Bug #79714: Saving a backend user record without touching the password field, sets the password to '*********' - TYPO3 Core - TYPO3 Forge

Custom queries

12 LTS
Accessibility
Dashboard issues
Easy tasks
Extbase Issues
FAL Issues
FAL Sprint 2023
Hierarchical Issues
Issues reported for v11
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
Most wanted Bugfixes
Most wanted Features
My open issues
New & Unassigned
No feedback within 90 days
Open Bugs
Open issues of 10
Page Tree Regressions after 2020-07-28
Recently modified
Regressions
Stabilization Issues
Usability or UX

Watchers (2)

Alexander Grein
Tabea David

Actions

Copy link

Bug #79714

closed

Saving a backend user record without touching the password field, sets the password to '*********'

Added by Helmut Hummel about 7 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Category:

Target version:

8 LTS

Start date:

2017-02-09

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

7.0

Tags:

Complexity:

Is Regression:

Yes

Sprint Focus:

Stabilization Sprint

Description

To repoduce:

Go to list module on page 0
open a backend user record and save
log out

Expected result¶

It is not possible to log in with password *********

Actual result¶

It is possible to log in with password *********

Related issues 4 (0 open — 4 closed)

Related to TYPO3 Core - Feature #79440: FormEngine element level refactoring

Closed

2017-01-24

Actions

Related to TYPO3 Core - Bug #79576: master: Password fields in Backend show data (not marked as type="password")

Closed

Christian Kuhn

2017-02-01

Actions

Has duplicate TYPO3 Core - Bug #79875: Editing fe_users or be_users changes password

Closed

2017-02-17

Actions

Has duplicate TYPO3 Core - Bug #79876: felogin: Authentication issue, password will be rehashed after saving user data

Closed

2017-02-17

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jan Helke about 7 years ago

Target version set to 8 LTS

Actions

Copy link

Updated by Gerrit Code Review about 7 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

Actions

Copy link

Updated by Tabea David about 7 years ago

Using the patch the password field seems to be empty (empty input field), even though a password has been set.
Could you please make sure that it's not possible to login with a disabled user (counts for all properties in tab Access: disabled, starttime, endtime). At the moment if I disable an user, the user is still able to login.

Thanks!

Actions

Copy link

Updated by Joerg Kummer about 7 years ago

Can not confirm what Tabea David mentioned about possible to login ... if user is disabled.

Actions

Copy link

Updated by Jasmina Ließmann about 7 years ago

I can not confirm this behavior either. The patch works.
If the user is disabled or time-limited, the login does not work for this user.

Actions

Copy link

Updated by Tabea David about 7 years ago

File screencast.mp4 added

Thanks for your feedback. What am I doing wrong? I set up a fresh installation and be able to reproduce this behaviour.
This installation has no additional settings, just 1 fe_group, 1 fe_user, 1 content element "Login".
The Setup looks like this:

page = PAGE
page.10 < styles.content.get

Include static: fluid_styled_content

I added a short screencast, maybe someone has an idea what's missing.

Actions

Copy link

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

Actions

Copy link

Updated by Gerrit Code Review about 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51829

Actions

Copy link

Updated by Mads Lønne Jensen about 7 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset e36479d759742f905eb223926375c745988777ba.

Actions

Copy link

#10

Updated by Helmut Hummel about 7 years ago

Tabea David wrote:

What am I doing wrong?

Nothing. A fix for that (different) issue will follow shortly

Actions

Copy link

#11

Updated by Alexander Grein about 7 years ago

Is there already an issue for the second problem?
As far I found out, the enable fields in the auth service will be ignored.
Its also possible to login with a user marked as deleted, not "only" disabled!

Actions

Copy link

#12

Updated by Gerrit Code Review about 7 years ago

Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

Actions

Copy link

#13

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

Actions

Copy link

#14

Updated by Gerrit Code Review about 7 years ago

Patch set 3 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

Actions

Copy link

#15

Updated by Gerrit Code Review about 7 years ago

Patch set 4 for branch TYPO3_8-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51887

Actions

Copy link

#16