Generate keys/salts locally and use WordPress.org API as fallback#25
Conversation
danielbachhuber
left a comment
There was a problem hiding this comment.
👍
Can you add some basic tests around ensuring that salts are correctly added to wp-config.php? You can use `wp config get --constant=`` to verify the existence of a constant after generation.
|
Thanks for your work on this @fjarrett
This will be fun to do with wp-cli/ideas#4 |
|
@fjarrett Looks like the original tests aren't quite passing: https://travis-ci.org/wp-cli/config-command/builds/260988991 Can you try running |
|
@danielbachhuber OK I guess |
| $assoc_args['secure-auth-salt'] = self::unique_key(); | ||
| $assoc_args['logged-in-salt'] = self::unique_key(); | ||
| $assoc_args['nonce-salt'] = self::unique_key(); | ||
| } catch ( Exception $e ) { |
There was a problem hiding this comment.
I don't follow this try ... catch logic. If random_int() doesn't exist, which it wouldn't on < PHP 7.0, my assumption is that you'd see a fatal error like we're seeing in the test.
Can you clarify why you're using try ... catch? Or, do we need to use function_exists() instead?
There was a problem hiding this comment.
@danielbachhuber Oh duh - my bad. I (wrongly) assumed the try/catch block used in core was to catch whether the random_int() was available, but you're right, obviously that would throw a uncatchable fatal!
I see now it's to catch something completely different:
If an appropriate source of randomness cannot be found, an Exception will be thrown.
So the try/catch is still needed, but you're right that a function_exists( 'random_int' ) should be here too.
|
👍 Thanks for your work on this @fjarrett |
Generate keys/salts, use API as fallback
Rather than using the WordPress.org for key/salt generation by default, it should be used as a fallback only when
random_int()(introduced in PHP 7) isn't available.Relying on an external service here just creates a network bottleneck in provisioning workflow times, and I believe the default behavior should avoid requiring a network connection at all.
In addition, using
--skip-saltswith--extra-phpis a little annoying because that placeholder in the mustache template is not able to insert keys/salts under the big commented area where they belong.Here were the averages I came up with after running each 5 times:
The HTTP request way
0.14s user 0.05s system 28% cpu 0.732 total
The Generate way
0.11s user 0.04s system 81% cpu 0.183 total
Obviously CPU goes up since we're crunching cryptographically-secure random numbers, but the total time difference is quite drastic at 500ms or more. Precious provisioning time :-)