Changeset 57990

Timestamp:

04/13/2024 04:31:55 PM (11 months ago)

Author:

SergeyBiryukov

Message:

Users: Account for returning false from the authenticate filter.

While technically only null, WP_User, or WP_Error should be returned from the authenticate filter, a plugin might return boolean false instead, which would trigger the authentication_failed error prior to [57882].

This commit aims to preserve that behavior in case false is returned.

Follow-up to [57882].

Props johnbillion.
See #60700.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (1 diff)
• tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/src/wp-includes/pluggable.php

@@ -618 +618 @@
         $user = apply_filters( 'authenticate', null, $username, $password );
 
-        if ( null === $user ) {
+        if ( null === $user || false === $user ) {
             /*
              * TODO: What should the error message be? (Or would these even happen?)

trunk/tests/phpunit/tests/auth.php

@@ -435 +435 @@
 
     /**
+     * @ticket 60700
+     */
+    public function test_authenticate_filter() {
+        add_filter( 'authenticate', '__return_null', 20 );
+        $this->assertInstanceOf( 'WP_Error', wp_authenticate( self::USER_LOGIN, self::USER_PASS ) );
+        add_filter( 'authenticate', '__return_false', 20 );
+        $this->assertInstanceOf( 'WP_Error', wp_authenticate( self::USER_LOGIN, self::USER_PASS ) );
+    }
+
+    /**
      * @ticket 36476
      */