Add a filter hook to manipulate $user_data variable on retrieve_password() function

[marcelo2605]

WordPress Core allow to add custom validation methods to login form. Wondering if we can do the same on lost password form.

Add a filter hook to manipulate $user_data variable on retrieve_password() function to allow custom validation methods.

Trac ticket: https://core.trac.wordpress.org/ticket/51924

Hi @marcelo2605! 👋

Thank you for your contribution to WordPress! 💖

It looks like this is your first pull request to wordpress-develop. Here are a few things to be aware of that may help you out!

No one monitors this repository for new pull requests. Pull requests must be attached to a Trac ticket to be considered for inclusion in WordPress Core. To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description.

Pull requests are never merged on GitHub. The WordPress codebase continues to be managed through the SVN repository that this GitHub repository mirrors. Please feel free to open pull requests to work on any contribution you are making.

More information about how GitHub pull requests can be used to contribute to WordPress can be found in ​this blog post.

Please include automated tests. Including tests in your pull request is one way to help your patch be considered faster. To learn about WordPress' test suites, visit the ​Automated Testing page in the handbook.

If you have not had a chance, please review the ​Contribute with Code page in the ​WordPress Core Handbook.

The ​Developer Hub also documents the various ​coding standards that are followed:

• ​PHP Coding Standards
• ​CSS Coding Standards
• ​HTML Coding Standards
• ​JavaScript Coding Standards
• ​Accessibility Coding Standards
• ​Inline Documentation Standards

Thank you,
The WordPress Project

[johnbillion]

Thanks for the ticket and the PR @marcelo2605.

• Could you describe a use case for this filter please? It looks useful, but knowing a real use case will help decide if this is the preferred approach.
• What's the filter you're referring to when you say "WordPress Core allow to add custom validation methods to login form" ? I ask because it appears that no other filters in core directly pass in $_POST as a parameter, and hopefully this filter can use a similar pattern to the other that you're referring to.

[marcelo2605]

Thanky for the reply @johnbillion!

I'm working on a website where most of the target audience doesn't have an email account and for them we will use SMS notifications. So, in the register form, I created a field to store the phone number and, internally, I generate a fake email address using this phone number and the webiste domain.

To authenticate the phone number in the login form, I'm using the ​authenticate filter, receiving the phone number in the $username variable.

But I need a similar filter to validate the phone number in the lost password form. That why I'm doing this suggestion. I recognize that is a specific situation, but I believe this filter could give more control over the lost password form.

Regarding the $_POST, I made a new commit removing it from the filter hook.

@marcelo2605 I've added the $errors object to the filter otherwise there's no way to know of any existing error during this filter. This can be used in conjunction with the lostpassword_errors filter to remove an error from the error object if necessary.

[johnbillion]

In 49945:

Login and Registration: Introduce the lostpassword_user_data filter which allows for the user data object during a password reset request to be filtered.

Props marcelo2605

Fixes #51924

https://core.trac.wordpress.org/changeset/49945

Makes sense @johnbillion. Thanks for the improvement.

[audrasjb]

It would be nice to mention this change in the Miscellaneous Changes dev note.

[audrasjb]

Dev note published: ​https://make.wordpress.org/core/2021/02/16/login-registration-screens-changes-in-wordpress-5-7/