change credential check to work more like other events

2009-11-10 14:45:19 -05:00 · 2009-11-10 14:45:19 -05:00 · 923fa068a6
parent 7ae10c27b0
commit 923fa068a6
2 changed files with 17 additions and 40 deletions
--- a/EVENTS.txt
+++ b/EVENTS.txt
@ -481,13 +481,15 @@ EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
 - $action: the current action
 - &$xrdsoutputter - XRDSOutputter object to write to

-CheckPassword: Check a username/password
+StartCheckPassword: Check a username/password
 - $nickname: The nickname to check
 - $password: The password to check
- &$authenticated: set to true to indicate authentication succeeded.
+- &$authenticatedUser: set to User object if credentials match a user.

-AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database.
- $nickname: The nickname to register
+EndCheckPassword: After checking a username/password pair
+- $nickname: The nickname that was checked
+- $password: The password that was checked
+- $authenticatedUser: User object if credentials match a user, else null.

 ChangePassword: Handle a password change request
 - $nickname: user's nickname
--- a/lib/util.php
+++ b/lib/util.php
@ -116,51 +116,26 @@ function common_munge_password($password, $id)
 }

 // check if a username exists and has matching password
+
 function common_check_user($nickname, $password)
 {
-    $authenticated = false;
-    $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
-    $user = User::staticGet('nickname', $nickname);
-    if (is_null($user) || $user === false) {
-        //user does not exist
-        if($authenticated){
-            //a handler said these are valid credentials, so see if a plugin wants to auto register the user
-            if(Event::handle('AutoRegister', array($nickname))){
-                //no handler registered the user
-                return false;
-            }else{
-                $user = User::staticGet('nickname', $nickname);
-                if (is_null($user) || $user === false) {
-                    common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
-                    return false;
-                }else{
-                    return $user;
-                }
-            }
-        }else{
-            //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
-            return false;
-        }
-    } else {
-        if($eventResult && ! $authenticated){
-            //no handler was authoritative
-            if (mb_strlen($password) == 0) {
-                // NEVER allow blank passwords, even if they match the DB
-                return false;
-            }else{
+    $authenticatedUser = false;
+
+    if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
+        $user = User::staticGet('nickname', $nickname);
+        if (!empty($user)) {
+            if (!empty($password)) { // never allow login with blank password
                if (0 == strcmp(common_munge_password($password, $user->id),
                                $user->password)) {
                    //internal checking passed
-                    $authenticated = true;
+                    $authenticatedUser =& $user;
                }
            }
        }
-        if($authenticated){
-            return $user;
-        } else {
-            return false;
-        }
+        Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
    }
+
+    return $authenticatedUser;
 }

 // is the current user logged in?