Project

General

Profile

Actions

Task #94246

closed

Reorganize sudo mode handling

Added by Oliver Hader over 3 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Start date:
2020-11-16
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

  • move to ext:backend for further adjustments
  • decouple from ext:install, use backend session instead
  • avoid mixing install tool global $_SESSION object with session handling of 3rd party authentication services
  • introduce generic demand handling interfaces
  • add sudo mode declaration for backend routes

Subtasks 2 (0 open2 closed)

Task #92858: Extend Sudo Mode to Extension ManagerClosedOliver Hader2020-11-16

Actions
Bug #92969: Sudo mode password prompt triggers "Password change" in password managerClosed2020-12-01

Actions

Related issues 5 (0 open5 closed)

Related to TYPO3 Core - Task #92836: Introduce Sudo Mode for Install ToolClosedOliver Hader2020-11-13

Actions
Related to TYPO3 Core - Task #100722: Fix AccessLifetime casesClosed2023-04-24

Actions
Related to TYPO3 Core - Bug #100780: Install tool opens without backend frame after login from backendClosed2023-04-29

Actions
Related to TYPO3 Core - Bug #93160: Add option to disable Install Tool Sudo Mode for developmentClosed2020-12-22

Actions
Related to TYPO3 Core - Task #104870: Drop @internal for sudo-mode AccessLifetimeClosed2024-09-09

Actions
Actions #1

Updated by Gerrit Code Review over 3 years ago

  • Status changed from New to Under Review

Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #2

Updated by Gerrit Code Review over 3 years ago

Patch set 3 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #3

Updated by Oliver Hader over 3 years ago

@startuml
actor User
boundary RequestHandlerGuard
boundary RouteDispatcher
control ConfirmationController
collections Bundle
entity PasswordConfirmation

User -> RouteDispatcher : request sensitive AnyComponent
RouteDispatcher -> Bundle : assert bundle for AnyComponent demand
Bundle -->x RequestHandlerGuard : throw ConfirmationRequiredException

RequestHandlerGuard -> Bundle : temporary persist bundle for demand
RequestHandlerGuard -> ConfirmationController : render confirmation form
ConfirmationController -> User : show confirmation form

User -> ConfirmationController : provide password confirmation
ConfirmationController -> PasswordConfirmation : verify password
PasswordConfirmation --> ConfirmationController : true
ConfirmationController -> Bundle : grant bundle for demand
ConfirmationController -->x RequestHandlerGuard : throw ApplyInstructionException for bundle

RequestHandlerGuard -> RouteDispatcher : forward to originally demanded route
RouteDispatcher -> Bundle : assert bundle for AnyComponent demand
Bundle --> RouteDispatcher : true
RouteDispatcher -> User : dispatch
@enduml

http://www.plantuml.com/plantuml/uml/hL9BZjim3Dth5Bo0Bz35OAPfqNPN5EW1D1QJ2919bQBY-FOrOI6m2o7TpCgmoFVHqtijwaNhb9mVbGL-5nJtpfM2bmL-uP-AHRzx2WdbM_KITaEkYbzYoLx7AueRcLGumOdf76No6fbEsrcoiNr6EopmkHgXGzAe2_pqfSmiOGzqpfp0yFAl37m2sLn1GIfHumtXZPOJJva9ITqHO1nDRuMkIYWAxzl_cUK0XO2Jf-3Q-Z2yt7iHh3nw5PuFDxMzA1Y-taVCsmrwqBqPnLLNBCgCKc8v-6fM-XpzZBTiAA30k9iRtUJw2EEoe5TakVBSmJaRFvNCmhSO479xnWF94ztUiwzqDvHuNXvihhisF3EaKh6lUop3HJprCkz3_r-7jvpJyeFAgZyQzb458sywtLPqQswWsORAm18laNnAI_E80SG07rhsZWULsjLedGdjqBqYXJgblm00

Actions #4

Updated by Gerrit Code Review almost 2 years ago

Patch set 4 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #5

Updated by Gerrit Code Review almost 2 years ago

Patch set 5 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #6

Updated by Gerrit Code Review almost 2 years ago

Patch set 6 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #7

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #8

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #9

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #10

Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #11

Updated by Gerrit Code Review over 1 year ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #12

Updated by Gerrit Code Review over 1 year ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #13

Updated by Oliver Hader over 1 year ago

  • Related to Task #92836: Introduce Sudo Mode for Install Tool added
Actions #14

Updated by Oliver Hader over 1 year ago

  • Tracker changed from Bug to Task
  • Target version set to 12 LTS
  • TYPO3 Version changed from 9 to 12
Actions #15

Updated by Oliver Hader over 1 year ago

  • Category set to Security
Actions #16

Updated by Gerrit Code Review over 1 year ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #17

Updated by Gerrit Code Review over 1 year ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #18

Updated by Gerrit Code Review over 1 year ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #19

Updated by Gerrit Code Review over 1 year ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #20

Updated by Gerrit Code Review over 1 year ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #21

Updated by Gerrit Code Review over 1 year ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #22

Updated by Gerrit Code Review over 1 year ago

Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #23

Updated by Gerrit Code Review over 1 year ago

Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #24

Updated by Gerrit Code Review over 1 year ago

Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #25

Updated by Gerrit Code Review over 1 year ago

Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #26

Updated by Gerrit Code Review over 1 year ago

Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #27

Updated by Gerrit Code Review over 1 year ago

Patch set 18 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #28

Updated by Gerrit Code Review over 1 year ago

Patch set 19 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #29

Updated by Gerrit Code Review over 1 year ago

Patch set 20 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #30

Updated by Gerrit Code Review over 1 year ago

Patch set 21 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546

Actions #31

Updated by Oliver Hader over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 50 to 100
Actions #32

Updated by Oliver Hader over 1 year ago

Actions #33

Updated by Oliver Hader over 1 year ago

  • Related to Bug #100780: Install tool opens without backend frame after login from backend added
Actions #34

Updated by Christian Kuhn over 1 year ago

  • Related to Bug #93160: Add option to disable Install Tool Sudo Mode for development added
Actions #35

Updated by Benni Mack 5 months ago

  • Status changed from Resolved to Closed
Actions #36

Updated by Oliver Hader 2 months ago

  • Related to Task #104870: Drop @internal for sudo-mode AccessLifetime added
Actions

Also available in: Atom PDF