diff --git a/src/DDTrace/Integrations/WordPress/WordPressIntegration.php b/src/DDTrace/Integrations/WordPress/WordPressIntegration.php index afd79ccef02..ad3461bab36 100644 --- a/src/DDTrace/Integrations/WordPress/WordPressIntegration.php +++ b/src/DDTrace/Integrations/WordPress/WordPressIntegration.php @@ -55,9 +55,11 @@ public function init(): int \DDTrace\hook_method('WP', 'main', null, function ($This, $scope, $args) { if (\property_exists($This, 'did_permalink') && $This->did_permalink === true) { - if (function_exists('\datadog\appsec\push_address') && + if ( + function_exists('\datadog\appsec\push_address') && \property_exists($This, 'query_vars') && - function_exists('is_404') && is_404() === false) { + function_exists('is_404') && is_404() === false + ) { $parameters = $This->query_vars; if (count($parameters) > 0) { \datadog\appsec\push_address("server.request.path_params", $parameters); @@ -69,11 +71,18 @@ function_exists('is_404') && is_404() === false) { \DDTrace\hook_function( 'wp_authenticate', null, - function ($par, $retval) { + function ($args, $retval) { $userClass = '\WP_User'; + + $username = null; + + if (isset($args[0])) { + $username = $args[0]; + } + if (!($retval instanceof $userClass)) { //Login failed - if (!function_exists('\datadog\appsec\track_user_login_failure_event')) { + if (!function_exists('\datadog\appsec\track_user_login_failure_event_automated')) { return; } $errorClass = '\WP_Error'; @@ -82,14 +91,15 @@ function ($par, $retval) { is_array($retval->errors) && isset($retval->errors['incorrect_password']); - $usernameUsed = isset($_POST['log']) ? $_POST['log'] : ''; - \datadog\appsec\track_user_login_failure_event($usernameUsed, $exists, [], true); + \datadog\appsec\track_user_login_failure_event_automated($username, $username, $exists, []); return; } + //From this moment on, login is succesful - if (!function_exists('\datadog\appsec\track_user_login_success_event')) { + if (!function_exists('\datadog\appsec\track_user_login_success_event_automated')) { return; } + $data = \property_exists($retval, 'data') ? $retval->data : null; $id = \property_exists($data, 'ID') ? $data->ID : null; @@ -101,10 +111,11 @@ function ($par, $retval) { if (\property_exists($data, 'display_name')) { $metadata['name'] = $data->display_name; } - \datadog\appsec\track_user_login_success_event( + + \datadog\appsec\track_user_login_success_event_automated( + $username, $id, $metadata, - true ); } ); @@ -114,24 +125,31 @@ function ($par, $retval) { 'register_new_user', null, function ($args, $retval) { - if (!function_exists('\datadog\appsec\track_user_signup_event')) { + if (!function_exists('\datadog\appsec\track_user_signup_event_automated')) { return; } + $errorClass = '\WP_Error'; if ($retval instanceof $errorClass) { return; } + $metadata = []; + $login = null; + if (isset($args[0])) { $metadata['username'] = $args[0]; + $login = $args[0]; } + if (isset($args[1])) { $metadata['email'] = $args[1]; } - \datadog\appsec\track_user_signup_event( + + \datadog\appsec\track_user_signup_event_automated( + $login, $retval, - $metadata, - true + $metadata ); } ); diff --git a/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php b/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php index 54e04c3b0d7..d21c032792d 100644 --- a/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php +++ b/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php @@ -7,7 +7,7 @@ use DDTrace\Tests\Frameworks\Util\Request\GetSpec; use datadog\appsec\AppsecStatus; - /** +/** * @group appsec */ class AutomatedLoginEventsTestSuite extends AppsecTestCase @@ -28,21 +28,21 @@ public function testUserLoginSuccessEvent() $name = 'some name'; //Password is test $this->connection()->exec( - 'INSERT INTO '.$this->users_table.' VALUES ('.$id.',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","'.$email.'","","2020-10-22 16:31:15","",0,"'.$name.'")' + 'INSERT INTO ' . $this->users_table . ' VALUES (' . $id . ',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","' . $email . '","","2020-10-22 16:31:15","",0,"' . $name . '")' ); $spec = PostSpec::create('request', '/wp-login.php', [ 'Content-Type: application/x-www-form-urlencoded' ], "log=$email&pwd=$password&wp-submit=Log In"); - $this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]); + $this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]); $events = AppsecStatus::getInstance()->getEvents(['track_user_login_success_event']); $this->assertEquals(1, count($events)); + $this->assertEquals($email, $events[0]['userLogin']); $this->assertEquals($id, $events[0]['userId']); $this->assertEquals($email, $events[0]['metadata']['email']); $this->assertEquals($name, $events[0]['metadata']['name']); - $this->assertTrue($events[0]['automated']); } public function testUserLoginFailureEventWhenUserDoesNotExists() @@ -50,17 +50,17 @@ public function testUserLoginFailureEventWhenUserDoesNotExists() $email = 'non-existing@email.com'; $password = 'some password'; $spec = PostSpec::create('request', '/wp-login.php', [ - 'Content-Type: application/x-www-form-urlencoded' - ], "log=$email&pwd=$password&wp-submit=Log In"); + 'Content-Type: application/x-www-form-urlencoded' + ], "log=$email&pwd=$password&wp-submit=Log In"); - $this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]); + $this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]); $events = AppsecStatus::getInstance()->getEvents(['track_user_login_failure_event']); $this->assertEquals(1, count($events)); $this->assertEquals($email, $events[0]['userId']); + $this->assertEquals($email, $events[0]['userLogin']); $this->assertFalse($events[0]['exists']); $this->assertEmpty($events[0]['metadata']); - $this->assertTrue($events[0]['automated']); } public function testUserLoginFailureEventWhenUserDoesExists() @@ -71,21 +71,21 @@ public function testUserLoginFailureEventWhenUserDoesExists() $name = 'some name'; //Password is test $this->connection()->exec( - 'INSERT INTO '.$this->users_table.' VALUES ('.$id.',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","'.$email.'","","2020-10-22 16:31:15","",0,"'.$name.'")' + 'INSERT INTO ' . $this->users_table . ' VALUES (' . $id . ',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","' . $email . '","","2020-10-22 16:31:15","",0,"' . $name . '")' ); $spec = PostSpec::create('request', '/wp-login.php', [ 'Content-Type: application/x-www-form-urlencoded' ], "log=$email&pwd=invalid&wp-submit=Log In"); - $this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]); + $this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]); $events = AppsecStatus::getInstance()->getEvents(['track_user_login_failure_event']); $this->assertEquals(1, count($events)); $this->assertEquals($email, $events[0]['userId']); + $this->assertEquals($email, $events[0]['userLogin']); $this->assertTrue($events[0]['exists']); $this->assertEmpty($events[0]['metadata']); - $this->assertTrue($events[0]['automated']); } public function testUserSignUp() @@ -93,21 +93,21 @@ public function testUserSignUp() $email = 'test-user-signup@email.com'; $username = 'someusername'; - $this->call( - PostSpec::create('request', '/wp-login.php?action=register', [ - 'Content-Type: application/x-www-form-urlencoded' - ], "user_login=$username&user_email=$email&wp-submit=Register&redirect_to=") - ); + $this->call( + PostSpec::create('request', '/wp-login.php?action=register', [ + 'Content-Type: application/x-www-form-urlencoded' + ], "user_login=$username&user_email=$email&wp-submit=Register&redirect_to=") + ); - $users = $this->connection()->query("SELECT * FROM ".$this->users_table." where user_email='".$email."'")->fetchAll(); + $users = $this->connection()->query("SELECT * FROM " . $this->users_table . " where user_email='" . $email . "'")->fetchAll(); - $this->assertEquals(1, count($users)); + $this->assertEquals(1, count($users)); - $signUpEvent = AppsecStatus::getInstance()->getEvents(['track_user_signup_event']); + $signUpEvent = AppsecStatus::getInstance()->getEvents(['track_user_signup_event']); - $this->assertTrue($signUpEvent[0]['automated']); - $this->assertEquals($users[0]['ID'], $signUpEvent[0]['userId']); - $this->assertEquals($users[0]['user_login'], $signUpEvent[0]['metadata']['username']); - $this->assertEquals($users[0]['user_email'], $signUpEvent[0]['metadata']['email']); + $this->assertEquals($users[0]['ID'], $signUpEvent[0]['userId']); + $this->assertEquals($users[0]['user_login'], $signUpEvent[0]['userLogin']); + $this->assertEquals($users[0]['user_login'], $signUpEvent[0]['metadata']['username']); + $this->assertEquals($users[0]['user_email'], $signUpEvent[0]['metadata']['email']); } }