[wp-trac] [WordPress Trac] #43443: Add a method for confirmation of requests for deleting or anonymizing of personal data
WordPress Trac
noreply at wordpress.org
Mon Mar 5 18:18:10 UTC 2018
#43443: Add a method for confirmation of requests for deleting or anonymizing of
personal data
-------------------------------------------------+-------------------------
Reporter: azaozz | Owner: mikejolley
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: gdpr has-patch dev-feedback needs- | Focuses:
testing |
-------------------------------------------------+-------------------------
Changes (by mikejolley):
* keywords: gdpr needs-patch => gdpr has-patch dev-feedback needs-testing
Comment:
Rather than a solution just for the above 2 use cases (delete account and
anonymize), I thought it would be good to work on something more generic
for this.
* A function that could be called to confirm action X for email Y
* An email to be generated with a confirmation link:
* Based on email/password change email functions
* Avoid personal identifiable information in the URL itself
* Support for VISITORS who may not have an account, but may still
have data in the database e.g. from comments.
* Email content is filterable.
* Avoided a new DB table (although we could add one for performance
reasons, I opted for a combination of usermeta and options in first pass).
* Added handling code to `wp-login.php` with similar code. That file is a
mess but refactor is out of scope.
I've attached my first pass diff. Feedback welcome for
naming/wording/approach.
Usage:
1. Code which needs confirmation from the user first calls the
`send_confirm_account_action_email()` function. You give it a name for
your action, user email, and optionally a user friendly description for
the action that is added to the email.
2. Email is generated and sent - `send_confirm_account_action_email()`
returns true if the mail was sent, or `WP_Error` object if there was a
problem.
3. User clicks link in the email. It will look something like this:
`https://local.wordpress.test/wp-
login.php?action=emailconfirm&confirm_action=confirm-edit-
account&uid=1&confirm_key=jIzpeoknqQZHErNhQsWJ`
1. Note the UID. This will be a user ID for a real WP account, and
an email hash for a visitor who has no account.
2. `confirm_action` is your given action name.
3. `confirm_key` avoids conflicts with password reset.
4. `wp-login.php` handles the new action (`emailconfirm`) and calls
`check_confirm_account_action_key()`. This function returns true or false
depending on if the confirmation data is valid. After this one of two
things can happen:
1. The link was valid. `account_action_confirmed` action is fired
which passes the action name and email address of the user.
2. The link was not valid, or expired. `account_action_failed`
action is fired which passes the error object. The page is killed with
error message.
The email that gets sent looks like this:
[[Image(https://dl.dropboxusercontent.com/s%2Fn16y623mw1f1tgn%2Fs31c4pdznjnmauozSpark%252520-%252520Inbox%2525202018-03-05%25252017-32-34.png%2520%2528746%25C3%2597507%2529%25202018-03-05%252018-14-40.png)]]
Thats it in a nutshell. The roughest part is the wp-login handling but I
want feedback before working on it further.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43443#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list