TYPO3 Core

Besides that, the property $this->challengeStoredInCookie must be set to false, so that a previously stored challenge does not hinder to login to work correctly.

Patch set 1 of change Ibf1194d04a7159ade9ef33701e92930f98cfb90e has been pushed to the review server.
It is available at http://review.typo3.org/4439

Patch set 1 of change Ibf1194d04a7159ade9ef33701e92930f98cfb90e has been pushed to the review server.
It is available at http://review.typo3.org/4452

I think their is a bug with this patch or maybe i understood it wrong.

when the loginSecurityLevel is set to normal, it should still give the password in clear-text rigth?
because rigth now the password received is encrypted and It causes login error with extension using ldap like ig_ldap_sso_auth.

i think you have a "!" that should not be their before the in_array in this condition:

if (!empty($securityLevel) && !in_array($securityLevel, $standardSecurityLevels)) {
$this->security_level = $securityLevel;
+ } else {
+ $this->security_level = 'superchallenged';
+ }

best Regards

Michael Miousse wrote:

I think their is a bug with this patch or maybe i understood it wrong.

It's not a bug, it was a bug before. But indeed it is a bit hard to understand. It took a while to figure out how to solve this correctly

when the loginSecurityLevel is set to normal, it should still give the password in clear-text rigth?
because rigth now the password received is encrypted and It causes login error with extension using ldap like ig_ldap_sso_auth.

If any extension relies on the fact that the cleartext password is in $loginData['uident'], then it is a problem in this extension, because the cleartext password by definition is always stored in $loginData['uident_text']
This is the case before and after this fix.

Unfortunately the cleartext password has also been present in $loginData['uident'] (since 4.3.0) which then triggered the bug in TYPO3. So extension looking for the cleartext password in $loginData['uident'] relied on this very bug.

i think you have a "!" that should not be their before the in_array in this condition:

if (!empty($securityLevel) && !in_array($securityLevel, $standardSecurityLevels)) {
$this->security_level = $securityLevel;
+ } else {
+ $this->security_level = 'superchallenged';
+ }

Nope, it is correct like it is.

Ok my bad sorry

thanks

Michael Miousse wrote:

Ok my bad sorry

No problem. You're not the only one stumbling over this.

thanks

You're welcome. Now it is documented here for others running into this problem.