 );
120 }
121 // phpcs:enable WordPress.Security.NonceVerification.Recommended
122 }
123
124 /**
125 * Verify the address from an opened verify-link — gated on being logged in as the link's target user.
126 *
127 * The login gate is the control: verification, and key consumption, happen ONLY on the path where the
128 * request is authenticated as $user_id. A prefetch or any logged-out visit is shown the My Account
129 * login and never touches the key; a visitor logged in as a different account is refused without
130 * consuming it. This is the same shape as WordPress core's email-change confirmation links
131 * (wp-admin/options.php `adminhash`, wp-admin/user-edit.php `newuseremail`): a sensitive change
132 * completed on an authenticated GET carrying an unguessable secret.
133 *
134 * @since 11.0.0
135 *
136 * @param int $user_id Target user ID from the link.
137 * @param string $key Plaintext verification key from the link.
138 * @return void
139 */
140 private function handle_verify_link( int $user_id, string $key ): void {
141 // The key rides in the URL, so keep this response off caches and out of third-party Referer
142 // headers (the logged-out branch renders a themed front-end page that may load such assets).
143 nocache_headers();
144 if ( ! headers_sent() ) {
145 header( 'Referrer-Policy: no-referrer' );
146 }
147
148 $current_user_id = get_current_user_id();
149
150 // Logged out (including any prefetcher): never verify, never consume the key. Render the My
151 // Account login; the verify params stay in the URL so signing in returns here to complete it.
152 if ( ! $current_user_id ) {
153 wc_add_notice( __( 'You need to be logged in to confirm your email address.', 'woocommerce' ), 'notice' );
154 return;
155 }
156
157 // Logged in as someone else: refuse rather than silently switching accounts. The key is untouched.
158 if ( $current_user_id !== $user_id ) {
159 $this->redirect_with_result( 'mismatch' );
160 }
161
162 // Authenticated as the target — the only path that consumes the key and verifies.
163 if ( $this->process_verification( $user_id, $key ) ) {
164 $this->redirect_with_result( 'confirmed' );
165 }
166
167 // Already verified (e.g. the link re-opened after the key was spent): land on Orders quietly,
168 // without repeating the success notice for a confirmation that already happened.
169 if ( $this->service->is_verified( $user_id ) ) {
170 wp_safe_redirect( wc_get_account_endpoint_url( 'orders' ) );
171 exit;
172 }
173
174 // Authenticated as the target, but the key is invalid or expired and they are not verified.
175 $this->redirect_with_result( 'expired' );
176 }
177
178 /**
179 * Handle a request to send (or resend) the verification email, triggered by the My Account prompt.
180 *
181 * Verifies the nonce, applies a rate-limit (does not re-send within the window), dispatches the
182 * email, and redirects to the orders section, where the prompt points the customer to their inbox.
183 *
184 * @since 11.0.0
185 */
186 public function handle_send_request(): void {
187 $user_id = get_current_user_id();
188
189 if ( ! $user_id ) {
190 return;
191 }
192
193 $nonce = isset( $_GET['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ) : '';
194
195 if ( ! wp_verify_nonce( $nonce, self::SEND_NONCE_ACTION ) ) {
196 $this->redirect_with_result( 'invalid' );
197 }
198
199 // Only send a fresh link once the last one is outside the rate-limit window; otherwise the
200 // existing link still stands and the prompt continues to point the customer to their inbox.
201 $seconds_since = $this->service->seconds_since_last_key( $user_id );
202 if ( null === $seconds_since || $seconds_since >= self::SEND_RATE_LIMIT ) {
203 $this->send_verification_email( $user_id );
204 $this->redirect_with_result( 'sent' );
205 }
206
207 $this->redirect_with_result( 'throttled' );
208 }
209
210 /**
211 * Return whether the verification prompt should be shown for the current user.
212 *
213 * True for a logged-in, unverified customer, except one still using a temporary password (those
214 * confirm via their set-password link, so the temporary-password notice already covers it). This
215 * must not depend on whether matching guest orders exist, because that would disclose order
216 * existence before the customer proves they control the email address.
217 *
218 * @since 11.0.0
219 *
220 * @return bool
221 */
222 public function should_show_prompt(): bool {
223 $user_id = get_current_user_id();
224
225 if ( ! $user_id ) {
226 return false;
227 }
228
229 if ( $this->service->is_verified( $user_id ) ) {
230 return false;
231 }
232
233 // A temporary-password account already has a set-password link (which also verifies on use),
234 // surfaced by the temporary-password notice — don't show a second prompt alongside it.
235 if ( get_user_option( 'default_password_nag', $user_id ) ) {
236 return false;
237 }
238
239 return true;
240 }
241
242 /**
243 * Render the verification prompt notice on the My Account "Orders" panel.
244 *
245 * Within the rate-limit window a link was sent recently, so the prompt points the customer to their
246 * inbox and offers no immediate resend; otherwise it carries the "confirm email" call to action.
