Bug #95119
Updated by Georg Ringer almost 3 years ago
h2. Problem Setting the $GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] = false prevents correct password reset function. No recover mail is sent to the user, if the fe_users record has a pid different than 0. h2. Reason Because of the return value [0] inside TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController::getStorageFolders (line 32-34) <pre> if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) { return [0]; } </pre> this condition inside TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserRepository::findEmailByUsernameOrEmailOnPages (line 182-185) becomes true, because !empty([0]) === true <pre> if (!empty($pages)) { // respect storage pid $query->andWhere($queryBuilder->expr()->in('pid', $pages)); } </pre> Subsequently a check for the pid 0 is added, which ends in a empty result if the pid of a user is different of 0. This in turn bypass the sendRecoveryEmail call inside TYPO3\CMS\FrontendLogin\Controller\PasswordRecoveryController::recoveryAction (line 87-89): <pre> if ($email) { $this->recoveryService->sendRecoveryEmail($email); } </pre> h2. Possible solution Changing line 32-34 of TYPO3\CMS\FrontendLogin\Controller\AbstractLoginFormController to this, solves the problem: <pre> if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) { return []; } </pre>