Feature #87726

Extend FrontendLoginController Hook to validate password

Added by Sascha Grötzner 3 months ago. Updated 16 days ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Start date:
2019-02-17
Due date:
% Done:

100%

Estimated time:
1.00 h
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Current there is no possibility to validate new Passwords from "forgot Passwort" with a Hook.
I would like to add a validation Hook to check the Password with my own validator Hook.
This is possible with only a small change within the "password_changed"-Hook:
-Add a "hookPasswordValid" variable
-When "hookPasswordValid" is not valid -> don`t change the password and do the exisiting "not done" way.
The Patch is included.

...

// Hash password using configured salted passwords hash mechanism for FE
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
$newPass = $hashInstance->getHashedPassword($postData['password1']);

// Call a hook for further password processing
if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
    $_params = [
        'user' => $user,
        'newPassword' => $newPass,
        'newPasswordUnencrypted' => $postData['password1'],
        'passwordValid' => TRUE
    ];
    foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
        if ($_funcRef) {
            GeneralUtility::callUserFunction($_funcRef, $_params, $this);
        }
    }
    $newPass = $_params['newPassword'];
    $hookPasswordValid = $_params['passwordValid'];
}
else {
    $hookPasswordValid = TRUE;
}

// Change Password only if Hook returns valid
if ($hookPasswordValid) {
    // Save new password and clear DB-hash

...

diff.patch View - Patch FrontendLoginController.php (4.6 KB) Sascha Grötzner, 2019-02-17 11:46


Related issues

Related to TYPO3 Core - Bug #66459: feuser has no validation settings on password apart of minLength New 2015-04-16

Associated revisions

Revision 23218f6a (diff)
Added by Sascha Grötzner 3 months ago

[FEATURE] Enable validation of password via hooks during password
changes

Add a new $_param variable "passwordValid" and
"passwordInvalidMessage" process via Hook.
In the Hook to can do your own validation or other stuff and
set "passwordValid" to false an generate a Message to
"passwordInvalidMessage".
If $hookPasswordValid is false then the password is not set
in DB and the script runs its normal way. (it will redirect
to the PasswordChange Form an prints the
"passwordInvalidMessage")

Resolves: #87726
Releases: master
Change-Id: I89f37e7c5036254b40aa4fffe65a4e6cf2cc213f
Reviewed-on: https://review.typo3.org/c/59714
Tested-by: TYPO3com <>
Tested-by: Susanne Moog <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Susanne Moog <>
Reviewed-by: Anja Leichsenring <>

Revision e2893d80 (diff)
Added by Stephan Großberndt about 1 month ago

[TASK] Add missing fe_login hooks to docs

Add the missing documentation of the hooks

  • `password_changed` added in TYPO3 4.3
  • `login_error` added in TYPO3 6.0

Releases: master, 9.5, 8.7
Resolves: #88131
Related: #87726, #29698
Change-Id: I0dc875a399da58e13b15225e173392565c64bb03
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60443
Tested-by: TYPO3com <>
Tested-by: Julian Geils <>
Tested-by: Steffen Frese <>
Tested-by: Tobi Kretschmann <>
Reviewed-by: Julian Geils <>
Reviewed-by: Steffen Frese <>
Reviewed-by: Tobi Kretschmann <>

Revision 676d5f72 (diff)
Added by Stephan Großberndt about 1 month ago

[TASK] Add missing fe_login hooks to docs

Add the missing documentation of the hooks

  • `password_changed` added in TYPO3 4.3
  • `login_error` added in TYPO3 6.0

Releases: master, 9.5, 8.7
Resolves: #88131
Related: #87726, #29698
Change-Id: I0dc875a399da58e13b15225e173392565c64bb03
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60486
Tested-by: TYPO3com <>
Tested-by: Tobi Kretschmann <>
Reviewed-by: Tobi Kretschmann <>

Revision cf623c4e (diff)
Added by Stephan Großberndt about 1 month ago

[TASK] Add missing fe_login hooks to docs

Add the missing documentation of the hooks

  • `password_changed` added in TYPO3 4.3
  • `login_error` added in TYPO3 6.0

Releases: master, 9.5, 8.7
Resolves: #88131
Related: #87726, #29698
Change-Id: I0dc875a399da58e13b15225e173392565c64bb03
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60527
Tested-by: Stephan Großberndt <>
Tested-by: Tobi Kretschmann <>
Tested-by: TYPO3com <>
Reviewed-by: Stephan Großberndt <>
Reviewed-by: Tobi Kretschmann <>

History

#1 Updated by Gerrit Code Review 3 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#2 Updated by Gerrit Code Review 3 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#3 Updated by Gerrit Code Review 3 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#4 Updated by Gerrit Code Review 3 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#5 Updated by Sascha Grötzner 3 months ago

  • Status changed from Under Review to Resolved

#6 Updated by Stephan Großberndt about 1 month ago

  • Related to Bug #66459: feuser has no validation settings on password apart of minLength added

#7 Updated by Benni Mack 16 days ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF