Actions
Bug #95119
closed
Epic #92636: felogin bug collection
checkFeUserPid = false prevents correct password reset function
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2021-09-06
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Problem¶
Setting the $GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] = false prevents correct password reset function.
No recover mail is sent to the user, if the fe_users record has a pid different than 0.
Reason¶
Because of the return value [0] inside TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController::getStorageFolders (line 32-34)
if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) {
return [0];
}
this condition inside TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserRepository::findEmailByUsernameOrEmailOnPages (line 182-185) becomes true, because !empty([0]) === true
if (!empty($pages)) {
// respect storage pid
$query->andWhere($queryBuilder->expr()->in('pid', $pages));
}
Subsequently a check for the pid 0 is added, which ends in a empty result if the pid of a user is different of 0.
This in turn bypass the sendRecoveryEmail call inside TYPO3\CMS\FrontendLogin\Controller\PasswordRecoveryController::recoveryAction (line 87-89):
if ($email) {
$this->recoveryService->sendRecoveryEmail($email);
}
Possible solution¶
Changing line 32-34 of TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController to this, solves the problem:
if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) {
return [];
}
Updated by 
Updated by 
Updated by 
Updated by 
Updated by
Actions