Bug #29488

AuthenticationManager::authenticate() does not throw Exception for invalid credentials

Added by Carsten Bleicker about 10 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Should have
Category:
Security
Start date:
2011-09-05
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

if i send empty login data the result of authentication is allways true here.
can somebody reproduce this? exception is also not thrown.
talking about this part:

public function authenticateAction() {

    $authenticated = FALSE;
    try {
        $this->authenticationManager->authenticate();
        $authenticated = TRUE;
    } catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) {
        // No Exception is thrown if user sends empty form?
        var_dump($exception);
    }

    /**
     * At this point $authenticated is allways true if user sends empty form?
     */ 
    var_dump($authenticated);
    die();

    if ($authenticated) {
    ........
}

Also available in: Atom PDF