Actions
Feature #87726
closed
Extend FrontendLoginController Hook to validate password
Start date:
2019-02-17
Due date:
% Done:
100%
Estimated time:
1.00 h
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:
Description
Current there is no possibility to validate new Passwords from "forgot Passwort" with a Hook.
I would like to add a validation Hook to check the Password with my own validator Hook.
This is possible with only a small change within the "password_changed"-Hook:
-Add a "hookPasswordValid" variable
-When "hookPasswordValid" is not valid -> don`t change the password and do the exisiting "not done" way.
The Patch is included.
...
// Hash password using configured salted passwords hash mechanism for FE
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
$newPass = $hashInstance->getHashedPassword($postData['password1']);
// Call a hook for further password processing
if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
$_params = [
'user' => $user,
'newPassword' => $newPass,
'newPasswordUnencrypted' => $postData['password1'],
'passwordValid' => TRUE
];
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
if ($_funcRef) {
GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
}
$newPass = $_params['newPassword'];
$hookPasswordValid = $_params['passwordValid'];
}
else {
$hookPasswordValid = TRUE;
}
// Change Password only if Hook returns valid
if ($hookPasswordValid) {
// Save new password and clear DB-hash
...
Files
Updated by 
Updated by 
Updated by 
Updated by
Actions