Make WordPress Core

Changeset 36617


Ignore:
Timestamp:
02/22/2016 11:14:27 PM (8 years ago)
Author:
ocean90
Message:

Authentication: Allow users to log in using their email address.

Introduces wp_authenticate_email_password() which is hooked into authenticate after wp_authenticate_username_password().

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/default-filters.php

    r36341 r36617  
    343343// Default authentication filters
    344344add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
     345add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );
    345346add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
    346347add_filter( 'determine_current_user', 'wp_validate_auth_cookie'          );
  • trunk/src/wp-includes/pluggable.php

    r36588 r36617  
    549549 * @since 2.5.0
    550550 *
    551  * @param string $username User's username.
     551 * @param string $username User's username or email address.
    552552 * @param string $password User's password.
    553553 * @return WP_User|WP_Error WP_User object if the credentials are valid,
     
    576576        // TODO what should the error message be? (Or would these even happen?)
    577577        // Only needed if all authentication handlers fail to return anything.
    578         $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
     578        $user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
    579579    }
    580580
  • trunk/src/wp-includes/user.php

    r36501 r36617  
    164164                __( '<strong>ERROR</strong>: The password you entered for the username %s is incorrect.' ),
    165165                '<strong>' . $username . '</strong>'
     166            ) .
     167            ' <a href="' . wp_lostpassword_url() . '">' .
     168            __( 'Lost your password?' ) .
     169            '</a>'
     170        );
     171    }
     172
     173    return $user;
     174}
     175
     176/**
     177 * Authenticate the user using the email and password.
     178 *
     179 * @since 4.5.0
     180 *
     181 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
     182 *                                        callback failed authentication.
     183 * @param string                $email    Email address for authentication.
     184 * @param string                $password Password for authentication.
     185 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
     186 */
     187function wp_authenticate_email_password( $user, $email, $password ) {
     188    if ( $user instanceof WP_User ) {
     189        return $user;
     190    }
     191
     192    if ( empty( $email ) || empty( $password ) ) {
     193        if ( is_wp_error( $user ) ) {
     194            return $user;
     195        }
     196
     197        $error = new WP_Error();
     198
     199        if ( empty( $email ) ) {
     200            $error->add( 'empty_username', __( '<strong>ERROR</strong>: The email field is empty.' ) ); // Uses 'empty_username' for back-compat with wp_signon()
     201        }
     202
     203        if ( empty( $password ) ) {
     204            $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );
     205        }
     206
     207        return $error;
     208    }
     209
     210    if ( ! is_email( $email ) ) {
     211        return $user;
     212    }
     213
     214    $user = get_user_by( 'email', $email );
     215
     216    if ( ! $user ) {
     217        return new WP_Error( 'invalid_email',
     218            __( '<strong>ERROR</strong>: Invalid email address.' ) .
     219            ' <a href="' . wp_lostpassword_url() . '">' .
     220            __( 'Lost your password?' ) .
     221            '</a>'
     222        );
     223    }
     224
     225    /** This filter is documented in wp-includes/user.php */
     226    $user = apply_filters( 'wp_authenticate_user', $user, $password );
     227
     228    if ( is_wp_error( $user ) ) {
     229        return $user;
     230    }
     231
     232    if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
     233        return new WP_Error( 'incorrect_password',
     234            sprintf(
     235                /* translators: %s: email address */
     236                __( '<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.' ),
     237                '<strong>' . $email . '</strong>'
    166238            ) .
    167239            ' <a href="' . wp_lostpassword_url() . '">' .
  • trunk/src/wp-login.php

    r36487 r36617  
    530530<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
    531531    <p>
    532         <label for="user_login" ><?php _e('Username or Email:') ?><br />
     532        <label for="user_login" ><?php _e('Username or Email') ?><br />
    533533        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
    534534    </p>
     
    757757    if ( !empty($_POST['log']) && !force_ssl_admin() ) {
    758758        $user_name = sanitize_user($_POST['log']);
    759         if ( $user = get_user_by('login', $user_name) ) {
     759        $user = get_user_by( 'login', $user_name );
     760
     761        if ( ! $user && strpos( $user_name, '@' ) ) {
     762            $user = get_user_by( 'email', $user_name );
     763        }
     764
     765        if ( $user ) {
    760766            if ( get_user_option('use_ssl', $user->ID) ) {
    761767                $secure_cookie = true;
     
    883889<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
    884890    <p>
    885         <label for="user_login"><?php _e('Username') ?><br />
     891        <label for="user_login"><?php _e('Username or Email') ?><br />
    886892        <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
    887893    </p>
  • trunk/tests/phpunit/tests/auth.php

    r35224 r36617  
    312312        $this->assertInstanceOf( 'WP_Error', $check );
    313313    }
     314
     315    /**
     316     * Ensure users can log in using both their username and their email address.
     317     *
     318     * @ticket 9568
     319     */
     320    function test_log_in_using_email() {
     321        $user_args = array(
     322            'user_login' => 'johndoe',
     323            'user_email' => 'mail@example.com',
     324            'user_pass'  => 'password',
     325        );
     326        $this->factory->user->create( $user_args );
     327
     328        $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ) );
     329        $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_login'], $user_args['user_pass'] ) );
     330    }
    314331}
Note: See TracChangeset for help on using the changeset viewer.