Project

General

Profile

Actions

Feature #97389

closed

Epic #97387: Configurable Password Policies

Add Password Policy check to FormEngine (TCA type=password) and DataHandler

Added by Torben Hansen over 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
Start date:
2022-04-15
Due date:
% Done:

100%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Evaluate password policy for mode (either FE or BE) in TCA type=password for the configured Password Policy.

Example TCA for be_users

$GLOBALS['TCA']['be_users']['columns']['password'] = [
    'config' => [
        'type' => 'password',
        'size' => 20,
        'required' => true,

        // could be the default behavior when omitted for `type=password` in DataHandler,
        'passwordPolicy' => 'default',

        'fieldControl' => [
            // checks requirements of `passwordPolicy`, visualized matches & mismatches
            'passwordPolicyValidation' => true,

            // just concerns the entropy of a password, independent of `passwordPolicy`
            'passwordStrengthMeter' => true,

            // uses aspects of `passwordPolicy` and shows a visual generator
            // (e.g. user can select amount of digits, amount of special chars, ...)
            'passwordGenerator' => true,
        ],
    ],
];

Example TCA for sys_reaction

$GLOBALS['TCA']['sys_reaction']['columns']['token'] = [
    'config' => [
        'type' => 'password',
        'size' => 20,
        'required' => true,

        'passwordPolicy' => 'token',

        'fieldControl' => [
            // checks requirements of `passwordPolicy`, visualized matches & mismatches
            'passwordPolicyValidation' => true,

            // just concerns the entropy of a password, independent of `passwordPolicy`
            'passwordStrengthMeter' => true,

            // uses aspects of `passwordPolicy` and shows a visual generator
            // (e.g. user can select amount of digits, amount of special chars, ...)
            'passwordGenerator' => [
                'controls' => false,
                'randomValue' => true,
                'convert' => ['hex', 'base64'],
            ],
        ],
    ],
];

For the latter, we need to add an additional global password policy named token as shown below:

'token' => [
    'validators' => [
        \TYPO3\CMS\Core\PasswordPolicy\Validator\CorePasswordValidator::class => [
            'options' => [
                'minimumLength' => 40,
            ],
            'excludeActions' => [],
        ],
],

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #102668: Consider empty or invalid password policy referenceClosed2023-12-13

Actions
Actions

Also available in: Atom PDF