Project

General

Profile

Actions
Copy link

Bug #61506

closed

Salted passwords are not imported from t3d using import/export module

Added by Nils Heuermann about 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
next-patchlevel
Start date:
2014-09-10
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.5
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

When importing a t3d file using the import/export module of Typo3 and the saltedpasswords extension is enabled user passwords will not be imported if they are already salted.

The method evaluateFieldValue in TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator sets the "set" flag to false when saltedpasswords are enabled. After that there are some checks for the password hash method that might have processed the password value.

The problem is that IF the password is already a salted password, the "set" flag remains false - and therefore the imported password hash is not saved to the database.

To reproduce this:
- Export a page tree (t3d) with be_users or fe_users (which have a salted password stored in the database)
- Import t3d file
- Passwords of imported users are empty

Actions
Copy link

Also available in: Atom PDF