Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#20704 closed enhancement (wontfix)

New hook: login_init_xmlrpc

Reported by: aercolino's profile aercolino Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: XML-RPC Keywords:
Focuses: Cc:

Description

I've been writing an enhancement for my LoginDongle plugin, where I will use a query string param to allow an XML-RPC user to log in.

To do that, I had to subclass the wp_xmlrpc_server class with a method like the following and add a filter for wp_xmlrpc_server_class.

public function login($username, $password) 
{
	do_action('login_init_xmlrpc', $username);
	return parent::login($username, $password);
}

It would be nice to have that implemented in WP.

Change History (8)

#1 @aercolino
12 years ago

  • Cc cappuccino.e.cornetto@… added

#2 @markoheijnen
12 years ago

Can you explain why you want this? XML-RPC has a certain way it works. Don't get the addition.

Also you can use the filter 'authenticate' for it.

#3 @aercolino
12 years ago

I could use 'authenticate', but it's a bit too generic and it occurs on more places than I actually want to secure.

Currently, 'authenticate' covers form, cookie, xmlrpc and atompub logins. Previous versions of my plugin covered only form logins and I'm going to cover xmlrpc logins with the next version. I do not want to cover cookie logins and I think I do not need to cover atompub logins. Actually I'm not sure about the latter, but I do not know any popular client of atompub, do you?

So login_init_xmlrpc is a good solution for my problem. I don't know why there shouldn't be an init hook in all the logins. The reason I added the xmlrpc suffix is so that it doesn't clash with other possible handlers in other plugins. But if it was a new WP hook, I think it could be the usual login_init.

#4 @markoheijnen
12 years ago

I still say this ticket should be close as wont-fix. Reason is because you can use the authenticate filter and check if XMLRPC_REQUEST is defined.

#5 @aercolino
12 years ago

I certainly can live without a proper hook... that's why I labeled it a 'nice-to-have' feature.

On the other hand, I still think there should be an init hook in all the different types of login, otherwise the form login is unduly special in this case.

#6 @markoheijnen
12 years ago

  • Keywords close added

Well, I still don't really get what you really want. I believe with the current authenticate filter is good. You don't want to have a different login for every different login call. So that's a no-go.

Also your do_action is wrong since you don't pass the password.

#7 @aercolino
12 years ago

What do you mean with "is wrong"? It was MY action, as you observed... I make it the way I need it...

#8 @markoheijnen
12 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I'm fine that you only need a hook that passes only the username. Normally you would also expect the password.

I'm closing this ticket since there is only one type of login. Maybe two if you don't want that XML-RPC uses the same login. This is something that already can be done.

Note: See TracTickets for help on using tickets.