From 517de7ea31857132561dfb97c0a0c9ab9324cfcc Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Sun, 9 Mar 2014 15:22:13 +0000
Subject: [PATCH] Allow for custom authentication handlers for all requests.

Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.


git-svn-id: https://develop.svn.wordpress.org/trunk@27484 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/default-filters.php |  2 ++
 src/wp-includes/pluggable.php       | 21 +++++++++++++++------
 src/wp-includes/user.php            | 26 ++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
index 88a92d018e..a027155002 100644
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@@ -300,5 +300,7 @@ add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
 // Default authentication filters
 add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
 add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
+add_filter( 'determine_current_user', 'wp_validate_auth_cookie'          );
+add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
 
 unset($filter, $action);
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 9fe26d518a..1f0723fe7c 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -97,14 +97,23 @@ function get_currentuserinfo() {
 		return false;
 	}
 
-	if ( ! $user = wp_validate_auth_cookie() ) {
-		 if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) {
-		 	wp_set_current_user( 0 );
-		 	return false;
-		 }
+	/**
+	 * Determine the current user based on request data.
+	 *
+	 * The default filters use this to determine the current user from the
+	 * request's cookies, if available.
+	 *
+	 * @since 3.9.0
+	 *
+	 * @param int|boolean $user_id User ID if determined, or false otherwise.
+	 */
+	$user_id = apply_filters( 'determine_current_user', false );
+	if ( ! $user_id ) {
+		wp_set_current_user( 0 );
+		return false;
 	}
 
-	wp_set_current_user( $user );
+	wp_set_current_user( $user_id );
 }
 endif;
 
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index d4392cd2fa..453eaa75cf 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -219,6 +219,32 @@ function wp_authenticate_spam_check( $user ) {
 	return $user;
 }
 
+/**
+ * Validates logged in cookie.
+ *
+ * Checks the logged_in cookie if the previous auth cookie could not be
+ * validated and parsed.
+ *
+ * This is a callback for the determine_current_user filter, rather than API.
+ *
+ * @since 3.9.0
+ *
+ * @param int|boolean $user The user ID (or false) as received from the determine_current_user filter.
+ * @return int|boolean User ID if validated, or false otherwise. If it receives a user ID from
+ *                     an earlier filter callback, that value is returned.
+ */
+function wp_validate_logged_in_cookie( $user_id ) {
+	if ( $user_id ) {
+		return $user_id;
+	}
+
+	if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
+		return false;
+	}
+
+	return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
+}
+
 /**
  * Number of posts user has written.
  *