Bug #70118

Backend Login not successful with correct password

Added by Stefan Froemken over 5 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Backend API
Target version:
Start date:
2015-09-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:
Stabilization Sprint

Description

Hello Core-Team,

When I edit some of my be_user properties in list-module, there are some ** in the password field. I think they are a problem, because after saving my be_user record I have a new unworking Hash value in my record.

Stefan Frömken

#1

Updated by Stefan Froemken over 5 years ago

Muhahaha. After saving my record I can login with 8 * as password

:-)

#2

Updated by Markus Klein over 5 years ago

  • Is Regression changed from No to Yes
#3

Updated by Nicole Cordes over 5 years ago

  • Assignee set to Nicole Cordes
#4

Updated by Gerrit Code Review over 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43572

#5

Updated by Nicole Cordes over 5 years ago

  • Status changed from Under Review to Needs Feedback

Hi Stefan,

can you please give some more information about your set up? I can't verify that wrong data gets submitted. It seems your JavaScript is broken and not executed before the form gets submitted. Can you see any output in your browser console? And which browser are you using?

Thanks for your feedback.

#6

Updated by Stefan Froemken over 5 years ago

Hello Nicole,

I have two TYPO3 instances. One with many activated extensions and one without any foreign extension.
I have the problem in Google Chrome and in FireFox.
I don't have OpenId Extension activated.
I don't have any JavaScript Errors either in FF and Chrome.
Xdebug told me that 8 stars are in request POST.

BUT: Following seems to happen in slooooow motion:
- I click on save icon
- after ~0.5 seconds the stars in password field hides. So I see an empty password field
- The other form fields are still filled
- Some milliseconds further the page reloads
- I see the edit form again

Maybe the JavaScript to clear the field was called to late. But that is only an idea.
Tell me where I can find the script to clear this field and I will try to debug it.

Stefan

#7

Updated by Stefan Froemken over 5 years ago

I'm working with current master 7.5-dev

Stefans-MBP:typo3_src stefan$ git log -3
commit e325d476176c2f3f0307faccb35efec361bcb494

#8

Updated by Anja Leichsenring over 5 years ago

  • Status changed from Needs Feedback to Accepted

verified, the problem exists and can be reproduced by editing any be_users record, while not touching the password field. Changing any other field and saving the data leads to a changed PW containing only asteriks.

#9

Updated by Jan Helke over 5 years ago

Jepp. I can confirm this issue. List view -> show Table -> show password column -> click on the pencil -> change on password -> save
All other passwords are now ** (eight asterisks)

#10

Updated by Anja Leichsenring over 5 years ago

the same is by the way true for Frontend User Records, and so it will be for every password field around, that has renderType 'rsaInput' defined.

#11

Updated by Gerrit Code Review over 5 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43581

#12

Updated by Gerrit Code Review over 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43581

#13

Updated by Nicole Cordes over 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#14

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF