[wp-trac] [WordPress Trac] #40595: wp_authenticate_username_password() should respect WP_Error object generated by higher priorities
WordPress Trac
noreply at wordpress.org
Fri Apr 28 13:59:40 UTC 2017
#40595: wp_authenticate_username_password() should respect WP_Error object
generated by higher priorities
------------------------------------+------------------------------
Reporter: gilzow | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.7.4
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------+------------------------------
Description changed by SergeyBiryukov:
Old description:
> If I've read through [https://core.trac.wordpress.org/ticket/19714] but
> believe this issue should be reopened. This issue affects anyone who
> needs to alter the normal authentication process by hooking into the
> authenticate filter at a high priority. Functions in the process flow
> should respect a WP_Error object if that is what it is handed, including
> wp_authenticate_username_password().
>
> '''Expected Behavior'''
> function hooks ''authenticate'' filter, assigns priority 10. Function
> invalidates authentication attempt and returns a WP_Error object.
> Authentication should fail and error message displayed to user.
>
> '''Current Behavior'''
> Function hooks ''authenticate'' filter, assigns priority 10. Function
> invalidates authentication attempt and returns a WP_Error object.
> wp_authenticate_username_password() ignores WP_Error object, attempts
> authentication and returns its own error message, or goes ahead and
> authenticates the user.
>
> Functions could assign a priority less than 20 (i.e. 30), but then when
> will be required to decipher error codes and/or the user object to then
> determine if authentication should continue, '''after''' an
> authentication attempt has already been processed by
> wp_authenticate_username_password(), even if no authentication should
> have been attempted. In additon, if wp_authenticate_username_password()
> is not going to respect WP_Errors from higher priorities, why not assign
> it a priority of 1 and make it the very first item in the authentication
> process?
New description:
If I've read through #19714 but believe this issue should be reopened.
This issue affects anyone who needs to alter the normal authentication
process by hooking into the authenticate filter at a high priority.
Functions in the process flow should respect a WP_Error object if that is
what it is handed, including wp_authenticate_username_password().
'''Expected Behavior'''
function hooks ''authenticate'' filter, assigns priority 10. Function
invalidates authentication attempt and returns a WP_Error object.
Authentication should fail and error message displayed to user.
'''Current Behavior'''
Function hooks ''authenticate'' filter, assigns priority 10. Function
invalidates authentication attempt and returns a WP_Error object.
wp_authenticate_username_password() ignores WP_Error object, attempts
authentication and returns its own error message, or goes ahead and
authenticates the user.
Functions could assign a priority less than 20 (i.e. 30), but then when
will be required to decipher error codes and/or the user object to then
determine if authentication should continue, '''after''' an authentication
attempt has already been processed by
wp_authenticate_username_password(), even if no authentication should have
been attempted. In additon, if wp_authenticate_username_password() is not
going to respect WP_Errors from higher priorities, why not assign it a
priority of 1 and make it the very first item in the authentication
process?
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40595#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list