FE-Login for spaced-passwords
We use TYPO3 with a LDAP-Auth extension. There are users with spaced-passwords (whitespaces at the beginning/ending of the password). These users can't authenticate via FE-Login. TYPO3 is the only system which causes problems with that.
We found the following at the TYPO3-Core:
The getLoginFormData-Function from AbstractUserAuthentication Class in file typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php:1296 (TYPO7.6.10) will TRIM all spaces from the loginData, including the password at uident and uident_text.
One needs to skip the TRIM for "uident" / "uident_text", so spaced-password-users can authenticate.
Similar, but not the same Issue: https://forge.typo3.org/issues/67699
#1 Updated by Arne Uplegger over 3 years ago
IMHO it isn't a good idea to trim these fields to prevent a possible copy&paste error. A valid ASCII-Character becomes invalid that way and can't be used as the special character in a password, which happens a lot more than we thought in our institution and currently TYPO3 is the only application which does not support this character in the password.
How about a global config option, so that the webmaster/admins can activate a trim, if they absolutely need this function?