Bug #29130
closedSecurity Level "normal" does not work for backend login
100%
Description
Problem:
After introducing rsaauth and saltedpasswords system extensions, the backend user object has been changed to always set the object property "security_level" to what is configured in $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'].
However although named the same, the configuration and the object property have been intended to be used for different things.
The configuration sets how the transmission of the password should be handled.
The object property defines how the password hash is stored in the database and which value (uident_text, uident_challenged, uident_superchallenged) should be used to compare the submitted password with the password stored in the database.
Solution:
Only change the object property to something different than "superchallenged" if the configuration is not set to "standard" settings (normal, challenged,superchallenged).
Steps to reproduce:
1. Set $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']='normal';
2. Try to log into the backend.