Bug #79714

Saving a backend user record without touching the password field, sets the password to '*********'

Added by Helmut Hummel over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
Start date:
2017-02-09
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:
Stabilization Sprint

Description

To repoduce:

  1. Go to list module on page 0
  2. open a backend user record and save
  3. log out

Expected result

It is not possible to log in with password *********

Actual result

It is possible to log in with password *********


Related issues

Related to TYPO3 Core - Feature #79440: FormEngine element level refactoringClosed2017-01-24

Actions
Related to TYPO3 Core - Bug #79576: master: Password fields in Backend show data (not marked as type="password")ClosedChristian Kuhn2017-02-01

Actions
Has duplicate TYPO3 Core - Bug #79875: Editing fe_users or be_users changes passwordClosed2017-02-17

Actions
Has duplicate TYPO3 Core - Bug #79876: felogin: Authentication issue, password will be rehashed after saving user dataClosed2017-02-17

Actions
#1

Updated by Jan Helke over 4 years ago

  • Target version set to 8 LTS
#2

Updated by Gerrit Code Review over 4 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

#3

Updated by Tabea David over 4 years ago

Using the patch the password field seems to be empty (empty input field), even though a password has been set.
Could you please make sure that it's not possible to login with a disabled user (counts for all properties in tab Access: disabled, starttime, endtime). At the moment if I disable an user, the user is still able to login.

Thanks!

#4

Updated by Joerg Kummer over 4 years ago

Can not confirm what Tabea David mentioned about possible to login ... if user is disabled.

#5

Updated by Jasmina Ließmann over 4 years ago

I can not confirm this behavior either. The patch works.
If the user is disabled or time-limited, the login does not work for this user.

#6

Updated by Tabea David over 4 years ago

  • File screencast.mp4 added

Thanks for your feedback. What am I doing wrong? I set up a fresh installation and be able to reproduce this behaviour.
This installation has no additional settings, just 1 fe_group, 1 fe_user, 1 content element "Login".
The Setup looks like this:

page = PAGE
page.10 < styles.content.get

Include static: fluid_styled_content

I added a short screencast, maybe someone has an idea what's missing.

#7

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

#8

Updated by Gerrit Code Review over 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

#9

Updated by Mads Lønne Jensen over 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#10

Updated by Helmut Hummel over 4 years ago

Tabea David wrote:

What am I doing wrong?

Nothing. A fix for that (different) issue will follow shortly

#11

Updated by Alexander Grein over 4 years ago

Is there already an issue for the second problem?
As far I found out, the enable fields in the auth service will be ignored.
Its also possible to login with a user marked as deleted, not "only" disabled!

#12

Updated by Gerrit Code Review over 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

#13

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

#14

Updated by Gerrit Code Review over 4 years ago

Patch set 3 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

#15

Updated by Gerrit Code Review over 4 years ago

Patch set 4 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

#16

Updated by Tabea David over 4 years ago

  • File deleted (screencast.mp4)
#17

Updated by Mads Lønne Jensen over 4 years ago

  • Status changed from Under Review to Resolved
#18

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF