/**
* Clear out user and session data when validation fails. Dispatch an event,
* set session messages and unset user data before returning the empty
* user object.
* @param Mage_Admin_Model_User $user
* @param Mage_Core_Controller_Request_Http $request
* @param Mage_Core_Exception $authException
* @return null
* @codeCoverageIgnore All side-effects taken from Magento auth/login process
*/
protected function _failValidation(Mage_Admin_Model_User $user, Mage_Core_Controller_Request_Http $request = null, Mage_Core_Exception $authException)
{
$logMessage = 'Failed to authenticate using token.';
$this->logger->info($logMessage, $this->context->getMetaData(__CLASS__));
// This may be problematic due to the missing user password. It is never
// given while doing the token auth so we don't have one to pass. So far
// it doesn't seem to be causing any issues but may have some impact on the
// Mage_Enterprise_Pci_Model_Observer::adminAuthenticate method.
Mage::dispatchEvent('admin_user_authenticate_after', array('username' => $user->getUsername(), 'password' => '', 'user' => $user, 'result' => false));
Mage::dispatchEvent('admin_session_user_login_failed', array('user_name' => $user->getUsername(), 'exception' => $authException));
if ($request && !$request->getParam('messageSent')) {
Mage::getSingleton('adminhtml/session')->addError($authException->getMessage());
$request->setParam('messageSent', true);
}
$user->unsetData();
$this->_postAuthCheckRedirect(Mage::helper('adminhtml')->getUrl('*'));
}
