No description provided.
The docs should cover how to set the error message the user gets too.
Alright, added docs on class PHPDoc. I don't think error messages need to be documented, that's just normal form and extension behaviour, and one specific use case.
Apart from the (admittedly critical) Member extension points, this would be the first one with tests, while there's a few dozen untested ones in the system. Given how straightforward they are, that the underlying Object->extend() is already tested, and the difficulty/verbosity of actually writing such a test, I don't think they're needed here.
A validation failure through this hook behaves differently from an incorrect password or email address, so I think it should be made clear that an error message should be set.
Also, I've already come up with a case where the if statement incorrectly fails. Two extensions, first one returns 0 (or some other false-y, non-null value) second returns false. The min() returns the 0.
Also, in the pull request for opauth, you mention it'll require master yet this is against 3.1. Which branch did you mean for this to get in to?
Allow vetoing forgot password requests
Thanks for the feedback, Simon!
I've corrected the requirement to "requires 3.1.4 or newer", in anticipation of the next release after the security-related 3.1.3. Wanted to avoid guessing releases by saying "requires 3.2", but you're right, its inaccurate.
Changed the min() logic to using in_array() in strict mode to distinguish between 0, null and false correctly.
Added method-level docs about the impact of the extension point, is that what you had in mind?
Yup, something like that :)
I'm fine with this being merged once 3.1.3 is tagged.