Opened 7 years ago
Last modified 7 years ago
#40595 new defect (bug)
wp_authenticate_username_password() should respect WP_Error object generated by higher priorities
Reported by: | gilzow | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.7.4 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
If I've read through #19714 but believe this issue should be reopened. This issue affects anyone who needs to alter the normal authentication process by hooking into the authenticate filter at a high priority. Functions in the process flow should respect a WP_Error object if that is what it is handed, including wp_authenticate_username_password().
Expected Behavior
function hooks authenticate filter, assigns priority 10. Function invalidates authentication attempt and returns a WP_Error object. Authentication should fail and error message displayed to user.
Current Behavior
Function hooks authenticate filter, assigns priority 10. Function invalidates authentication attempt and returns a WP_Error object. wp_authenticate_username_password() ignores WP_Error object, attempts authentication and returns its own error message, or goes ahead and authenticates the user.
Functions could assign a priority less than 20 (i.e. 30), but then when will be required to decipher error codes and/or the user object to then determine if authentication should continue, after an authentication attempt has already been processed by wp_authenticate_username_password(), even if no authentication should have been attempted. In additon, if wp_authenticate_username_password() is not going to respect WP_Errors from higher priorities, why not assign it a priority of 1 and make it the very first item in the authentication process?