Project

General

Profile

Actions

Bug #95119

closed

Epic #92636: felogin bug collection

checkFeUserPid = false prevents correct password reset function

Added by Alexander Grein over 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2021-09-06
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem

Setting the $GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] = false prevents correct password reset function.
No recover mail is sent to the user, if the fe_users record has a pid different than 0.

Reason

Because of the return value [0] inside TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController::getStorageFolders (line 32-34)

if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) {
    return [0];
}

this condition inside TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserRepository::findEmailByUsernameOrEmailOnPages (line 182-185) becomes true, because !empty([0]) === true
if (!empty($pages)) {
    // respect storage pid
    $query->andWhere($queryBuilder->expr()->in('pid', $pages));
}

Subsequently a check for the pid 0 is added, which ends in a empty result if the pid of a user is different of 0.
This in turn bypass the sendRecoveryEmail call inside TYPO3\CMS\FrontendLogin\Controller\PasswordRecoveryController::recoveryAction (line 87-89):
if ($email) {
    $this->recoveryService->sendRecoveryEmail($email);
}

Possible solution

Changing line 32-34 of TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController to this, solves the problem:

if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) {
    return [];
}

Actions #1

Updated by Georg Ringer over 2 years ago

  • Description updated (diff)
Actions #2

Updated by Stefan P over 2 years ago

Can confirm.

Actions #3

Updated by Stefan P over 2 years ago

Actions #4

Updated by Markus Klein over 1 year ago

  • Parent task set to #92636
Actions #5

Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76764

Actions #6

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76772

Actions #7

Updated by Markus Klein over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #8

Updated by Gerrit Code Review over 1 year ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76773

Actions #9

Updated by Markus Klein over 1 year ago

  • Status changed from Under Review to Resolved
Actions #10

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF