Filter uncanny-automator-pro

automator_pro_auto_login_link_disable_security_check

Filters whether to disable the security check for auto-login links, allowing customization of this security measure.

add_filter( 'automator_pro_auto_login_link_disable_security_check', $callback, 10, 1 );

Description

Filters whether the security check for auto-login links is disabled. Return `true` to bypass the security check, allowing auto-login for any user. By default, the check is enabled. This hook provides granular control over auto-login link security.

Usage

add_filter( 'automator_pro_auto_login_link_disable_security_check', 'your_function_name', 10, 1 );

Parameters

$user_id (mixed)
This parameter is used to determine whether to disable security checks for the auto-login link.

Return Value

The filtered value.

Examples

/**
 * Disable the security check for auto-login links for specific user roles.
 *
 * This filter allows administrators to bypass the security check that prevents
 * administrators and editors from generating auto-login links. This might be
 * useful in testing environments or for specific internal workflows where
 * such links are intentionally needed for privileged users.
 *
 * @param bool $disable_security_check Whether to disable the security check. Defaults to false.
 * @param int  $user_id               The ID of the user for whom the auto-login link is being generated.
 * @return bool True if the security check should be disabled, false otherwise.
 */
add_filter( 'automator_pro_auto_login_link_disable_security_check', function( $disable_security_check, $user_id ) {

    // Get the current user ID if $user_id is not provided or is invalid.
    if ( ! $user_id || ! is_numeric( $user_id ) ) {
        $user_id = get_current_user_id();
    }

    // If the user is logged in and has a specific role (e.g., 'custom_manager'),
    // allow them to generate auto-login links even if they are administrators.
    if ( $user_id && user_can( $user_id, 'custom_manager' ) ) {
        return true; // Disable the security check for 'custom_manager' role.
    }

    // Otherwise, return the original value of the filter.
    return $disable_security_check;

}, 10, 2 );

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

uncanny-automator-pro/src/integrations/advanced/tokens/autologin-link-token.php:37

public function parse_integration_token( $return, $pieces, $recipe_id, $trigger_data, $user_id, $replace_args ) {

		$user_is_admin_or_editor = user_can( $user_id, 'editor' ) || user_can( $user_id, 'administrator' );

		$disable_security_check = apply_filters( 'automator_pro_auto_login_link_disable_security_check', false, $user_id );

		if ( false === $disable_security_check && $user_is_admin_or_editor ) {
			return esc_attr__( 'For security reasons, automatic login links cannot be generated for Administrator or Editor users.', 'uncanny-automator-pro' );
		}

		$unix_day = 24 * 60 * 60;

		$days_expired_in = 7;

		$days_expired_in = apply_filters_deprecated(
			'AUTOLOGINLINK_expires_in',
			array(
				$days_expired_in,
				get_user_by( 'ID', $user_id ),
			),
			'4.3',
			'automator_pro_auto_login_link_expires_in'
		); //phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase

		$days_expired_in = apply_filters( 'automator_pro_auto_login_link_expires_in', $days_expired_in, $user_id ); //phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase

		$hash = $this->generate_magic_hash();

		update_user_meta( $user_id, $hash, time() + ( $unix_day * $days_expired_in ) );

		return add_query_arg( 'ua_login', $hash, wp_login_url() );
	}
Scroll to Top