Make WordPress Core

Ticket #9568: 9568.11.diff

File 9568.11.diff, 6.3 KB (added by swissspidy, 8 years ago)
  • src/wp-includes/default-filters.php

    diff --git src/wp-includes/default-filters.php src/wp-includes/default-filters.php
    index 1faa084..e9c6e6b 100644
    add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' ); 
    341341
    342342// Default authentication filters
    343343add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
     344add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );
    344345add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
    345346add_filter( 'determine_current_user', 'wp_validate_auth_cookie'          );
    346347add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
  • src/wp-includes/pluggable.php

    diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
    index 922c3ae..b9f5f22 100644
    if ( !function_exists('wp_authenticate') ) : 
    564564 *
    565565 * @since 2.5.0
    566566 *
    567  * @param string $username User's username
    568  * @param string $password User's password
     567 * @param string $username User's username or email address.
     568 * @param string $password User's password.
    569569 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object.
    570570 */
    571571function wp_authenticate($username, $password) {
    function wp_authenticate($username, $password) { 
    589589        if ( $user == null ) {
    590590                // TODO what should the error message be? (Or would these even happen?)
    591591                // Only needed if all authentication handlers fail to return anything.
    592                 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
     592                $user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username/email address or incorrect password.' ) );
    593593        }
    594594
    595595        $ignore_codes = array('empty_username', 'empty_password');
  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 656f710..ac1de6b 100644
    function wp_authenticate_username_password($user, $username, $password) { 
    174174}
    175175
    176176/**
     177 * Authenticate the user using the email and password.
     178 *
     179 * @since 4.5.0
     180 *
     181 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
     182 *                                        callback failed authentication.
     183 * @param string                $email    Email address for authentication.
     184 * @param string                $password Password for authentication.
     185 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
     186 */
     187function wp_authenticate_email_password( $user, $email, $password ) {
     188        if ( $user instanceof WP_User ) {
     189                return $user;
     190        }
     191
     192        if ( ! is_email( $email ) ) {
     193                return $user;
     194        }
     195
     196        if ( empty( $email ) || empty( $password ) ) {
     197                if ( is_wp_error( $user ) ) {
     198                        return $user;
     199                }
     200
     201                $error = new WP_Error();
     202
     203                if ( empty( $email ) ) {
     204                        $error->add( 'empty_email', __( '<strong>ERROR</strong>: The username field is empty.' ) );
     205                } else {
     206                        $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );
     207                }
     208
     209                return $error;
     210        }
     211
     212        $user = get_user_by( 'email', $email );
     213
     214        if ( ! $user ) {
     215                return new WP_Error( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) );
     216        }
     217
     218        /** This filter is documented in wp-includes/user.php */
     219        $user = apply_filters( 'wp_authenticate_user', $user, $password );
     220
     221        if ( is_wp_error( $user ) ) {
     222                return $user;
     223        }
     224
     225        if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
     226                return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email address <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),
     227                        $email, wp_lostpassword_url() ) );
     228        }
     229
     230        return $user;
     231}
     232
     233
     234/**
    177235 * Authenticate the user using the WordPress auth cookie.
    178236 *
    179237 * @since 2.8.0
  • src/wp-login.php

    diff --git src/wp-login.php src/wp-login.php
    index 06603ee..65519cc 100644
    case 'retrievepassword' : 
    526526
    527527<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
    528528        <p>
    529                 <label for="user_login" ><?php _e('Username or Email:') ?><br />
     529                <label for="user_login" ><?php _e('Username or email') ?><br />
    530530                <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
    531531        </p>
    532532        <?php
    default: 
    754754        // If the user wants ssl but the session is not ssl, force a secure cookie.
    755755        if ( !empty($_POST['log']) && !force_ssl_admin() ) {
    756756                $user_name = sanitize_user($_POST['log']);
    757                 if ( $user = get_user_by('login', $user_name) ) {
     757                $user = get_user_by( 'login', $user_name );
     758
     759                if ( !$user ) {
     760                        $user = get_user_by( 'email', $user_name );
     761                }
     762
     763                if ( $user ) {
    758764                        if ( get_user_option('use_ssl', $user->ID) ) {
    759765                                $secure_cookie = true;
    760766                                force_ssl_admin(true);
    default: 
    880886
    881887<form name="loginform" id="loginform" action="<?php echo esc_url( wp_login_url() ); ?>" method="post">
    882888        <p>
    883                 <label for="user_login"><?php _e('Username') ?><br />
     889                <label for="user_login"><?php _e('Username or email') ?><br />
    884890                <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
    885891        </p>
    886892        <p>
  • tests/phpunit/tests/auth.php

    diff --git tests/phpunit/tests/auth.php tests/phpunit/tests/auth.php
    index c8aa6c6..ea696a6 100644
    class Tests_Auth extends WP_UnitTestCase { 
    311311                $check = check_password_reset_key( '', $this->user->user_login );
    312312                $this->assertInstanceOf( 'WP_Error', $check );
    313313        }
     314
     315        /**
     316         * Ensure users can log in using both their username and their email address.
     317         *
     318         * @ticket 9568
     319         */
     320        function test_log_in_using_email() {
     321                $user_args = array(
     322                        'user_login' => 'johndoe',
     323                        'user_email' => 'mail@example.com',
     324                        'user_pass'  => 'password',
     325                );
     326                $this->factory->user->create( $user_args );
     327
     328                $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ) );
     329                $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_login'], $user_args['user_pass'] ) );
     330        }
    314331}