Task #85761

Epic #85026: Merge ext:saltedpasswords into core

Merge salted passwords auth service into default service

Added by Christian Kuhn over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2018-08-05
Due date:
% Done:

100%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Sprint Focus:

Related issues

Related to TYPO3 Core - Bug #85776: Domain lock does not work anymore Closed 2018-08-07

Associated revisions

Revision 01dbe261 (diff)
Added by Christian Kuhn over 1 year ago

[!!!][TASK] Merge salted passwords auth service into default service

The patch merges the default 'authUserBE' and 'authUserFE' authentication
service of extension saltedpasswords on priority 70 into the default
authentication service of the core on priority 50.

The now unused SaltedPasswordService is deprecated with this class.
Last inactive ways for authentication against stored plain text
passwords are removed.

While this is in almost all cases not a problem for existing instances
when upgrading, an edge case when this may lead to a security relevant
breaking change is described in a changelog file.

The new 'authUser' of the default core authentication method is
rewritten and carefully crafted to be much easier to understand, much
more defensive, better documented and tested.

Change-Id: Ie21e891b6f8b5ceed694b412f933ad6435240ff9
Resolves: #85761
Releases: master
Reviewed-on: https://review.typo3.org/57759
Reviewed-by: Markus Klein <>
Tested-by: TYPO3com <>
Tested-by: Markus Klein <>
Reviewed-by: Anja Leichsenring <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>

Revision 4827431d (diff)
Added by Markus Klein over 1 year ago

[BUGFIX] Use correct server variable for domain lock evaluation

Patch https://review.typo3.org/57759 introduced a regression by using
REMOTE_HOST instead of HTTP_HOST for matching an authenticating user
against a configured domain lock.

Resolves: #85776
Related: #85761
Releases: master
Change-Id: I1d0087fa0c86506fedccba83fa83502963bd5f6f
Reviewed-on: https://review.typo3.org/57833
Tested-by: TYPO3com <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>
Reviewed-by: Andreas Fernandez <>
Tested-by: Andreas Fernandez <>

History

#1 Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#2 Updated by Gerrit Code Review over 1 year ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#3 Updated by Gerrit Code Review over 1 year ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#4 Updated by Gerrit Code Review over 1 year ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#5 Updated by Gerrit Code Review over 1 year ago

Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#6 Updated by Gerrit Code Review over 1 year ago

Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57759

#7 Updated by Christian Kuhn over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#8 Updated by Markus Klein over 1 year ago

  • Related to Bug #85776: Domain lock does not work anymore added

#9 Updated by Christian Kuhn over 1 year ago

  • Parent task set to #85026

#10 Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF