WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 8 months ago

#22114 new feature request

Propagating password on change

Reported by: ChloeD Owned by:
Priority: normal Milestone: Awaiting Review
Component: Users Version: 3.4.2
Severity: normal Keywords: has-patch close 2nd-opinion
Cc: brad@…

Description

After creating an account or changing profile information, it is possible to intercept the changed data in a hook. However, this is not possible for the cleartext psasword, and this is a useful feature especially when propagating a password change over different accounts spanning across different systems (in contexts such as updating the password for phpBB, Prestashop, or any PAM thingie when the WordPress password is changed).

Since this feature is by no means possible to implement without core hacks, I am submitting a patch to include this feature in the WP core.

This patch proves useful if we are to integrate other software bricks without having to implement SSO using WordPress' architecture. In my context, I need to be able to log-in through WordPress or directly through the business specific back-end.

Proposed patch is attached.

Attachments (1)

patch-wordpress-users.patch (556 bytes) - added by ChloeD 9 months ago.
Patch (wp-includes/user.php) for propagating cleartext passwords through an action

Download all attachments as: .zip

Change History (8)

ChloeD9 months ago

Patch (wp-includes/user.php) for propagating cleartext passwords through an action

comment:1 scribu9 months ago

  • Keywords close added

With this change, it would be possible for any plugin to record the user's password without telling them about it. -1.

comment:2 ChloeD9 months ago

scribu: pretty much like any plugin can insert its own crap using content filters (and capture the password using $_POST if it has an admin_init hook) :/ Not a problem per se IMO.

comment:3 scribu9 months ago

True. Still, this hook encourages devs to mess with plaintext passwords, when there are possibly better alternatives.

comment:4 ChloeD9 months ago

  • Keywords 2nd-opinion added

As Rob Miller (on wp-hackers) said, "any plugin could access a user's plaintext password even now and has always been able to, by hooking into wp_login and then examining the POST variables".

Hence, I'd rather go for implementing it clearly, instead of doing it through hacks. Maybe another opinion would be useful? Instead of keeping stuff dirty, pushing them into the API is a better option, as whatever dirty or unsafe things devs will want to do, they'll be able to do no matter how much you restrict them from trying to do so.

comment:5 follow-up: scribu9 months ago

That's like saying "people are going to shoot themselves in the foot anyway, so we might as well give them some bullets."

comment:6 in reply to: ↑ 5 bradparbs8 months ago

Replying to scribu:

That's like saying "people are going to shoot themselves in the foot anyway, so we might as well give them some bullets."

+1 to this, I don't think we should encourage the ability to easily grab a plaintext password, ever.

comment:7 bradparbs8 months ago

  • Cc brad@… added
Note: See TracTickets for help on using tickets.