Project

General

Profile

Actions
Copy link

Bug #77715

closed

FE-Login for spaced-passwords

Added by Arne Uplegger over 7 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2016-08-31
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

We use TYPO3 with a LDAP-Auth extension. There are users with spaced-passwords (whitespaces at the beginning/ending of the password). These users can't authenticate via FE-Login. TYPO3 is the only system which causes problems with that.

We found the following at the TYPO3-Core:
The getLoginFormData-Function from AbstractUserAuthentication Class in file typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php:1296 (TYPO7.6.10) will TRIM all spaces from the loginData, including the password at uident and uident_text.

One needs to skip the TRIM for "uident" / "uident_text", so spaced-password-users can authenticate.

Similar, but not the same Issue: https://forge.typo3.org/issues/67699

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #67699: Inconsistence in allowing spaces in passwordsClosedDaniel Goerz2015-06-23

Actions
Related to TYPO3 Core - Task #64229: Trim submitted login-form-data before usageClosed2015-01-10

Actions
Related to TYPO3 Core - Epic #84262: [FEATURE] Update felogin to extbaseClosedHenning Liebe2013-08-16

Actions
Actions
Copy link
 #1

Updated by Arne Uplegger over 7 years ago

IMHO it isn't a good idea to trim these fields to prevent a possible copy&paste error. A valid ASCII-Character becomes invalid that way and can't be used as the special character in a password, which happens a lot more than we thought in our institution and currently TYPO3 is the only application which does not support this character in the password.

How about a global config option, so that the webmaster/admins can activate a trim, if they absolutely need this function?

Actions
Copy link
 #2

Updated by Riccardo De Contardi over 5 years ago

  • Related to Epic #84262: [FEATURE] Update felogin to extbase added
Actions
Copy link
 #3

Updated by Gerrit Code Review about 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63925

Actions
Copy link
 #4

Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63925

Actions
Copy link
 #5

Updated by Gerrit Code Review about 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63925

Actions
Copy link
 #6

Updated by Benni Mack about 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #7

Updated by Benni Mack about 4 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF