Epic #85026

Merge ext:saltedpasswords into core

Added by Christian Kuhn over 1 year ago. Updated 11 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2018-05-16
Due date:
% Done:

100%

Sprint Focus:

Description

The saltedpasswords extension is mandatory since 6.2. Extension core has a dependency to saltedpasswords, a working TYPO3 core can't be achieved without having ext:saltedpasswords next to it. With ext:core being the most basic TYPO3 framework extension, it does not make much sense to have a second extension that is needed by ext:core.

Goal of this epic is to modernise ext:saltedpasswords and getting its main salt classes merged into ext:core as a set of framework classes for salted password handling and storage within the core extension directly.


Subtasks

Task #85022: Remove saltedpasswords bulk update taskClosed

Task #85027: Remove saltedpasswords FE.enabledClosed

Task #85683: Drop salted passwords configuration optionsClosed

Task #85698: Add TCA 'saltedPassword' eval to type=inputClosed

Task #85703: Merge saltedpasswords felogin hook into feloginClosed

Task #85761: Merge salted passwords auth service into default serviceClosed

Task #85796: Refactor SaltFactoryClosed

Task #85804: Password hash configuration as presetClosed

Task #85833: Merge salted passwords extension into coreClosed


Related issues

Related to TYPO3 Core - Bug #83760: default hashing method of saltedpasswords outdated Closed 2018-02-02

Associated revisions

Revision 12f69be4 (diff)
Added by Christian Kuhn over 1 year ago

[TASK] Remove saltedpasswords FE.enabled

Manually configuring clear-text password storage in TYPO3 for
frontend users by explicitly setting the ext:saltedpasswords
extension configuration "FE.enabled = 0" has been a bad idea
for a very long time already. The feature has been dropped
for backend users in core v6.2 and is now finally dropped
for frontend users with this patch, too.
No third party service must rely on clear-text password storing
in 2018 anymore, the TYPO3 authentication services provide
an API to process credentials upon user login for authentication
and authorisation purposes.

Resolves: #85027
Related: #85026
Releases: master
Change-Id: I600f598e969ac99a83f3b57362b251b48116fd58
Reviewed-on: https://review.typo3.org/56979
Reviewed-by: Anja Leichsenring <>
Tested-by: Anja Leichsenring <>
Tested-by: TYPO3com <>
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>

Revision 8fe2daad (diff)
Added by Christian Kuhn about 1 year ago

[TASK] Merge EXT:saltedpasswords into EXT:core

Move all classes and other resources from EXT:saltedpasswords to
EXT:core.

Classes live in TYPO3\CMS\Core\Crypto\PasswordHashing. This namespace
will be clean in v10 when the classes that are currently only kept for
backwards compatibility are removed.

The documentation has been integrated into the "Core API" docs at
https://docs.typo3.org/typo3cms/CoreApiReference/stable/ApiOverview/PasswordHashing/

Resolves: #85833
Resolves: #85026
Releases: master
Change-Id: Ie6ac7fbf215fe61711f0acdd6dc5a318bce1ad35
Reviewed-on: https://review.typo3.org/57885
Reviewed-by: Stephan GroƟberndt <>
Tested-by: TYPO3com <>
Reviewed-by: Benni Mack <>
Tested-by: Benni Mack <>
Reviewed-by: Georg Ringer <>
Tested-by: Georg Ringer <>

History

#1 Updated by Christian Kuhn over 1 year ago

  • Description updated (diff)

#2 Updated by Christian Kuhn about 1 year ago

  • Related to Bug #83760: default hashing method of saltedpasswords outdated added

#3 Updated by Gerrit Code Review about 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#4 Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#5 Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#6 Updated by Gerrit Code Review about 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#7 Updated by Gerrit Code Review about 1 year ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#8 Updated by Gerrit Code Review about 1 year ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#9 Updated by Gerrit Code Review about 1 year ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#10 Updated by Gerrit Code Review about 1 year ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#11 Updated by Gerrit Code Review about 1 year ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#12 Updated by Gerrit Code Review about 1 year ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#13 Updated by Gerrit Code Review about 1 year ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#14 Updated by Gerrit Code Review about 1 year ago

Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57885

#15 Updated by Christian Kuhn about 1 year ago

  • Status changed from Under Review to Resolved

#16 Updated by Benni Mack 11 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF