Project

General

Profile

Actions

Bug #33759

closed

AJAX login doesn't work with RSAauth and Salted pass

Added by Jacob Floyd almost 13 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2012-02-08
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Background

I recently logged in to an old typo3 installation, and found the AJAX login very refreshing. I would love to see AJAX login instead of the refresh login popup.

Bug Description and Analysis

AJAX login doesn't work when using extensions rsaauth and saltedpasswords.

In these extensions (and in openid, based on a quick grep) ext_localconf.php includes:

// Use popup window to refresh login instead of the AJAX relogin:
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = 1;

Overriding that in typo3conf/localconf.php does not work as ext_localconf.php is loaded after my localconf.php (after all, it has to look in localconf.php to figure out which extensions to load).

Why?

Looking back to #20382 where the patch for RSAauth was first introduced, Dmitry said:

ajax login box does not work with RSA. I will re–factor it later, before the release of 4.3. It will use the same hooks thus making any authentication method possible

What to do?

I'm guessing that refactoring will touch typo3/js/loginrefresh.js, but JavaScript is not my forte...

It looks like typo3/classes/class.ajaxlogin.php also needs some rsa love.

Dmitry committed the AJAX login in 93e6a5d3 so those files might need a massage.

Any chance of that refactoring getting in by 4.7?

Why I picked watchers:

Dmitry Dulepov - originally wrote rsaauth and saltedpasswords as well as class.ajaxlogin.php
Steffen Ritter - Release Manager for 4.7 (please?)

Annotations here on forge say that the following people have touched loginrefresh.js and/or class.ajaxlogin.php

Steffan Kamper - wrote much of loginrefresh.js
Oliver Hader
Jigal
Ernesto Baschny


Related issues 4 (0 open4 closed)

Related to TYPO3 Core - Feature #20382: Implement RSA authentication for BE and FEClosedDmitry Dulepov2009-04-30

Actions
Related to TYPO3 Core - Feature #19152: Remove JS popup when login expiredClosedOliver Hader2008-07-25

Actions
Related to TYPO3 Core - Bug #20038: AJAX relogin does not workClosedSteffen Kamper2009-02-17

Actions
Related to TYPO3 Core - Bug #19897: Bad interaction between OpenId auth and ExtJS relogin boxClosedOliver Hader2009-01-23

Actions
Actions #1

Updated by Jacob Floyd almost 13 years ago

And on further investigation:

  • Dmitry was the one who committed the AJAX login box, but it was Christoph Koehler who first implemented it as a modal box and Oliver Hader was originally assigned the task (#19152 93e6a5d3). Cristoph ( http://forge.typo3.org/users/439 ) doesn't seem to be active on forge, so I can't add him as a watcher.
  • Then Dmitry and Steffan expressed their desire/preference to disable or remove the AJAX relogin (#19897).
  • Later, Steffan Kamper refactored the relogin stuff to use ExtJS instead of modal box (#20038 2ba9a8f0). In this refactoring, the AJAX relogin was disabled for rsaauth and openid.

Thus our current state: disabled relogin. What needs to be done to re-enable AJAX relogin?

Actions #2

Updated by Jacob Floyd almost 13 years ago

Maybe an ExtJS controlled iFrame could be used to load the refresh popup - without the popup. That would be preferable for me.

I often have 4 or more windows/tabs open with different sites' typo3 backend, plus a few more tabs to edit pages in the frontend. (A domain for testing random typo3 extensions, my main site, my personal site, or multiple browsers logged in as different users if I'm demoing typo3 to people at my workplace.) Having a bunch of popup windows is very distracting, and it's not always clear which backend I'm logging back into, and which user I should use to log back in.

I would really, really like the AJAX login so that I don't have to deal with this confusion, but I value security more than this annoyance bothers me, so I'm not going to drop rsaauth or saltedpasswords.

Actions #3

Updated by Nicole Cordes about 11 years ago

  • Status changed from New to Needs Feedback

I think this is done already. Could you please test a current installation.

Actions #4

Updated by Jacob Floyd about 11 years ago

I don't use TYPO3 CMS any more. If someone wants to test this great, but I don't have time to setup an installation just to test this.

Actions #5

Updated by Nicole Cordes about 11 years ago

  • Status changed from Needs Feedback to Closed

Already solved.

Actions

Also available in: Atom PDF