Changeset 27484

Timestamp:

03/09/2014 03:22:13 PM (9 years ago)

Author:

nacin

Message:

Allow for custom authentication handlers for all requests.

Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Location:

trunk/src/wp-includes

Files:

• default-filters.php (modified) (1 diff)
• pluggable.php (modified) (1 diff)
• user.php (modified) (1 diff)

trunk/src/wp-includes/default-filters.php

@@ -301 +301 @@
 add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
 add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
+add_filter( 'determine_current_user', 'wp_validate_auth_cookie'          );
+add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
 
 unset($filter, $action);

trunk/src/wp-includes/pluggable.php

@@ -98 +98 @@
     }
 
-    if ( ! $user = wp_validate_auth_cookie() ) {
-         if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) {
-            wp_set_current_user( 0 );
-            return false;
-         }
-    }
-
-    wp_set_current_user( $user );
+    /**
+     * Determine the current user based on request data.
+     *
+     * The default filters use this to determine the current user from the
+     * request's cookies, if available.
+     *
+     * @since 3.9.0
+     *
+     * @param int|boolean $user_id User ID if determined, or false otherwise.
+     */
+    $user_id = apply_filters( 'determine_current_user', false );
+    if ( ! $user_id ) {
+        wp_set_current_user( 0 );
+        return false;
+    }
+
+    wp_set_current_user( $user_id );
 }
 endif;

trunk/src/wp-includes/user.php

@@ -218 +218 @@
     }
     return $user;
+}
+
+/**
+ * Validates logged in cookie.
+ *
+ * Checks the logged_in cookie if the previous auth cookie could not be
+ * validated and parsed.
+ *
+ * This is a callback for the determine_current_user filter, rather than API.
+ *
+ * @since 3.9.0
+ *
+ * @param int|boolean $user The user ID (or false) as received from the determine_current_user filter.
+ * @return int|boolean User ID if validated, or false otherwise. If it receives a user ID from
+ *                     an earlier filter callback, that value is returned.
+ */
+function wp_validate_logged_in_cookie( $user_id ) {
+    if ( $user_id ) {
+        return $user_id;
+    }
+
+    if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
+        return false;
+    }
+
+    return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
 }