Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 'shibboleth_authenticate_user' filter. #29

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

boonebgorges
Copy link

Hi @mitcho!

I have a use case where I'd like to reject or allow authentication (for new or existing users) based on a custom header sent by the Shibboleth Apache module. There's no natural place in the plugin to intervene in the auth process, so I've introduced a new filter. My callback will look like this:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = false;
    }
    return $auth;
} );

Thanks for considering!

This filter allows plugins to short-circuit the authentication of
existing users and/or the provisioning of new users, based on whatever
criteria they'd like.
Instead of returning `null` back to WP's authentication function, return
the filtered value.
@boonebgorges
Copy link
Author

On second thought, a better idea is to pass through the value returned by the filter, so that you can provide a WP_Error to WP's auth functions. See 1794eb2. New example:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = new WP_Error( 'cannot_authenticate', 'The user could not be authenticated for reasons Foo and Bar', $username );
    }
    return $auth;
} );

@jrchamp
Copy link
Contributor

jrchamp commented Sep 1, 2016

👍 This seems like a more user-friendly way of limiting access than using .htaccess

@michaelryanmcneill
Copy link

Thanks for submitting this patch @boonebgorges. While I expect this is a little late, I released version 1.8 today to resolve this and other issues and included a shoutout for your patch. I am the new maintainer of the plugin and all further work on the plugin will be done in a new GitHub repository. If you have any further issues, please don't hesitate to report them in the new repository.

@boonebgorges
Copy link
Author

@michaelryanmcneill This sounds good. Thanks for following up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants