Add 'shibboleth_authenticate_user' filter.

[boonebgorges]

Hi @mitcho!

I have a use case where I'd like to reject or allow authentication (for new or existing users) based on a custom header sent by the Shibboleth Apache module. There's no natural place in the plugin to intervene in the auth process, so I've introduced a new filter. My callback will look like this:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = false;
    }
    return $auth;
} );

Thanks for considering!

[boonebgorges]

On second thought, a better idea is to pass through the value returned by the filter, so that you can provide a WP_Error to WP's auth functions. See 1794eb2. New example:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = new WP_Error( 'cannot_authenticate', 'The user could not be authenticated for reasons Foo and Bar', $username );
    }
    return $auth;
} );

[jrchamp]

👍 This seems like a more user-friendly way of limiting access than using .htaccess

[michaelryanmcneill]

Thanks for submitting this patch @boonebgorges. While I expect this is a little late, I released version 1.8 today to resolve this and other issues and included a shoutout for your patch. I am the new maintainer of the plugin and all further work on the plugin will be done in a new GitHub repository. If you have any further issues, please don't hesitate to report them in the new repository.

[boonebgorges]

@michaelryanmcneill This sounds good. Thanks for following up!