Feature #97389
closed
Epic #97387: Configurable Password Policies
Add Password Policy check to FormEngine (TCA type=password) and DataHandler
100%
Description
Evaluate password policy for mode (either FE or BE) in TCA type=password for the configured Password Policy.
Example TCA for be_users
$GLOBALS['TCA']['be_users']['columns']['password'] = [
'config' => [
'type' => 'password',
'size' => 20,
'required' => true,
// could be the default behavior when omitted for `type=password` in DataHandler,
'passwordPolicy' => 'default',
'fieldControl' => [
// checks requirements of `passwordPolicy`, visualized matches & mismatches
'passwordPolicyValidation' => true,
// just concerns the entropy of a password, independent of `passwordPolicy`
'passwordStrengthMeter' => true,
// uses aspects of `passwordPolicy` and shows a visual generator
// (e.g. user can select amount of digits, amount of special chars, ...)
'passwordGenerator' => true,
],
],
];
Example TCA for sys_reaction
$GLOBALS['TCA']['sys_reaction']['columns']['token'] = [
'config' => [
'type' => 'password',
'size' => 20,
'required' => true,
'passwordPolicy' => 'token',
'fieldControl' => [
// checks requirements of `passwordPolicy`, visualized matches & mismatches
'passwordPolicyValidation' => true,
// just concerns the entropy of a password, independent of `passwordPolicy`
'passwordStrengthMeter' => true,
// uses aspects of `passwordPolicy` and shows a visual generator
// (e.g. user can select amount of digits, amount of special chars, ...)
'passwordGenerator' => [
'controls' => false,
'randomValue' => true,
'convert' => ['hex', 'base64'],
],
],
],
];
For the latter, we need to add an additional global password policy named token as shown below:
'token' => [
'validators' => [
\TYPO3\CMS\Core\PasswordPolicy\Validator\CorePasswordValidator::class => [
'options' => [
'minimumLength' => 40,
],
'excludeActions' => [],
],
],
Updated by Torben Hansen over 2 years ago
- Subject changed from Add PasswordPolicy check to FormEngine (TCA type=password) and DataHandler to Add Password Policy check to FormEngine (TCA type=password) and DataHandler
Updated by
Updated by Gerrit Code Review almost 2 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review almost 2 years ago
Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Torben Hansen over 1 year ago
- Assignee set to Torben Hansen
- Target version set to 12.3
Updated by Gerrit Code Review over 1 year ago
Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review over 1 year ago
Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Gerrit Code Review over 1 year ago
Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77424
Updated by Torben Hansen over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 980f2ba3ff02e6c2c5018530b8e46890ae5c344a.
Updated by
Updated by Oliver Hader 11 months ago
- Related to Bug #102668: Consider empty or invalid password policy reference added