Problem/Motivation
In
π
UserAuth BC layer is not working for modules that use it to provide email based logins
Active
the calls to $uid = $this->userAuth->authenticate($form_state->getValue('name'), $password);
was removed
/UserLoginForm.php b/core/modules/user/src/Form/UserLoginForm.php
index e3df158e0f5146635b89bafaa8acbf76fa84e850..8fe696d15a53f7dd4a76f3702b0c5c538a123055 100644
--- a/core/modules/user/src/Form/UserLoginForm.php
+++ b/core/modules/user/src/Form/UserLoginForm.php
@@ -246,10 +246,10 @@ public function validateAuthentication(array &$form, FormStateInterface $form_st
if ($this->userAuth instanceof UserAuthenticationInterface) {
$form_state->set('uid', $this->userAuth->authenticateAccount($account, $password) ? $account->id() : FALSE);
}
- else {
- $uid = $this->userAuth->authenticate($form_state->getValue('name'), $password);
- $form_state->set('uid', $uid);
- }
+ }
+ elseif (!$this->userAuth instanceof UserAuthenticationInterface) {
+ $uid = $this->userAuth->authenticate($form_state->getValue('name'), $password);
+ $form_state->set('uid', $uid);
}
}
}
However this breaks modules that decorate the User.Auth service (without UserAuthenticationInterface)
Logic flow analysis of https://git.drupalcode.org/project/drupal/-/blob/77d19f7abb3875c41fb388d...
L203: Auth service does not implement new method.
L206-208: Account is loaded from old system as the username exists in the database
L213: Account exists and is active, enter the if block.
L246: Service does not implement UserAuthenticationInterface no call to authenticate
L250: This if check is superseded by the L213 check as the account existed and is valid, as such the fallback is never called.
Steps to reproduce
TFA 2.x dev branch installed
Any module that decorates the UserAuth service without implementing UserAuthenticationInterface and utilize real account names can be used to validate this.
Proposed resolution
TBD. This might be as simple as adding back the else condition that was removed above.
Remaining tasks
TBD
User interface changes
None
API changes
TBD
Data model changes
None
Release notes snippet
TBD