+ } else {
+ return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
+ }
+
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
+ }
+
+ /**
+ * Try to obtain a user ID via "authenticate" hook addons
+ *
+ * Returns the user id associated with a successful password authentication
+ *
+ * @param string $username
+ * @param string $password
+ * @return int User Id if authentication is successful
+ * @throws HTTPException\ForbiddenException
+ */
+ public static function getIdFromAuthenticateHooks($username, $password)
+ {
+ $addon_auth = [
+ 'username' => $username,
+ 'password' => $password,
+ 'authenticated' => 0,
+ 'user_record' => null
+ ];
+
+ /*
+ * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+ * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
+ * and later addons should not interfere with an earlier one that succeeded.
+ */
+ Hook::callAll('authenticate', $addon_auth);
+
+ if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
+ return $addon_auth['user_record']['uid'];