Opened 12 years ago
Closed 12 years ago
#20704 closed enhancement (wontfix)
New hook: login_init_xmlrpc
Reported by: | aercolino | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3.2 |
Component: | XML-RPC | Keywords: | |
Focuses: | Cc: |
Description
I've been writing an enhancement for my LoginDongle plugin, where I will use a query string param to allow an XML-RPC user to log in.
To do that, I had to subclass the wp_xmlrpc_server class with a method like the following and add a filter for wp_xmlrpc_server_class.
public function login($username, $password) { do_action('login_init_xmlrpc', $username); return parent::login($username, $password); }
It would be nice to have that implemented in WP.
Change History (8)
#3
@
12 years ago
I could use 'authenticate', but it's a bit too generic and it occurs on more places than I actually want to secure.
Currently, 'authenticate' covers form, cookie, xmlrpc and atompub logins. Previous versions of my plugin covered only form logins and I'm going to cover xmlrpc logins with the next version. I do not want to cover cookie logins and I think I do not need to cover atompub logins. Actually I'm not sure about the latter, but I do not know any popular client of atompub, do you?
So login_init_xmlrpc
is a good solution for my problem. I don't know why there shouldn't be an init hook in all the logins. The reason I added the xmlrpc suffix is so that it doesn't clash with other possible handlers in other plugins. But if it was a new WP hook, I think it could be the usual login_init.
#4
@
12 years ago
I still say this ticket should be close as wont-fix. Reason is because you can use the authenticate filter and check if XMLRPC_REQUEST is defined.
#5
@
12 years ago
I certainly can live without a proper hook... that's why I labeled it a 'nice-to-have' feature.
On the other hand, I still think there should be an init hook in all the different types of login, otherwise the form login is unduly special in this case.
#6
@
12 years ago
- Keywords close added
Well, I still don't really get what you really want. I believe with the current authenticate filter is good. You don't want to have a different login for every different login call. So that's a no-go.
Also your do_action is wrong since you don't pass the password.
#7
@
12 years ago
What do you mean with "is wrong"? It was MY action, as you observed... I make it the way I need it...
#8
@
12 years ago
- Keywords close removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
I'm fine that you only need a hook that passes only the username. Normally you would also expect the password.
I'm closing this ticket since there is only one type of login. Maybe two if you don't want that XML-RPC uses the same login. This is something that already can be done.
Can you explain why you want this? XML-RPC has a certain way it works. Don't get the addition.
Also you can use the filter 'authenticate' for it.