psdmartinb

Thank you for the reply. I did not realize the github repo was not official.

Inside of classes/wp_cassify_plugin.php, line 366-ish.

if ( empty( $cas_user_datas['cas_user_id'] ) ) {
     $this->wp_cassify_logout();
}

This simply logs the user out on bad ticket, maybe not the most elegant or permanent solution but saved us a lot of helpdesk calls.

I also added NCONTAINS in the rule resolver as we needed to identify users that were not students.

case '-NCONTAINS' :
				
				if ( strpos( $wp_cassify_rule_solver_item->left_operand, $this->strip_double_quotes_from_operand( $wp_cassify_rule_solver_item->right_operand ) ) == FALSE ) {
					$wp_cassify_rule_solver_item->result = 'TRUE';	
				}
				else {
					$wp_cassify_rule_solver_item->result = 'FALSE';
				}
			
				break;

Hi,

This has been sitting for 4 months and my pull requests are still not merged nor has anybody responded here.

https://github.com/CGCookie/wp-cassify/pull/1

Is this not the right github repository?

I’m experiencing this too. I really want to use this so I’ll see if I can find the source of the issue, will be testing on 4.8 too.

I have come up with a solution.

I added this inside the validate_login function, before phpCAS::forceAuthentication(); line

if($_SERVER["REQUEST_URI"] == "/xmlrpc.php"){
	$user = wp_authenticate_username_password(NULL, $username, $password);
	return $this->validate_noncas_login($user, $username, $password);
}

I’ve tested this to work correctly with authentication. Incorrect logins are blocked, while good logins work as expected.

Hope this helps somebody in the future! I’ll see if I can make a pull request with this as an option to enable/disable xmlrpc.