From 9cfd68bde3317dd77f49aaca38c6b5b7066dc99c Mon Sep 17 00:00:00 2001
From: Travis Weston <anubisthejackle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:20:56 -0400
Subject: [PATCH 1/7] WIP: issue-70


From 86222d11c460b1410e0bb5ac1e30f4841dc39e8d Mon Sep 17 00:00:00 2001
From: Travis Weston <anubisthejackle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 10:24:32 -0400
Subject: [PATCH 2/7] Remove unneccessary check. wp_verify_nonce validates
 empty nonce value

---
 src/alley/wp/alleyvate/features/class-login-nonce.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/alley/wp/alleyvate/features/class-login-nonce.php b/src/alley/wp/alleyvate/features/class-login-nonce.php
index 0761b466..57f80810 100644
--- a/src/alley/wp/alleyvate/features/class-login-nonce.php
+++ b/src/alley/wp/alleyvate/features/class-login-nonce.php
@@ -135,10 +135,7 @@ public static function action__pre_validate_login_nonce(): void {
 
 		$nonce = sanitize_key( $_POST[ self::NONCE_NAME ] ?? '' );
 
-		if (
-			! $nonce ||
-			! wp_verify_nonce( $nonce, self::NONCE_ACTION )
-		) {
+		if ( ! wp_verify_nonce( $nonce, self::NONCE_ACTION ) ) {
 			// This is a login with an invalid nonce. Throw an error.
 			http_response_code( 403 );
 			wp_die( 'Login attempt failed. Please try again.', 'Login Error' );

From 63ac7e1c3e74bef89c9d7a1404458228005e6779 Mon Sep 17 00:00:00 2001
From: Travis Weston <anubisthejackle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:27:48 -0400
Subject: [PATCH 3/7] Add refresh if page persisted

---
 .../alleyvate/features/class-login-nonce.php  | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/alley/wp/alleyvate/features/class-login-nonce.php b/src/alley/wp/alleyvate/features/class-login-nonce.php
index 57f80810..e89208c7 100644
--- a/src/alley/wp/alleyvate/features/class-login-nonce.php
+++ b/src/alley/wp/alleyvate/features/class-login-nonce.php
@@ -79,6 +79,15 @@ public static function add_no_store_to_login( $headers ): array {
 	 */
 	public static function action__add_meta_refresh(): void {
 		printf( '<meta http-equiv="refresh" content="%d">', esc_attr( (string) self::NONCE_TIMEOUT ) );
+		?>
+		<script>
+			window.addEventListener('pageshow', (event) => {
+				if (event.persisted) {
+					location.reload();
+				}
+			});
+		</script>
+		<?php
 	}
 
 	/**
@@ -99,16 +108,22 @@ public static function action__add_nonce_to_form(): void {
 	 * @see <https://github.com/WordPress/wordpress-develop/blob/94b70f1ae065f10937c22b2d4b180ceade1ddeee/src/wp-login.php#L482-L495>
 	 */
 	public static function action__add_nonce_life_filter(): void {
-		add_filter( 'nonce_life', [ __CLASS__, 'nonce_life_filter' ] );
+		add_filter( 'nonce_life', [ __CLASS__, 'nonce_life_filter' ], 10, 2 );
 		add_action( 'login_form', [ __CLASS__, 'action__add_nonce_to_form' ] );
 	}
 
 	/**
 	 * Filter the nonce timeout.
 	 *
+	 * @param int        $nonce_lifetime The lifetime of the nonce in seconds.
+	 * @param string|int $action The nonce action, or -1 if none was provided.
 	 * @return int
 	 */
-	public static function nonce_life_filter(): int {
+	public static function nonce_life_filter( $nonce_lifetime, $action ): int {
+		if ( self::NONCE_ACTION !== $action ) {
+			return $nonce_lifetime;
+		}
+
 		return self::NONCE_TIMEOUT;
 	}
 
@@ -131,7 +146,7 @@ public static function action__pre_validate_login_nonce(): void {
 		 * Nonce life is used to generate the nonce value. If this differs from the form,
 		 * the nonce will not validate.
 		 */
-		add_filter( 'nonce_life', [ __CLASS__, 'nonce_life_filter' ] );
+		add_filter( 'nonce_life', [ __CLASS__, 'nonce_life_filter' ], 10, 2 );
 
 		$nonce = sanitize_key( $_POST[ self::NONCE_NAME ] ?? '' );
 

From 714062a35fc80b9e5a7c55c2be46ed8d971455c8 Mon Sep 17 00:00:00 2001
From: Travis Weston <anubisthejackle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:27:58 -0400
Subject: [PATCH 4/7] Ready for review


From 8838aa0928d2a462b301beda961bc1f21ae513c9 Mon Sep 17 00:00:00 2001
From: Travis Weston <anubisthejackle@users.noreply.github.com>
Date: Wed, 16 Oct 2024 14:50:17 -0400
Subject: [PATCH 5/7] Add changelog record

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b1e3ca4..9fa69310 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 This library adheres to [Semantic Versioning](https://semver.org/) and [Keep a CHANGELOG](https://keepachangelog.com/en/1.0.0/).
 
+## Unreleased
+
+### Fixed
+
+* `login_nonce`: Fixed issue where loading cached version of login page would store invalid nonce.
+
 ## 3.4.0
 
 ### Changed

From 7586c8e4e17e652a16765127a6296f03c56aec24 Mon Sep 17 00:00:00 2001
From: Sean Fisher <srtfisher@gmail.com>
Date: Wed, 16 Oct 2024 16:07:35 -0400
Subject: [PATCH 6/7] Skip core

---
 .github/workflows/all-pr-tests.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/all-pr-tests.yml b/.github/workflows/all-pr-tests.yml
index 8b163f59..9b022a08 100644
--- a/.github/workflows/all-pr-tests.yml
+++ b/.github/workflows/all-pr-tests.yml
@@ -39,6 +39,7 @@ jobs:
         with:
           php-version: '${{ matrix.php }}'
           skip-audit: 'true'
-          skip-wordpress-install: 'true'
           wordpress-version: '${{ matrix.wordpress }}'
           wordpress-multisite: '${{ matrix.multisite }}'
+          skip-core-test-suite: 'true'
+          skip-wordpress-install: 'true'

From e89935a73b527476dc98ce6b8f40b25541fbab64 Mon Sep 17 00:00:00 2001
From: Sean Fisher <srtfisher@gmail.com>
Date: Wed, 16 Oct 2024 16:11:28 -0400
Subject: [PATCH 7/7] Testing CI