Project

General

Profile

Actions

Bug #67699

closed

Inconsistence in allowing spaces in passwords

Added by Dewi Matthijssen over 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Could have
Assignee:
Category:
-
Target version:
Start date:
2015-06-23
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
no-brainer
Is Regression:
No
Sprint Focus:

Description

For backendusers, spaces are allowed in passwords. Login works fine with a password that has spaces in it.

For frontendusers, the spaces are stripped by the TCA ('eval' => 'nospace') before salting. The frontendlogin however does not strip the spaces so it is not possible for the user to log in with the password that was set through the backend. The backend provides no warning suggesting the password was not saved as it was put in.

I'd expect the same processing wether you are trying to log in or are setting a new password through the backend. This way the password will always work as it is typed in.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #77715: FE-Login for spaced-passwordsClosed2016-08-31

Actions
Actions #1

Updated by Daniel Goerz almost 8 years ago

  • Assignee set to Daniel Goerz
  • Target version set to next-patchlevel
  • TYPO3 Version changed from 6.2 to 8
  • Complexity set to no-brainer
Actions #2

Updated by Gerrit Code Review almost 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47542

Actions #3

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47544

Actions #4

Updated by Daniel Goerz almost 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #5

Updated by Arne Uplegger over 7 years ago

The getLoginFormData-Function from AbstractUserAuthentication Class in file typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php:1296 (TYPO7.6.10) will TRIM all spaces from the loginData, including the password at uident and uident_text.

So even if you modify the TCA you'll have no luck with your spaced-passwords.

One needs to skip the TRIM for "uident" / "uident_text".

We also have users with spaced-passwords (from TYPO3-extern systems (ldap)) so it would be nice to fix this.

Actions #6

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF