Bug fix: allow authentication addons to create users again.

src/Model/User.php

@@ -515,7 +515,20 @@ class User
 	 */
 	public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
 	{
+		// Addons registered with the "authenticate" hook may create the user on the
+		// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
+		// the user doesn't exist, we should give the addons a chance to create the
+		// user in our database, if applicable, before re-throwing the exception if
+		// they fail.
+		try {
 			$user = self::getAuthenticationInfo($user_info);
+		} catch (Exception $e) {
+			if (is_string($user_info)) {
+				return self::getIdFromAuthenticateHooks($user_info, $password);
+			} else {
+				throw $e;
+			}
+		}
 
 		if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
 			// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
@@ -545,8 +558,25 @@ class User
 
 			return $user['uid'];
 		} else {
+			return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
+		}
+
+		throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
+	}
+
+	/**
+	 * Try to obtain a user ID via "authenticate" hook addons
+	 *
+	 * Returns the user id associated with a successful password authentication
+	 *
+	 * @param string $username
+	 * @param string $password
+	 * @return int User Id if authentication is successful
+	 * @throws HTTPException\ForbiddenException
+	 */
+	public static function getIdFromAuthenticateHooks($username, $password) {
 		$addon_auth = [
-				'username'      => $user['nickname'],
+			'username'      => $username,
 			'password'      => $password,
 			'authenticated' => 0,
 			'user_record'   => null
@@ -562,7 +592,6 @@ class User
 		if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
 			return $user['uid'];
 		}
-		}
 
 		throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
 	}