TYPO3 Core

Background¶

I recently logged in to an old typo3 installation, and found the AJAX login very refreshing. I would love to see AJAX login instead of the refresh login popup.

Bug Description and Analysis¶

AJAX login doesn't work when using extensions rsaauth and saltedpasswords.

In these extensions (and in openid, based on a quick grep) ext_localconf.php includes:

// Use popup window to refresh login instead of the AJAX relogin:
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = 1;

Overriding that in typo3conf/localconf.php does not work as ext_localconf.php is loaded after my localconf.php (after all, it has to look in localconf.php to figure out which extensions to load).

Why?¶

Looking back to #20382 where the patch for RSAauth was first introduced, Dmitry said:

ajax login box does not work with RSA. I will re–factor it later, before the release of 4.3. It will use the same hooks thus making any authentication method possible

What to do?¶

I'm guessing that refactoring will touch typo3/js/loginrefresh.js, but JavaScript is not my forte...

It looks like typo3/classes/class.ajaxlogin.php also needs some rsa love.

Dmitry committed the AJAX login in 93e6a5d3 so those files might need a massage.

Any chance of that refactoring getting in by 4.7?

Why I picked watchers:¶

Dmitry Dulepov - originally wrote rsaauth and saltedpasswords as well as class.ajaxlogin.php
Steffen Ritter - Release Manager for 4.7 (please?)

Annotations here on forge say that the following people have touched loginrefresh.js and/or class.ajaxlogin.php¶

Steffan Kamper - wrote much of loginrefresh.js
Oliver Hader
Jigal
Ernesto Baschny