Ticket Navigation

Ticket #6675 (closed defect: fixed)

Opened 5 months ago

Last modified 4 months ago

wp-login.php refactoring makes it difficult to write an authentication plugin

Reported by:	dwc	Assigned to:	ryan
Priority:	normal	Milestone:	2.5.1
Component:	General	Version:	2.5
Severity:	normal	Keywords:
Cc:

Description

The refactoring of wp-login.php done for 2.5 for bug #5405 changed the behavior of the wp_authenticate plugin hook in a subtle but important way.

Previously (see, for example, http://trac.wordpress.org/browser/branches/2.3/wp-login.php#L287) the wp_authenticate hook ran by default when wp-login.php is accessed. It ran even in cases where the username or password field is blank.

In 2.5, the "silent" default case is to return a WP_Error object when the credentials are blank before wp_authenticate runs.

Plugins that wish to use the WordPress user store but rely on an external authentication mechanism (e.g. http-authentication) have little way of doing so now. They can plug into wp_validate_auth_cookie, but that's not as clean a solution.

If possible, could the previous behavior of the wp_authenticate hook be restored?

Alternatively, could another hook be added to restore this behavior? For example, a wp_signon hook could be added above the cookie check in wp-includes/user.php and authentication plugins could set the cookie themselves on successful authentication.

Attachments

reloc_wp_auth.diff (0.8 kB) - added by ryan on 04/14/08 21:31:16.: Move wp_authenticate action up

Change History

Download in other formats:

Ticket Navigation

Ticket #6675 (closed defect: fixed)

wp-login.php refactoring makes it difficult to write an authentication plugin

Description

Attachments

Change History

04/14/08 17:10:21 changed by dwc

04/14/08 21:21:15 changed by ryan

04/14/08 21:31:16 changed by ryan

04/14/08 21:32:16 changed by ryan

04/15/08 20:06:43 changed by dwc

04/16/08 04:48:53 changed by ryan

04/16/08 04:49:19 changed by ryan

Download in other formats: