From b6cdc6bf5c5dc21a6ce4e3324d8170c1417809b0 Mon Sep 17 00:00:00 2001
From: Alejandro Estringana Ruiz <alejandro.estringanaruiz@datadoghq.com>
Date: Mon, 17 Feb 2025 16:38:11 +0100
Subject: [PATCH] Amend login failure event being reported by mistake

---
 .../WordPress/WordPressIntegration.php         |  3 +++
 .../AutomatedLoginEventsTestSuite.php          |  9 +++++++++
 .../V6_1/AutomatedLoginEventsTest.php          | 18 ++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 tests/Integrations/WordPress/V6_1/AutomatedLoginEventsTest.php

diff --git a/src/DDTrace/Integrations/WordPress/WordPressIntegration.php b/src/DDTrace/Integrations/WordPress/WordPressIntegration.php
index 1b53520d42..4591f24f5d 100644
--- a/src/DDTrace/Integrations/WordPress/WordPressIntegration.php
+++ b/src/DDTrace/Integrations/WordPress/WordPressIntegration.php
@@ -82,6 +82,9 @@ function ($args, $retval) {
                     if (!function_exists('\datadog\appsec\track_user_login_failure_event_automated')) {
                         return;
                     }
+                    if (empty($username)) {
+                        return;
+                    }
                     $errorClass = '\WP_Error';
                     $exists = $retval instanceof $errorClass &&
                         \property_exists($retval, 'errors') &&
diff --git a/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php b/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php
index dfd282657c..4786c33e5c 100644
--- a/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php
+++ b/tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php
@@ -45,6 +45,15 @@ public function testUserLoginSuccessEvent()
         $this->assertEquals($name, $events[0]['metadata']['name']);
     }
 
+    public function testHittingLoginPageDoesNotGenerateUserEvent()
+    {
+        $spec = GetSpec::create('request', '/wp-login.php');
+        $this->call($spec, [CURLOPT_FOLLOWLOCATION => true, CURLOPT_COOKIESESSION => true]);
+
+        $events = AppsecStatus::getInstance()->getEvents(['track_user_login_failure_event_automated']);
+        $this->assertEquals(0, count($events));
+    }
+
     public function testUserLoginFailureEventWhenUserDoesNotExists()
     {
         $email = 'non-existing@email.com';
diff --git a/tests/Integrations/WordPress/V6_1/AutomatedLoginEventsTest.php b/tests/Integrations/WordPress/V6_1/AutomatedLoginEventsTest.php
new file mode 100644
index 0000000000..28c4e4ba39
--- /dev/null
+++ b/tests/Integrations/WordPress/V6_1/AutomatedLoginEventsTest.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace DDTrace\Tests\Integrations\WordPress\V6_1;
+
+use DDTrace\Tests\Integrations\WordPress\AutomatedLoginEventsTestSuite;
+
+ /**
+ * @group appsec
+ */
+class AutomatedLoginEventsTest extends AutomatedLoginEventsTestSuite
+{
+    public static $database = "wp61";
+
+    public static function getAppIndexScript()
+    {
+        return __DIR__ . '/../../../Frameworks/WordPress/Version_6_1/index.php';
+    }
+}