search

mitcho / shibboleth

WordPress Shibboleth plugin
24 stars 23 forks source link

Problem with a fully numeric username. #26

Open ghost opened 7 years ago

ghost commented 7 years ago

Hello,

We are working to use Shibboleth plugin in our project and while testing mapping I noticed that numeric only username is not working correctly : The account get created the first time but the pluggin cannot get the user account on the second access.

               $username = $_SERVER[$shib_headers['username']['name']];
               $user = new WP_User($username);

By exemple, $username is '020201', the account exist (as seen through Wordpress admin) but new WP_User return a user 0 (not existing).

I investigated a bit and I think the problem is that new WP_User($username); and it's implementation is conflictual.

Usually the id (record id if I'm right) is the first parameter ( WP_User( $id [, $name [, $blog_id ] ] ); ) but there is a chunk of code in class-wp-user.php that redirect $id to $name if the parameter is not fully numeric (which make the call in Shibboleth works most of the time from what I understand). In our case, that means that Worpress try to find a user having the $id corresponding to the same value as $username.

                if ( ! empty( $id ) && ! is_numeric( $id ) ) {
                        $name = $id;
                        $id = 0;
                }

Is there a voluntary scenario where Shibboleth Pluggin would have to work with worpress table user id? Maybe it should always work with username? If it's the case, maybe the code should be changed to (the documentation talk about empty, not sure if it's null or string empty that should be used).:

$user = new WP_User('', $username);

We can patch the problem by prefixing our id with a non-numeric part (or similar solutions) or handle our own local patch but I would think that the Shibboleth plugin could be corrected for this relatively minor issue.

Someone has a take on this?

Thanks for the plugin!

ghost commented 7 years ago

Oups! Sorry, I just noticed that there is actually a pull request for this exact same problem (https://github.com/mitcho/shibboleth/pull/9).

michaelryanmcneill commented 6 years ago

Hello, thank you for reporting this issue. I released version 1.8 today to resolve this and other issues. I am the new maintainer of the plugin and all further work on the plugin will be done in a new GitHub repository. If you have any further issues, please don't hesitate to report them in the new repository.