[wp-trac] [WordPress Trac] #40595: wp_authenticate_username_password() should respect WP_Error object generated by higher priorities

WordPress Trac noreply at wordpress.org
Fri Apr 28 13:46:55 UTC 2017 

#40595: wp_authenticate_username_password() should respect WP_Error object
generated by higher priorities
------------------------------------+-----------------------------
 Reporter:  gilzow                  |      Owner:
     Type:  defect (bug)            |     Status:  new
 Priority:  normal                  |  Milestone:  Awaiting Review
Component:  Login and Registration  |    Version:  4.7.4
 Severity:  normal                  |   Keywords:
  Focuses:                          |
------------------------------------+-----------------------------
 If I've read through [https://core.trac.wordpress.org/ticket/19714] but
 believe this issue should be reopened.  This issue affects anyone who
 needs to alter the normal authentication process by hooking into the
 authenticate filter at a high priority.  Functions in the process flow
 should respect a WP_Error object if that is what it is handed, including
 wp_authenticate_username_password().

 '''Expected Behavior'''
 function hooks ''authenticate'' filter, assigns priority 10. Function
 invalidates authentication attempt and returns a WP_Error object.
 Authentication should fail and error message displayed to user.

 '''Current Behavior'''
 Function hooks ''authenticate'' filter, assigns priority 10. Function
 invalidates authentication attempt and returns a WP_Error object.
 wp_authenticate_username_password() ignores WP_Error object, attempts
 authentication and returns its own error message, or goes ahead and
 authenticates the user.

 Functions could assign a priority less than 20 (i.e. 30), but then when
 will be required to decipher error codes and/or the user object to then
 determine if authentication should continue, '''after''' an authentication
 attempt has already been processed by
 wp_authenticate_username_password(), even if no authentication should have
 been attempted.  In additon, if wp_authenticate_username_password() is not
 going to respect WP_Errors from higher priorities, why not assign it a
 priority of 1 and make it the very first item in the authentication
 process?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40595>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list