Bug #87349

FELogin - password recovery / forgot link

Added by Benjamin Reinisch 15 days ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2019-01-07
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The password forgot link is not correctly generated, the url contains the following GET params:

http://test.domain/navigationen/login?tx_felogin_pi1%5Bforgothash%5D=1546897690%7C4e485fd92fe2beebebf2f3b244e94371&tx_felogin_pi1%5Buser%5D=123&cHash=6de0887c9d906f020ca766f7c8067c03

tx_felogin_pi1%5Bforgothash%5D: 1546897690|4e485fd92fe2beebebf2f3b244e94371
tx_felogin_pi1%5Buser%5D: 123
cHash: 6de0887c9d906f020ca766f7c8067c03

Therefore sysext/felogin/Classes/Controller/FrontendLoginController.php:181 is never reached:

177: // What to display
178:        $content = '';
179:        if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
180:            $content .= $this->showForgot();
181:        } elseif ($this->piVars['forgothash']) {
182:            $content .= $this->changePassword();
183:        } else {
184:            if ($this->userIsLoggedIn && !$this->logintype) {
185:                $content .= $this->showLogout();
186:            } else {
187:                $content .= $this->showLogin();
188:            }
189:        }

If I modify it, so the url gets correctly encoded, then the chash comparison fails.

Also available in: Atom PDF