Inconsistence in allowing spaces in passwords
For backendusers, spaces are allowed in passwords. Login works fine with a password that has spaces in it.
For frontendusers, the spaces are stripped by the TCA ('eval' => 'nospace') before salting. The frontendlogin however does not strip the spaces so it is not possible for the user to log in with the password that was set through the backend. The backend provides no warning suggesting the password was not saved as it was put in.
I'd expect the same processing wether you are trying to log in or are setting a new password through the backend. This way the password will always work as it is typed in.
Updated by Arne Uplegger over 7 years ago
The getLoginFormData-Function from AbstractUserAuthentication Class in file typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php:1296 (TYPO7.6.10) will TRIM all spaces from the loginData, including the password at uident and uident_text.
So even if you modify the TCA you'll have no luck with your spaced-passwords.
One needs to skip the TRIM for "uident" / "uident_text".
We also have users with spaced-passwords (from TYPO3-extern systems (ldap)) so it would be nice to fix this.