Project

General

Profile

Actions
Copy link

Bug #73673

closed

Service chaining impossible with SaltedPasswordService

Added by Robert Schulze over 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2016-02-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

It is impossible to have the following scenario with chained authentication services:

  • there are two services:
    • SaltedPasswordService (priority: 70, subtypes: authUser*,..)
    • AnotherCustomAuthenticationService (priority: 55, subtypes: authUser*,...)
  • there is a user xy
    • the user will not be authenticated by the SaltedPasswordService
    • the user will successfully authenticated by the AnotherCustomAuthenticationService

The authUser method from the SaltedPasswordService will return 0 because it was not able to authenticate the user. Instead it should return 100 and leave it up to the next chained authentication service registered for the same subtype authUser*.

Files

custom_auth_1.0.0_201603061358.zip (4.05 KB) custom_auth_1.0.0_201603061358.zip Jonas Götze, 2016-03-06 14:06

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #22030: Authentication Bypass in frontend user authentication (sysext:saltedpasswords)ClosedMarcus Krause2010-01-30

Actions
Actions
Copy link

Also available in: Atom PDF