Task #32136

Reports module has knowledge about internal data of salted passwords

Added by Dmitry Dulepov almost 8 years ago. Updated 12 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-11-28
Due date:
% Done:

100%

TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Reports module changes from issue #30695 introduced a check for the saltedpasswords extension and a report about users, whose passwords are not protected by the saltedpasswords.

The problem with that solution is that reports uses an internal knowledge from saltedpasswords extension: a password prefix. This is bad because:
  • it is a "solution spread" across modules
  • details on the password encodings should be known only to the saltedpasswords extension to ensure that new methods can be added and only that extension handles it

The fix is to remove the query from the Reports module but call a newly introduced method in the saltedpasswords to get that number of users.


Related issues

Related to TYPO3 Core - Task #30695: Implement availability check for saltedpasswords in reports module Closed 2011-10-09

Associated revisions

Revision 08c684f0 (diff)
Added by Dmitry Dulepov almost 8 years ago

[TASK] Reports module uses internal data of salted passwords

Reports module changes from issue #30695 introduced a check
for the saltedpasswords extension and a report about users,
whose passwords are not protected by the saltedpasswords.
That check queries database directly and uses internal
knowledge of saltedpasswords about marking the password
with certain characters. This can break reports module
if saltedpasswords adds a new scheme to salt passwords.
Only saltedpasswords should know about those prefixes.
Other extensions should use the API of saltedpasswords
to query the information.

Change-Id: Iec27610c2227ed15537f37b53e1b26443b5a276f
Resolves: #32136
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6953
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Revision 147184a3 (diff)
Added by Dmitry Dulepov over 7 years ago

[TASK] Reports module uses internal data of salted passwords

Reports module changes from issue #30695 introduced a check
for the saltedpasswords extension and a report about users,
whose passwords are not protected by the saltedpasswords.
That check queries database directly and uses internal
knowledge of saltedpasswords about marking the password
with certain characters. This can break reports module
if saltedpasswords adds a new scheme to salt passwords.
Only saltedpasswords should know about those prefixes.
Other extensions should use the API of saltedpasswords
to query the information.

Change-Id: Ifd1eefb8e823e17612e72253ad3594c3956099c2
Resolves: #32136
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/7407
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov

Revision 329f00d4 (diff)
Added by Dmitry Dulepov over 7 years ago

[TASK] Reports module uses internal data of salted passwords

Reports module changes from issue #30695 introduced a check
for the saltedpasswords extension and a report about users,
whose passwords are not protected by the saltedpasswords.
That check queries database directly and uses internal
knowledge of saltedpasswords about marking the password
with certain characters. This can break reports module
if saltedpasswords adds a new scheme to salt passwords.
Only saltedpasswords should know about those prefixes.
Other extensions should use the API of saltedpasswords
to query the information.

Change-Id: I335697612d9f58935320261278054fc1863871f4
Resolves: #32136
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/7408
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov

History

#1 Updated by Mr. Jenkins almost 8 years ago

  • Status changed from New to Under Review

Patch set 1 of change Iec27610c2227ed15537f37b53e1b26443b5a276f has been pushed to the review server.
It is available at http://review.typo3.org/6953

#2 Updated by Mr. Jenkins almost 8 years ago

Patch set 2 of change Iec27610c2227ed15537f37b53e1b26443b5a276f has been pushed to the review server.
It is available at http://review.typo3.org/6953

#3 Updated by Gerrit Code Review almost 8 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6953

#4 Updated by Dmitry Dulepov almost 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#5 Updated by Gerrit Code Review over 7 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/7407

#6 Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/7408

#7 Updated by Dmitry Dulepov over 7 years ago

  • Status changed from Under Review to Resolved

#8 Updated by Benni Mack 12 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF