Expire one-time login links

[danielbachhuber]

Currently, the one-time login link lasts for as long as the plugin is active. We should probably expire the link at some point.

[shaneonabike]

I see that there is a --delay-delete now so this actually is already implemented and the issue can be closed.

[danielbachhuber]

--delay-delete is actually a little different: it means the token is deleted in 15 minutes after use, not immediately after use. The token is still valid for an indefinite period of time.

This issue is meant to only make the token valid for a specific period of time.

[masakik]

Hi, I'm wondering if add an extra param to wp-cli --expiry=10, meaning that token will expire after 10 mins, independent of being used or not. It cam be achieved on function one_time_login_generate_tokens, using the same approach of delay-delete scheduling wp_schedule_single_event() for expiry time.
I can make a pull request with this, if interested.

[danielbachhuber]

@masakik Sure, I'd be open to a pull request for that!