Make WordPress Core

Opened 2 years ago

Closed 20 months ago

#20704 closed enhancement (wontfix)

New hook: login_init_xmlrpc

Reported by: aercolino Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: XML-RPC Keywords:
Focuses: Cc:


I've been writing an enhancement for my LoginDongle plugin, where I will use a query string param to allow an XML-RPC user to log in.

To do that, I had to subclass the wp_xmlrpc_server class with a method like the following and add a filter for wp_xmlrpc_server_class.

public function login($username, $password) 
	do_action('login_init_xmlrpc', $username);
	return parent::login($username, $password);

It would be nice to have that implemented in WP.

Change History (8)

comment:1 aercolino2 years ago

  • Cc cappuccino.e.cornetto@… added

comment:2 markoheijnen22 months ago

Can you explain why you want this? XML-RPC has a certain way it works. Don't get the addition.

Also you can use the filter 'authenticate' for it.

comment:3 aercolino21 months ago

I could use 'authenticate', but it's a bit too generic and it occurs on more places than I actually want to secure.

Currently, 'authenticate' covers form, cookie, xmlrpc and atompub logins. Previous versions of my plugin covered only form logins and I'm going to cover xmlrpc logins with the next version. I do not want to cover cookie logins and I think I do not need to cover atompub logins. Actually I'm not sure about the latter, but I do not know any popular client of atompub, do you?

So login_init_xmlrpc is a good solution for my problem. I don't know why there shouldn't be an init hook in all the logins. The reason I added the xmlrpc suffix is so that it doesn't clash with other possible handlers in other plugins. But if it was a new WP hook, I think it could be the usual login_init.

comment:4 markoheijnen21 months ago

I still say this ticket should be close as wont-fix. Reason is because you can use the authenticate filter and check if XMLRPC_REQUEST is defined.

comment:5 aercolino21 months ago

I certainly can live without a proper hook... that's why I labeled it a 'nice-to-have' feature.

On the other hand, I still think there should be an init hook in all the different types of login, otherwise the form login is unduly special in this case.

comment:6 markoheijnen21 months ago

  • Keywords close added

Well, I still don't really get what you really want. I believe with the current authenticate filter is good. You don't want to have a different login for every different login call. So that's a no-go.

Also your do_action is wrong since you don't pass the password.

comment:7 aercolino20 months ago

What do you mean with "is wrong"? It was MY action, as you observed... I make it the way I need it...

comment:8 markoheijnen20 months ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I'm fine that you only need a hook that passes only the username. Normally you would also expect the password.

I'm closing this ticket since there is only one type of login. Maybe two if you don't want that XML-RPC uses the same login. This is something that already can be done.

Note: See TracTickets for help on using tickets.