User Plugin Events

[robbiejackson]

No description provided.

[qodo-code-review]

Review Summary by Qodo

Document user authentication and plugin events

📝 Documentation

Walkthroughs

Description

• Added comprehensive documentation for 23 user authentication and plugin events
• Documented login/logoff events with detailed explanations of authentication flow
• Documented database table events for users and usergroups records
• Documented username/password reminder and miscellaneous events with event arguments and return
  values

Diagram

flowchart LR
  A["Plugin Events Index"] -- "adds 23 user events" --> B["User Authentication Events"]
  B -- "documents login/logoff" --> C["onUserAuthenticate<br/>onUserLogin<br/>onUserLogout"]
  B -- "documents database operations" --> D["onUserBeforeSave<br/>onUserAfterDelete<br/>onUserBeforeSaveGroup"]
  B -- "documents password reset" --> E["onUserBeforeResetRequest<br/>onUserAfterResetComplete"]
  B -- "documents misc events" --> F["onUserLoginButtons"]

Loading

File Changes

1. docs/building-extensions/plugins/plugin-events/index.md 📝 Documentation +23/-0

Added user events to plugin events index

• Added 23 new user authentication and plugin events to the events table
• Events include login/logoff, database operations, password reset, and miscellaneous events
• All events reference the new user-auth.md documentation file
• Events span from Joomla 4.0 to before 4.0 versions

docs/building-extensions/plugins/plugin-events/index.md

---

2. docs/building-extensions/plugins/plugin-events/user-auth.md 📝 Documentation +731/-0

Created user authentication events documentation

• Created comprehensive 731-line documentation file for user authentication and plugin events
• Documented 23 events organized into 4 categories: login/logoff, database table operations,
 password reminder, and miscellaneous
• Included detailed explanations of Joomla's authentication flow, session cookies, and event
 triggering sequence
• Provided event arguments, return values, and code examples for each event
• Documented event classes and getter methods for accessing event data

docs/building-extensions/plugins/plugin-events/user-auth.md

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Wrong plugin group guidance 🐞 Bug ✓ Correctness

Description

• user-auth.md says onUserAuthenticate “must be registered as a system plugin”, but the same
  page immediately cites “Authentication - Joomla” and “Authentication - Cookie” plugins as the
  examples handling this event, which is contradictory guidance.
• The events index defines “Group” as the plugin group imported before dispatch, yet lists
  onUserAuthenticate as “System (Authentication)”, a label that doesn’t match the documented concept
  of plugin groups/types.
• This is likely to push developers toward writing system plugins for authentication; the manual
  warns system plugins load every request and can lock admins out on a simple syntax error.

Code

docs/building-extensions/plugins/plugin-events/user-auth.md[R20-22]

+To receive the onUserAuthenticate event your plugin must be registered as a system plugin.
+
+To receive the other onUser... events your plugin can be registered as a user plugin.

Evidence

The new page asserts a system-plugin requirement for onUserAuthenticate while simultaneously
describing Authentication plugins as the concrete implementations. Separately, the events index
defines “Group” as the imported plugin group, but the added onUserAuthenticate row uses a
non-standard group label. Together, these create confusing/possibly incorrect implementation
guidance and increase the likelihood developers choose a riskier plugin type (system) unnecessarily.

docs/building-extensions/plugins/plugin-events/user-auth.md[20-22]
docs/building-extensions/plugins/plugin-events/user-auth.md[87-95]
docs/building-extensions/plugins/plugin-events/index.md[11-14]
docs/building-extensions/plugins/plugin-events/index.md[52-55]
docs/building-extensions/plugins/how-plugins-work.md[25-37]
docs/building-extensions/plugins/basic-content-plugin.md[66-73]
docs/building-extensions/plugins/plugin-events/application.md[18-21]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The new authentication/user events documentation contradicts itself about which plugin type/group receives `onUserAuthenticate`. It states the handler must be a *system* plugin, but then cites *Authentication* plugins as the concrete examples. The events index further labels the group as “System (Authentication)”, which conflicts with the manual’s definition of plugin group/type.

This can mislead extension developers into building authentication logic as system plugins, increasing risk (system plugins load on every request).

## Issue Context
The docs define “Group” as the plugin type imported before dispatch, and elsewhere define `group="..."` in manifests as the plugin type. The new text should follow those conventions and stay internally consistent.

## Fix Focus Areas
- docs/building-extensions/plugins/plugin-events/user-auth.md[20-22]
- docs/building-extensions/plugins/plugin-events/index.md[53-55]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more