fix: allow logged-out email verification

[superdav42]

Summary

• Allow email verification links to verify pending customers without requiring the matching customer to be logged in.
• Compare verification keys with hash_equals() and generate new keys with random 32-character tokens.
• Add regression coverage for logged-out verification and sessions where another user/admin is logged in.

Verification

• vendor/bin/phpcs inc/managers/class-customer-manager.php inc/models/class-customer.php tests/WP_Ultimo/Managers/Customer_Manager_Test.php tests/WP_Ultimo/Models/Customer_Test.php
• vendor/bin/phpunit --filter Customer_Manager_Test
• vendor/bin/phpunit --filter Customer_Test

PHPUnit emitted existing PHP 8.4 deprecation noise unrelated to this change.

---

Summary by CodeRabbit

• Bug Fixes

  • Enhanced email verification security with stronger validation checks
  • Simplified email verification flow to improve reliability and reduce edge cases

• Tests

  • Added comprehensive test coverage for email verification scenarios, including logged-out and multi-user situations

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9ccb82e6-804e-4524-94c1-1aff109f3353

📥 Commits

Reviewing files that changed from the base of the PR and between b70a3e9 and bc14d32.

📒 Files selected for processing (4)

• inc/managers/class-customer-manager.php
• inc/models/class-customer.php
• tests/WP_Ultimo/Managers/Customer_Manager_Test.php
• tests/WP_Ultimo/Models/Customer_Test.php

---

📝 Walkthrough

Walkthrough

This PR refactors the customer email verification flow to use WordPress password generation for cryptographic keys, removes login-based access control, and adds hash-safe equality comparison. The change improves security and simplifies verification logic by validating keys directly rather than gating on user authentication state.

Changes

Email Verification Refactoring

Layer / File(s)	Summary
Verification key generation and model tests inc/models/class-customer.php, tests/WP_Ultimo/Models/Customer_Test.php	generate_verification_key() now uses wp_generate_password(32, false, false) instead of time-based seed encoding; docblock for get_verification_url() is reworded; test assertions tightened to enforce 32-character alphanumeric format; unused Hash import removed.
Email verification flow and key comparison inc/managers/class-customer-manager.php	maybe_verify_email_address() now immediately fails with "Invalid verification key" when customer cannot be resolved, removing prior authentication-required/login-redirect logic; key comparison changed from !== to hash_equals() for timing-safe validation.
Manager test coverage for verification flow tests/WP_Ultimo/Managers/Customer_Manager_Test.php	New tests verify verification succeeds when no customer is logged in and when a different user is logged in; helper methods create pending customers with keys and drive verification requests with proper request/user cleanup.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

origin:worker

Poem

🐰 A key so random, forty-eight bits bright,
No login walls—just hashing done right,
wp_generate_password brings forth the way,
Security strengthened, we celebrate today! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: allow logged-out email verification' directly and clearly summarizes the main change - enabling email verification for customers who are not logged in.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/email-verification-logged-out

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

[superdav42]

Summary

• Allow email verification links to verify pending customers without requiring the matching customer to be logged in.
• Compare verification keys with hash_equals() and generate new keys with random 32-character tokens.
• Add regression coverage for logged-out verification and sessions where another user/admin is logged in.

Verification

• vendor/bin/phpcs inc/managers/class-customer-manager.php inc/models/class-customer.php tests/WP_Ultimo/Managers/Customer_Manager_Test.php tests/WP_Ultimo/Models/Customer_Test.php
• vendor/bin/phpunit --filter Customer_Manager_Test
• vendor/bin/phpunit --filter Customer_Test
  PHPUnit emitted existing PHP 8.4 deprecation noise unrelated to this change.

---

---

Merged via PR #1285 to main.
Merged by deterministic merge pass (pulse-wrapper.sh).

---

aidevops.sh v3.19.5 spent 39s on this as a headless bash routine.

[github-actions]

Performance Test Results

Performance test results for 6967d8b are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run	DB Queries	Memory	Before Template	Template	WP Total	LCP	TTFB	LCP - TTFB
0	41	37.79 MB	923.00 ms (+25.50 ms / +3% )	156.50 ms (-30.50 ms / -19% )	1101.00 ms (+50.00 ms / +5% )	2060.00 ms (+114.00 ms / +6% )	1989.05 ms (+119.30 ms / +6% )	75.85 ms
1	56	49.13 MB	875.00 ms (-67.50 ms / -8% )	141.00 ms (-6.00 ms / -4% )	1016.50 ms (-72.00 ms / -7% )	2000.00 ms (-76.00 ms / -4% )	1926.10 ms (-76.65 ms / -4% )	72.10 ms