247 *
248 * @internal
249 * @since 11.0.0
250 */
251 public function render_prompt(): void {
252 if ( ! $this->should_show_prompt() ) {
253 return;
254 }
255
256 $user_id = get_current_user_id();
257 $seconds_since = $this->service->seconds_since_last_key( $user_id );
258
259 if ( null !== $seconds_since && $seconds_since <= self::SEND_RATE_LIMIT ) {
260 // A just-sent/throttled result notice (from the redirect) already points to the inbox this
261 // page load, so don't print a second "check your inbox" alongside it.
262 // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- display-only, no state change.
263 if ( ! isset( $_GET[ self::NOTICE_PARAM ] ) ) {
264 wc_print_notice(
265 esc_html__( 'Confirm your email address to check for past orders. A confirmation link was sent recently — please check your inbox.', 'woocommerce' ),
266 'notice'
267 );
268 }
269 return;
270 }
271
272 $send_url = wp_nonce_url(
273 add_query_arg( self::SEND_PARAM, '1', wc_get_account_endpoint_url( 'orders' ) ),
274 self::SEND_NONCE_ACTION
275 );
276
277 $notice = sprintf(
278 '<a href="%2$s" class="button wc-forward">%3$s</a> %1$s',
279 esc_html__( 'Confirm your email address to check for past orders and link them to your account.', 'woocommerce' ),
280 esc_url( $send_url ),
281 esc_html__( 'Confirm email address', 'woocommerce' )
282 );
283
284 wc_print_notice( $notice, 'notice' );
285 }
286
287 /**
288 * Print the one-off result notice carried by the {@see self::NOTICE_PARAM} query arg, if any.
289 *
290 * Send/confirm actions redirect here with a result code rather than queuing a session notice, so the
291 * page shows exactly the current request's outcome — re-running an action can't stack notices.
292 *
293 * @internal
294 * @since 11.0.0
295 */
296 public function print_result_notice(): void {
297 // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- display-only, no state change.
298 $code = isset( $_GET[ self::NOTICE_PARAM ] ) ? sanitize_key( wp_unslash( $_GET[ self::NOTICE_PARAM ] ) ) : '';
299 $notice = $this->result_notice( $code );
300
301 if ( null !== $notice ) {
302 wc_print_notice( esc_html( $notice[0] ), $notice[1] );
303 }
304 }
305
306 /**
307 * Map a redirect result code to its [ message, notice type ], or null for an unknown code.
308 *
309 * @param string $code Result code from a send/confirm redirect.
310 * @return array{0: string, 1: string}|null
311 */
312 private function result_notice( string $code ): ?array {
313 switch ( $code ) {
314 case 'sent':
315 return array( __( 'A confirmation link has been sent to your email address. Please check your inbox.', 'woocommerce' ), 'success' );
316 case 'throttled':
317 return array( __( 'A confirmation link was sent recently. Please check your inbox, or wait a moment before requesting a new one.', 'woocommerce' ), 'notice' );
318 case 'confirmed':
319 return array( __( 'Your email address has been confirmed.', 'woocommerce' ), 'success' );
320 case 'expired':
321 return array( __( 'This confirmation link is invalid or has expired. Please request a new one.', 'woocommerce' ), 'error' );
322 case 'mismatch':
323 return array( __( 'Unable to confirm this email while you are logged in to a different account. Please log out and open the link again.', 'woocommerce' ), 'error' );
324 case 'invalid':
325 return array( __( 'Invalid request. Please try again.', 'woocommerce' ), 'error' );
326 default:
327 return null;
328 }
329 }
330
331 /**
332 * Redirect to the orders section carrying a one-off result code, then exit.
333 *
334 * @param string $code Result code understood by {@see self::result_notice()}.
335 * @return never
336 */
337 private function redirect_with_result( string $code ): void {
338 wp_safe_redirect( add_query_arg( self::NOTICE_PARAM, $code, wc_get_account_endpoint_url( 'orders' ) ) );
339 exit;
340 }
341
342 /**
343 * Validate a key and verify the user.
344 *
345 * @since 11.0.0
346 *
347 * @param int $user_id User ID.
348 * @param string $key Plaintext verification key.
349 * @return bool True when verification succeeded.
350 */
351 public function process_verification( int $user_id, string $key ): bool {
352 if ( ! $user_id || '' === $key ) {
353 return false;
354 }
355 if ( ! $this->service->check_verification_key( $user_id, $key ) ) {
356 return false;
357 }
358 $this->service->mark_verified( $user_id );
359 return true;
360 }
361
362 /**
363 * Send (or resend) a verification email to a user.
364 *
365 * @since 11.0.0
366 *
367 * @param int $user_id User ID.
368 */
369 public function send_verification_email( int $user_id ): void {
370 $user = get_user_by( 'id', $user_id );
371 if ( ! $user ) {
372 return;
373 }
374
375 $verify_url = $this->service->build_verification_url( $user_id );
376
377 WC()->mailer();
378
379 /**
380 * Triggers sending of the customer email-verification email.
381 *
382 * @param int $user_id The WordPress user ID of the customer.
383 * @param string $verify_url The one-time verification URL to include in the email.
384 *
385 * @since 11.0.0
386 */
387 do_action( 'woocommerce_customer_verify_email_notification', $user_id, $verify_url );
388 }
389 }
390