Ticket #9568: 9568.11.diff
File 9568.11.diff, 6.3 KB (added by , 9 years ago) |
---|
-
src/wp-includes/default-filters.php
diff --git src/wp-includes/default-filters.php src/wp-includes/default-filters.php index 1faa084..e9c6e6b 100644
add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' ); 341 341 342 342 // Default authentication filters 343 343 add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); 344 add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 ); 344 345 add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 ); 345 346 add_filter( 'determine_current_user', 'wp_validate_auth_cookie' ); 346 347 add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 ); -
src/wp-includes/pluggable.php
diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php index 922c3ae..b9f5f22 100644
if ( !function_exists('wp_authenticate') ) : 564 564 * 565 565 * @since 2.5.0 566 566 * 567 * @param string $username User's username 568 * @param string $password User's password 567 * @param string $username User's username or email address. 568 * @param string $password User's password. 569 569 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object. 570 570 */ 571 571 function wp_authenticate($username, $password) { … … function wp_authenticate($username, $password) { 589 589 if ( $user == null ) { 590 590 // TODO what should the error message be? (Or would these even happen?) 591 591 // Only needed if all authentication handlers fail to return anything. 592 $user = new WP_Error( 'authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));592 $user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username/email address or incorrect password.' ) ); 593 593 } 594 594 595 595 $ignore_codes = array('empty_username', 'empty_password'); -
src/wp-includes/user.php
diff --git src/wp-includes/user.php src/wp-includes/user.php index 656f710..ac1de6b 100644
function wp_authenticate_username_password($user, $username, $password) { 174 174 } 175 175 176 176 /** 177 * Authenticate the user using the email and password. 178 * 179 * @since 4.5.0 180 * 181 * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous 182 * callback failed authentication. 183 * @param string $email Email address for authentication. 184 * @param string $password Password for authentication. 185 * @return WP_User|WP_Error WP_User on success, WP_Error on failure. 186 */ 187 function wp_authenticate_email_password( $user, $email, $password ) { 188 if ( $user instanceof WP_User ) { 189 return $user; 190 } 191 192 if ( ! is_email( $email ) ) { 193 return $user; 194 } 195 196 if ( empty( $email ) || empty( $password ) ) { 197 if ( is_wp_error( $user ) ) { 198 return $user; 199 } 200 201 $error = new WP_Error(); 202 203 if ( empty( $email ) ) { 204 $error->add( 'empty_email', __( '<strong>ERROR</strong>: The username field is empty.' ) ); 205 } else { 206 $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) ); 207 } 208 209 return $error; 210 } 211 212 $user = get_user_by( 'email', $email ); 213 214 if ( ! $user ) { 215 return new WP_Error( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) ); 216 } 217 218 /** This filter is documented in wp-includes/user.php */ 219 $user = apply_filters( 'wp_authenticate_user', $user, $password ); 220 221 if ( is_wp_error( $user ) ) { 222 return $user; 223 } 224 225 if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) { 226 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email address <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 227 $email, wp_lostpassword_url() ) ); 228 } 229 230 return $user; 231 } 232 233 234 /** 177 235 * Authenticate the user using the WordPress auth cookie. 178 236 * 179 237 * @since 2.8.0 -
src/wp-login.php
diff --git src/wp-login.php src/wp-login.php index 06603ee..65519cc 100644
case 'retrievepassword' : 526 526 527 527 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> 528 528 <p> 529 <label for="user_login" ><?php _e('Username or Email:') ?><br />529 <label for="user_login" ><?php _e('Username or email') ?><br /> 530 530 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> 531 531 </p> 532 532 <?php … … default: 754 754 // If the user wants ssl but the session is not ssl, force a secure cookie. 755 755 if ( !empty($_POST['log']) && !force_ssl_admin() ) { 756 756 $user_name = sanitize_user($_POST['log']); 757 if ( $user = get_user_by('login', $user_name) ) { 757 $user = get_user_by( 'login', $user_name ); 758 759 if ( !$user ) { 760 $user = get_user_by( 'email', $user_name ); 761 } 762 763 if ( $user ) { 758 764 if ( get_user_option('use_ssl', $user->ID) ) { 759 765 $secure_cookie = true; 760 766 force_ssl_admin(true); … … default: 880 886 881 887 <form name="loginform" id="loginform" action="<?php echo esc_url( wp_login_url() ); ?>" method="post"> 882 888 <p> 883 <label for="user_login"><?php _e('Username ') ?><br />889 <label for="user_login"><?php _e('Username or email') ?><br /> 884 890 <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label> 885 891 </p> 886 892 <p> -
tests/phpunit/tests/auth.php
diff --git tests/phpunit/tests/auth.php tests/phpunit/tests/auth.php index c8aa6c6..ea696a6 100644
class Tests_Auth extends WP_UnitTestCase { 311 311 $check = check_password_reset_key( '', $this->user->user_login ); 312 312 $this->assertInstanceOf( 'WP_Error', $check ); 313 313 } 314 315 /** 316 * Ensure users can log in using both their username and their email address. 317 * 318 * @ticket 9568 319 */ 320 function test_log_in_using_email() { 321 $user_args = array( 322 'user_login' => 'johndoe', 323 'user_email' => 'mail@example.com', 324 'user_pass' => 'password', 325 ); 326 $this->factory->user->create( $user_args ); 327 328 $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ) ); 329 $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_login'], $user_args['user_pass'] ) ); 330 } 314 331 }