Bug #88037

Frontend login ignores defined storage pid

Added by Bernhard Eckl 6 months ago. Updated 26 days ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2019-03-29
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
7.0
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I have a login form where only users should be able to login which are stored in a certain folder. I have defined storage pid (via typoscript setup, constants and content element settings), but users in another folder are still able log in.

Edit:
I’m not sure, but I think it could be a problem of ig_ldap_sso_auth extension and not the core. As a workaround in my case I have set lockToDomain in the user accounts.

History

#1 Updated by Bernhard Eckl 6 months ago

  • Description updated (diff)

#5 Updated by Riccardo De Contardi 26 days ago

  • Status changed from New to Needs Feedback

@Bernhard Eckl is this still reproducible? i tried to reproduce it on 9.5.9 with the following test:

Setup

  1. Create a "Users 1" Sysfolder
    1. Create in it a "users1" fe usergroup
    2. Create in it a "user1" fe user with assigned group "users1"
  2. Create a "Users 2" Sysfolder
    1. Create in it a "users2" fe usergroup
    2. Create in it a "user2" fe user with assigned group "users2"
  3. on the Home page (or another page) create a felogin content element
    1. Edit it and assign to it (User Storage Page) the "Users 1" sysfolder

Test

  1. Navigate to the page with the login form
    1. Try to enter with the "user1" user --> result: login is successful
    2. Try to enter with the "user2" user --> result: login failed

so I think it is not reproducible.

Note:

I also tried with both setting the constant styles.content.loginform.pid and setting the TS Setup plugin.tx_felogin_pi1.storagePid as the ID of "Users 1" Sysfolder, but the results are the same.

Is there something I missed? Thank you for your reply.

Also available in: Atom PDF