Feature #97389: Add Password Policy check to FormEngine (TCA type=password) and DataHandler - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Feature #97389

closed

Epic #97387: Configurable Password Policies

Add Password Policy check to FormEngine (TCA type=password) and DataHandler

Added by Torben Hansen about 2 years ago. Updated about 1 year ago.

Status:

Closed

Priority:

Should have

Assignee:

Torben Hansen

Category:

Target version:

12.3

Start date:

2022-04-15

Due date:

% Done:

100%

Estimated time:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

Evaluate password policy for mode (either FE or BE) in TCA type=password for the configured Password Policy.

Example TCA for be_users

$GLOBALS['TCA']['be_users']['columns']['password'] = [
    'config' => [
        'type' => 'password',
        'size' => 20,
        'required' => true,

        // could be the default behavior when omitted for `type=password` in DataHandler,
        'passwordPolicy' => 'default',

        'fieldControl' => [
            // checks requirements of `passwordPolicy`, visualized matches & mismatches
            'passwordPolicyValidation' => true,

            // just concerns the entropy of a password, independent of `passwordPolicy`
            'passwordStrengthMeter' => true,

            // uses aspects of `passwordPolicy` and shows a visual generator
            // (e.g. user can select amount of digits, amount of special chars, ...)
            'passwordGenerator' => true,
        ],
    ],
];

Example TCA for sys_reaction

$GLOBALS['TCA']['sys_reaction']['columns']['token'] = [
    'config' => [
        'type' => 'password',
        'size' => 20,
        'required' => true,

        'passwordPolicy' => 'token',

        'fieldControl' => [
            // checks requirements of `passwordPolicy`, visualized matches & mismatches
            'passwordPolicyValidation' => true,

            // just concerns the entropy of a password, independent of `passwordPolicy`
            'passwordStrengthMeter' => true,

            // uses aspects of `passwordPolicy` and shows a visual generator
            // (e.g. user can select amount of digits, amount of special chars, ...)
            'passwordGenerator' => [
                'controls' => false,
                'randomValue' => true,
                'convert' => ['hex', 'base64'],
            ],
        ],
    ],
];

For the latter, we need to add an additional global password policy named token as shown below:

'token' => [
    'validators' => [
        \TYPO3\CMS\Core\PasswordPolicy\Validator\CorePasswordValidator::class => [
            'options' => [
                'minimumLength' => 40,
            ],
            'excludeActions' => [],
        ],
],

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Feature #97389

Add Password Policy check to FormEngine (TCA type=password) and DataHandler

Updated by Torben Hansen about 2 years ago

Updated by Georg Ringer almost 2 years ago

Updated by Torben Hansen over 1 year ago

Updated by Torben Hansen over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Torben Hansen about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Gerrit Code Review about 1 year ago

Updated by Torben Hansen about 1 year ago

Updated by Benni Mack about 1 year ago

Updated by Oliver Hader 5 months ago