Feature #87726

Extend FrontendLoginController Hook to validate password

Added by Sascha Grötzner about 1 month ago. Updated 26 days ago.

Status:
Resolved
Priority:
Should have
Assignee:
-
Category:
felogin
Start date:
2019-02-17
Due date:
% Done:

100%

Estimated time:
1.00 h
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Current there is no possibility to validate new Passwords from "forgot Passwort" with a Hook.
I would like to add a validation Hook to check the Password with my own validator Hook.
This is possible with only a small change within the "password_changed"-Hook:
-Add a "hookPasswordValid" variable
-When "hookPasswordValid" is not valid -> don`t change the password and do the exisiting "not done" way.
The Patch is included.

...

// Hash password using configured salted passwords hash mechanism for FE
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
$newPass = $hashInstance->getHashedPassword($postData['password1']);

// Call a hook for further password processing
if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
    $_params = [
        'user' => $user,
        'newPassword' => $newPass,
        'newPasswordUnencrypted' => $postData['password1'],
        'passwordValid' => TRUE
    ];
    foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
        if ($_funcRef) {
            GeneralUtility::callUserFunction($_funcRef, $_params, $this);
        }
    }
    $newPass = $_params['newPassword'];
    $hookPasswordValid = $_params['passwordValid'];
}
else {
    $hookPasswordValid = TRUE;
}

// Change Password only if Hook returns valid
if ($hookPasswordValid) {
    // Save new password and clear DB-hash

...

diff.patch View - Patch FrontendLoginController.php (4.6 KB) Sascha Grötzner, 2019-02-17 11:46

Associated revisions

Revision 23218f6a (diff)
Added by Sascha Grötzner 26 days ago

[FEATURE] Enable validation of password via hooks during password
changes

Add a new $_param variable "passwordValid" and
"passwordInvalidMessage" process via Hook.
In the Hook to can do your own validation or other stuff and
set "passwordValid" to false an generate a Message to
"passwordInvalidMessage".
If $hookPasswordValid is false then the password is not set
in DB and the script runs its normal way. (it will redirect
to the PasswordChange Form an prints the
"passwordInvalidMessage")

Resolves: #87726
Releases: master
Change-Id: I89f37e7c5036254b40aa4fffe65a4e6cf2cc213f
Reviewed-on: https://review.typo3.org/c/59714
Tested-by: TYPO3com <>
Tested-by: Susanne Moog <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Susanne Moog <>
Reviewed-by: Anja Leichsenring <>

History

#1 Updated by Gerrit Code Review about 1 month ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#2 Updated by Gerrit Code Review about 1 month ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#3 Updated by Gerrit Code Review about 1 month ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#4 Updated by Gerrit Code Review about 1 month ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59714

#5 Updated by Sascha Grötzner 26 days ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF