Why some functions are not static but are being called as static

[AndrewEastwood]

There is the function wp_cas_authentication_hooks with the list of hooked actions. Those actions are linked to logout, authenticate, show_password_fieldsand disable_function which are not static.
Moreover the check_passwords is not even implemented but it's still used add_action('check_passwords', array('UTHSCWPCAS', 'check_passwords'), 10, 3);

Is that okay?

[gpspake]

Hey @AndrewEastwood Everything there should be fine. I'll try to explain everything as well as I can but I'll go review the code and see if I can get some additional input as soon as I get a chance. If you have any suggestions or see anything that looks wrong, please let me know or feel free to submit a PR.

If I recall correctly, and I'll check this and try to comment it better in the code, The check_passwords and show_passwords stuff is just there so that changes can be made to user profiles from wp-admin. Once the plugin is activated, WordPress doesn't store or save passwords at all since users are authenticated through CAS; so, when you try to change a users name or email from the dashboard, WordPress won't let you because it doesn't see anything in the password field for that user (the one you would use to enter a new password) - it basically just fails the form validation. Fixing this is simply a matter of turning off that password check and getting rid of the unused password field. If you comment that stuff out, you should notice that the password field re-appears on the user edit screen and you won't be able to make any changes their account because it will fail that validation.

As for the static methods, I believe they were made static is because of some wp_debug warnings that explicitly said they needed to be. I'd like to have a better answer than that, as to why, so I'm going to look in to that further to make sure and possibly get another set of eyes on it. In the meantime though, that should be ok.