Feature #87726

Extend FrontendLoginController Hook to validate password

Added by Sascha Grötzner almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Start date:
2019-02-17
Due date:
% Done:

100%

Estimated time:
1.00 h
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Current there is no possibility to validate new Passwords from "forgot Passwort" with a Hook.
I would like to add a validation Hook to check the Password with my own validator Hook.
This is possible with only a small change within the "password_changed"-Hook:
-Add a "hookPasswordValid" variable
-When "hookPasswordValid" is not valid -> don`t change the password and do the exisiting "not done" way.
The Patch is included.

...

// Hash password using configured salted passwords hash mechanism for FE
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
$newPass = $hashInstance->getHashedPassword($postData['password1']);

// Call a hook for further password processing
if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
    $_params = [
        'user' => $user,
        'newPassword' => $newPass,
        'newPasswordUnencrypted' => $postData['password1'],
        'passwordValid' => TRUE
    ];
    foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
        if ($_funcRef) {
            GeneralUtility::callUserFunction($_funcRef, $_params, $this);
        }
    }
    $newPass = $_params['newPassword'];
    $hookPasswordValid = $_params['passwordValid'];
}
else {
    $hookPasswordValid = TRUE;
}

// Change Password only if Hook returns valid
if ($hookPasswordValid) {
    // Save new password and clear DB-hash

...


Files

diff.patch (4.6 KB) diff.patch Patch FrontendLoginController.php Sascha Grötzner, 2019-02-17 11:46

Related issues

Related to TYPO3 Core - Bug #66459: feuser has no validation settings on password apart of minLengthClosed2015-04-16

Actions
#1

Updated by Gerrit Code Review almost 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#2

Updated by Gerrit Code Review almost 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#3

Updated by Gerrit Code Review almost 2 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#4

Updated by Gerrit Code Review almost 2 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#5

Updated by Sascha Grötzner almost 2 years ago

  • Status changed from Under Review to Resolved
#6

Updated by Stephan Großberndt almost 2 years ago

  • Related to Bug #66459: feuser has no validation settings on password apart of minLength added
#7

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF