mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2025-10-16 12:05:38 +00:00
Authentication: Allow users to log in using their email address.
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`. Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90. Fixes #9568. git-svn-id: https://develop.svn.wordpress.org/trunk@36617 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90)
parent
cde3d4c399
commit
12cf07c669
@ -342,6 +342,7 @@ add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
|
||||
|
||||
// Default authentication filters
|
||||
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
|
||||
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
|
||||
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
|
||||
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
|
||||
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
|
||||
|
||||
@ -548,7 +548,7 @@ if ( !function_exists('wp_authenticate') ) :
|
||||
*
|
||||
* @since 2.5.0
|
||||
*
|
||||
* @param string $username User's username.
|
||||
* @param string $username User's username or email address.
|
||||
* @param string $password User's password.
|
||||
* @return WP_User|WP_Error WP_User object if the credentials are valid,
|
||||
* otherwise WP_Error.
|
||||
@ -575,7 +575,7 @@ function wp_authenticate($username, $password) {
|
||||
if ( $user == null ) {
|
||||
// TODO what should the error message be? (Or would these even happen?)
|
||||
// Only needed if all authentication handlers fail to return anything.
|
||||
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
|
||||
$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
|
||||
}
|
||||
|
||||
$ignore_codes = array('empty_username', 'empty_password');
|
||||
|
||||
@ -173,6 +173,78 @@ function wp_authenticate_username_password($user, $username, $password) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate the user using the email and password.
|
||||
*
|
||||
* @since 4.5.0
|
||||
*
|
||||
* @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
|
||||
* callback failed authentication.
|
||||
* @param string $email Email address for authentication.
|
||||
* @param string $password Password for authentication.
|
||||
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
|
||||
*/
|
||||
function wp_authenticate_email_password( $user, $email, $password ) {
|
||||
if ( $user instanceof WP_User ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if ( empty( $email ) || empty( $password ) ) {
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$error = new WP_Error();
|
||||
|
||||
if ( empty( $email ) ) {
|
||||
$error->add( 'empty_username', __( '<strong>ERROR</strong>: The email field is empty.' ) ); // Uses 'empty_username' for back-compat with wp_signon()
|
||||
}
|
||||
|
||||
if ( empty( $password ) ) {
|
||||
$error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );
|
||||
}
|
||||
|
||||
return $error;
|
||||
}
|
||||
|
||||
if ( ! is_email( $email ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$user = get_user_by( 'email', $email );
|
||||
|
||||
if ( ! $user ) {
|
||||
return new WP_Error( 'invalid_email',
|
||||
__( '<strong>ERROR</strong>: Invalid email address.' ) .
|
||||
' <a href="' . wp_lostpassword_url() . '">' .
|
||||
__( 'Lost your password?' ) .
|
||||
'</a>'
|
||||
);
|
||||
}
|
||||
|
||||
/** This filter is documented in wp-includes/user.php */
|
||||
$user = apply_filters( 'wp_authenticate_user', $user, $password );
|
||||
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
|
||||
return new WP_Error( 'incorrect_password',
|
||||
sprintf(
|
||||
/* translators: %s: email address */
|
||||
__( '<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.' ),
|
||||
'<strong>' . $email . '</strong>'
|
||||
) .
|
||||
' <a href="' . wp_lostpassword_url() . '">' .
|
||||
__( 'Lost your password?' ) .
|
||||
'</a>'
|
||||
);
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate the user using the WordPress auth cookie.
|
||||
*
|
||||
|
||||
@ -529,7 +529,7 @@ case 'retrievepassword' :
|
||||
|
||||
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
|
||||
<p>
|
||||
<label for="user_login" ><?php _e('Username or Email:') ?><br />
|
||||
<label for="user_login" ><?php _e('Username or Email') ?><br />
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
||||
</p>
|
||||
<?php
|
||||
@ -756,7 +756,13 @@ default:
|
||||
// If the user wants ssl but the session is not ssl, force a secure cookie.
|
||||
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
|
||||
$user_name = sanitize_user($_POST['log']);
|
||||
if ( $user = get_user_by('login', $user_name) ) {
|
||||
$user = get_user_by( 'login', $user_name );
|
||||
|
||||
if ( ! $user && strpos( $user_name, '@' ) ) {
|
||||
$user = get_user_by( 'email', $user_name );
|
||||
}
|
||||
|
||||
if ( $user ) {
|
||||
if ( get_user_option('use_ssl', $user->ID) ) {
|
||||
$secure_cookie = true;
|
||||
force_ssl_admin(true);
|
||||
@ -882,7 +888,7 @@ default:
|
||||
|
||||
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
|
||||
<p>
|
||||
<label for="user_login"><?php _e('Username') ?><br />
|
||||
<label for="user_login"><?php _e('Username or Email') ?><br />
|
||||
<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
|
||||
</p>
|
||||
<p>
|
||||
|
||||
@ -311,4 +311,21 @@ class Tests_Auth extends WP_UnitTestCase {
|
||||
$check = check_password_reset_key( '', $this->user->user_login );
|
||||
$this->assertInstanceOf( 'WP_Error', $check );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure users can log in using both their username and their email address.
|
||||
*
|
||||
* @ticket 9568
|
||||
*/
|
||||
function test_log_in_using_email() {
|
||||
$user_args = array(
|
||||
'user_login' => 'johndoe',
|
||||
'user_email' => 'mail@example.com',
|
||||
'user_pass' => 'password',
|
||||
);
|
||||
$this->factory->user->create( $user_args );
|
||||
|
||||
$this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ) );
|
||||
$this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_login'], $user_args['user_pass'] ) );
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user