Bug #33759
closed
AJAX login doesn't work with RSAauth and Salted pass
0%
Description
Background¶
I recently logged in to an old typo3 installation, and found the AJAX login very refreshing. I would love to see AJAX login instead of the refresh login popup.
Bug Description and Analysis¶
AJAX login doesn't work when using extensions rsaauth and saltedpasswords.
In these extensions (and in openid, based on a quick grep) ext_localconf.php includes:
// Use popup window to refresh login instead of the AJAX relogin:
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = 1;
Overriding that in typo3conf/localconf.php does not work as ext_localconf.php is loaded after my localconf.php (after all, it has to look in localconf.php to figure out which extensions to load).
Why?¶
Looking back to #20382 where the patch for RSAauth was first introduced, Dmitry said:
ajax login box does not work with RSA. I will re–factor it later, before the release of 4.3. It will use the same hooks thus making any authentication method possible
What to do?¶
I'm guessing that refactoring will touch typo3/js/loginrefresh.js, but JavaScript is not my forte...
It looks like typo3/classes/class.ajaxlogin.php also needs some rsa love.
Dmitry committed the AJAX login in 93e6a5d3 so those files might need a massage.
Any chance of that refactoring getting in by 4.7?
Why I picked watchers:¶
Dmitry Dulepov - originally wrote rsaauth and saltedpasswords as well as class.ajaxlogin.php
Steffen Ritter - Release Manager for 4.7 (please?)
Annotations here on forge say that the following people have touched loginrefresh.js and/or class.ajaxlogin.php¶
Steffan Kamper - wrote much of loginrefresh.js
Oliver Hader
Jigal
Ernesto Baschny
Updated by Jacob Floyd about 12 years ago
And on further investigation:
- Dmitry was the one who committed the AJAX login box, but it was Christoph Koehler who first implemented it as a modal box and Oliver Hader was originally assigned the task (#19152 93e6a5d3). Cristoph ( http://forge.typo3.org/users/439 ) doesn't seem to be active on forge, so I can't add him as a watcher.
- Then Dmitry and Steffan expressed their desire/preference to disable or remove the AJAX relogin (#19897).
- Later, Steffan Kamper refactored the relogin stuff to use ExtJS instead of modal box (#20038 2ba9a8f0). In this refactoring, the AJAX relogin was disabled for rsaauth and openid.
Thus our current state: disabled relogin. What needs to be done to re-enable AJAX relogin?
Updated by Jacob Floyd about 12 years ago
Maybe an ExtJS controlled iFrame could be used to load the refresh popup - without the popup. That would be preferable for me.
I often have 4 or more windows/tabs open with different sites' typo3 backend, plus a few more tabs to edit pages in the frontend. (A domain for testing random typo3 extensions, my main site, my personal site, or multiple browsers logged in as different users if I'm demoing typo3 to people at my workplace.) Having a bunch of popup windows is very distracting, and it's not always clear which backend I'm logging back into, and which user I should use to log back in.
I would really, really like the AJAX login so that I don't have to deal with this confusion, but I value security more than this annoyance bothers me, so I'm not going to drop rsaauth or saltedpasswords.
Updated by Nicole Cordes over 10 years ago
- Status changed from New to Needs Feedback
I think this is done already. Could you please test a current installation.
Updated by Jacob Floyd over 10 years ago
I don't use TYPO3 CMS any more. If someone wants to test this great, but I don't have time to setup an installation just to test this.
Updated by Nicole Cordes over 10 years ago
- Status changed from Needs Feedback to Closed
Already solved.