Allow for custom authentication handlers for all requests.

Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-03-09 15:23:15 +00:00
parent de769c267f
commit acba3131d7
3 changed files with 43 additions and 6 deletions

View File

@ -300,5 +300,7 @@ add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
// Default authentication filters // Default authentication filters
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 ); add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
unset($filter, $action); unset($filter, $action);

View File

@ -97,14 +97,23 @@ function get_currentuserinfo() {
return false; return false;
} }
if ( ! $user = wp_validate_auth_cookie() ) { /**
if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) { * Determine the current user based on request data.
wp_set_current_user( 0 ); *
return false; * The default filters use this to determine the current user from the
} * request's cookies, if available.
*
* @since 3.9.0
*
* @param int|boolean $user_id User ID if determined, or false otherwise.
*/
$user_id = apply_filters( 'determine_current_user', false );
if ( ! $user_id ) {
wp_set_current_user( 0 );
return false;
} }
wp_set_current_user( $user ); wp_set_current_user( $user_id );
} }
endif; endif;

View File

@ -219,6 +219,32 @@ function wp_authenticate_spam_check( $user ) {
return $user; return $user;
} }
/**
* Validates logged in cookie.
*
* Checks the logged_in cookie if the previous auth cookie could not be
* validated and parsed.
*
* This is a callback for the determine_current_user filter, rather than API.
*
* @since 3.9.0
*
* @param int|boolean $user The user ID (or false) as received from the determine_current_user filter.
* @return int|boolean User ID if validated, or false otherwise. If it receives a user ID from
* an earlier filter callback, that value is returned.
*/
function wp_validate_logged_in_cookie( $user_id ) {
if ( $user_id ) {
return $user_id;
}
if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
return false;
}
return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
}
/** /**
* Number of posts user has written. * Number of posts user has written.
* *