Task #85683

Epic #85026: Merge ext:saltedpasswords into core

Drop salted passwords configuration options

Added by Christian Kuhn 10 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2018-07-29
Due date:
% Done:

100%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Sprint Focus:

Associated revisions

Revision c2cb6fa9 (diff)
Added by Christian Kuhn 10 months ago

[TASK] Drop salted passwords configuration options

In order to prepare the saltedpasswords extension to be implemented
as a library into the core directly, a series of configuration
options is dropped from the extension:

  • FE.forceSalted & BE.forceSalted (default 0)
    Setting this to 1 disabled upgrading non-salted user password
    to salted passwords and denied login. The option is dropped, but
    only passwords that have been upgraded from simple md5 or plaintext
    in v8 are allowed to login and will get their password upgraded.
  • FE.updatePasswd & BE.updatePasswd (default 1)
    Setting this to 0 disabled upgrading one salted password to
    another. This is dropped: Passwords will now always be upgraded
    to the currently configured hash algorithm if the currently used
    algorithm does no match the configured one.
  • FE.onlyAuthService & BE.onlyAuthService (default 0)
    Setting this to 1 allowed stopping the authentication chain if
    the salted passwords did not verify a password. This setting is
    pretty useless since it can be expected that any sane authentication
    provider kicks in before the native salted passwords authentication.
    We found not a single usage of that flag in TER.
  • checkConfigurationFE & checkConfigurationFE2
    & checkConfigurationBE & checkConfigurationBE2
    These configuration user function have been responsible to check
    various combinations of valid and invalid salted passwords
    combinations. This is obsolete with removing the other options and the
    deprecated rsaauth extension. An install tool preset for sane options
    and according warnings will be set up to establish better usability
    from an administrator point of view as soon as this patch is done.

The only option left is the main "saltedPWHashingMethod". This will
be transferred to an install tool preset including best option selection
during installation in a next step.

Resolves: #85683
Releases: master
Change-Id: I7e8150ba9bc8b36f59d08ca5cadeb547e1301f67
Reviewed-on: https://review.typo3.org/57725
Tested-by: TYPO3com <>
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>
Reviewed-by: Andreas Fernandez <>
Tested-by: Andreas Fernandez <>

History

#1 Updated by Gerrit Code Review 10 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#2 Updated by Gerrit Code Review 10 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#3 Updated by Gerrit Code Review 10 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#4 Updated by Gerrit Code Review 10 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#5 Updated by Gerrit Code Review 10 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#6 Updated by Gerrit Code Review 10 months ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#7 Updated by Gerrit Code Review 10 months ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#8 Updated by Gerrit Code Review 10 months ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57725

#9 Updated by Christian Kuhn 10 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#10 Updated by Christian Kuhn 10 months ago

  • Parent task set to #85026

#11 Updated by Benni Mack 8 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF