Epic #85026: Merge ext:saltedpasswords into core
Drop salted passwords configuration options
[TASK] Drop salted passwords configuration options
In order to prepare the saltedpasswords extension to be implemented
as a library into the core directly, a series of configuration
options is dropped from the extension:
- FE.forceSalted & BE.forceSalted (default 0)
Setting this to 1 disabled upgrading non-salted user password
to salted passwords and denied login. The option is dropped, but
only passwords that have been upgraded from simple md5 or plaintext
in v8 are allowed to login and will get their password upgraded.
- FE.updatePasswd & BE.updatePasswd (default 1)
Setting this to 0 disabled upgrading one salted password to
another. This is dropped: Passwords will now always be upgraded
to the currently configured hash algorithm if the currently used
algorithm does no match the configured one.
- FE.onlyAuthService & BE.onlyAuthService (default 0)
Setting this to 1 allowed stopping the authentication chain if
the salted passwords did not verify a password. This setting is
pretty useless since it can be expected that any sane authentication
provider kicks in before the native salted passwords authentication.
We found not a single usage of that flag in TER.
- checkConfigurationFE & checkConfigurationFE2
& checkConfigurationBE & checkConfigurationBE2
These configuration user function have been responsible to check
various combinations of valid and invalid salted passwords
combinations. This is obsolete with removing the other options and the
deprecated rsaauth extension. An install tool preset for sane options
and according warnings will be set up to establish better usability
from an administrator point of view as soon as this patch is done.
The only option left is the main "saltedPWHashingMethod". This will
be transferred to an install tool preset including best option selection
during installation in a next step.
Tested-by: TYPO3com <email@example.com>
Reviewed-by: Markus Klein <firstname.lastname@example.org>
Tested-by: Markus Klein <email@example.com>
Reviewed-by: Andreas Fernandez <firstname.lastname@example.org>
Tested-by: Andreas Fernandez <email@example.com>