Feature #86354
closed
Redevelop/improve function: notification on BE user login
0%
Description
Summary
The function "Notify me by email when somebody logs in from my account" comes with a number of downsides. Therefore, I suggest to replace it with an improved variation in TYPO3 v10. This requires to deprecate the existing function.
Background
If you set this option you will receive an email from TYPO3 each time you (or "someone") logs in using your username. You might like to receive such a "warning" as a security measure so you will know if someone else picks up your password and uses your account. (quote from the CSH of this function).
Current State
When a user successfully logs in to the backend of TYPO3, and the feature has been activated and an email address provided by this user before, an email is generated and sent to this user.
This is triggered in TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin(), and implemented in method emailAtLogin():
// Trigger an email to the current BE user, if this has been enabled in the user configuration
if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'], '@')) {
/** @var $mail \TYPO3\CMS\Core\Mail\MailMessage */
$mail = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Mail\MailMessage::class);
$mail->setTo($this->user['email'])->setSubject($subject)->setBody($msg);
$mail->send();
}
The email sent is a simple text-based email with some very basic information only.
Subject: At "<sitename>" from <remote address> User "<username>" logged in from <remote address> at "<sitename>" (<http host>)
Issues
- The email is not customizable by the site administrator.
- The email can not be styled (not an HTML email), e.g. TYPO3 or company logo added.
- The email body is in English only (not the language of the user's BE settings for example).
- The information
<remote address>does not take proxy server into account (e.g. the HTTPX-FORWARDED-FORheader, if present). - The information
<http host>is sometimes empty (depending on the server setup), which results in "()" in the subject. - maybe more...
Possible Approach
A hook has been introduced in feature #83529, that is triggered at the same event (successful BE user login). This allows us to get rid of the existing functionality in class TYPO3\CMS\Core\Authentication\BackendUserAuthentication and redevelop an improved feature to notify users via email as an third-party extension or system extension.
Target Version
- TYPO3 version 10
Updated by Michael Schams over 5 years ago
Notes from a conversation in Slack channel #typo3-cms-coredev.
- consider equip the current solution with a feature toggle so one can switch it off and use an alternative solution.
- consider to improve the core solution.
- do not "remove the existing solution without replacement".
- consider being conservative: improve what we have, without being overly much intrusive.
And:
- consider extracting this functionality into a custom extension and ship an upgrade wizard.
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review over 4 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review about 4 years ago
Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Gerrit Code Review about 4 years ago
Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62362
Updated by Benni Mack about 4 years ago
- Status changed from Under Review to Accepted
Lets get fluid emails in first, and then work on your specifics separately.
Updated by Susanne Moog over 1 year ago
- Sprint Focus set to On Location Sprint
Fluid email is now in the core, let's check what's missing for this issue.
Updated by Oliver Hader over 1 year ago
- Sprint Focus deleted (
On Location Sprint)
Updated by Christian Kuhn about 1 year ago
- Related to Feature #90266: Fluid-based templated emails added
Updated by Christian Kuhn about 1 year ago
- Status changed from Accepted to Closed
Fluid based email templating has been added. I hope it's ok to close here for now. Let's open a fresh issue in case something is missing on this case.