Project

General

Profile

Actions

Bug #93869

closed

Password is changed even if validation fails

Added by Xavier Perseguers about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
Start date:
2020-11-11
Due date:
2020-11-11
% Done:

100%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

  1. Click the link to ask to reset your password (FE)
  2. When getting the email, click the reset link
  3. By default a new password must be at least 8 characters, enter "TEST" twice as new password
  4. Submit

Internally the validation fails but the password is changed to "TEST" nevertheless :(


Related issues 1 (0 open1 closed)

Follows TYPO3 Core - Task #92815: Introduce ForwardResponse for extbaseClosedAlexander Schnitzler2020-11-10

Actions
Actions #1

Updated by Xavier Perseguers about 3 years ago

Within method public function initializeChangePasswordAction(), this has no effect, it goes on with the same original request:

        if ($originalResult->hasErrors()) {
            return (new ForwardResponse('showChangePassword'))
                ->withControllerName('PasswordRecovery')
                ->withExtensionName('felogin')
                ->withArguments(['hash' => $this->request->getArgument('hash')]);
        }
Actions #2

Updated by Xavier Perseguers about 3 years ago

  • Due date set to 2020-11-11
  • Start date changed from 2021-04-07 to 2020-11-11
  • Follows Task #92815: Introduce ForwardResponse for extbase added
Actions #3

Updated by Xavier Perseguers about 3 years ago

This seems to stem from returning a PSR7 response in an initialisation where a void is actually expected (BTW the whole patch changed the method signature to return PSR7 response but without adapting the PHP comment to show that it returns something).

Problem: when using the previous ->forward() method, a StopActionException was thrown, now this is not the case anymore, a response is returned but not used at all, and the flow continues silently to the original request.

Actions #4

Updated by Gerrit Code Review about 3 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68720

Actions #5

Updated by Gerrit Code Review about 3 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68720

Actions #6

Updated by Gerrit Code Review almost 3 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #7

Updated by Torben Hansen almost 3 years ago

I pushed a new, alternative patch for this issue. From my point of view, the PasswordRecoveryController has some areas for improvement, since the process of validating the hash parameter or the new password is not really implemented "the Extbase way" and should be refactored as validators to get rid of manually adding errors to the Extbase request.

I also think, that initialize*Actions should not be able to handle a possible response object, since checks and forwards can be implemented in the controller action, which in v11 expects a PSR-7 response to be returned.

The new patch fixes the broken behaviour introduces in #92815 and can be the first of a series of patches to improve PasswordRecoveryController.

Actions #8

Updated by Gerrit Code Review almost 3 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #9

Updated by Gerrit Code Review almost 3 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #10

Updated by Gerrit Code Review almost 3 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #11

Updated by Gerrit Code Review almost 3 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #12

Updated by Gerrit Code Review almost 3 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #13

Updated by Gerrit Code Review almost 3 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69677

Actions #14

Updated by Torben Hansen almost 3 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #15

Updated by Benni Mack almost 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF