[TASK] Drop salted passwords configuration options
In order to prepare the saltedpasswords extension to be implemented as a library into the core directly, a series of configuration options is dropped from the extension: * FE.forceSalted & BE.forceSalted (default 0) Setting this to 1 disabled upgrading non-salted user password to salted passwords and denied login. The option is dropped, but only passwords that have been upgraded from simple md5 or plaintext in v8 are allowed to login and will get their password upgraded. * FE.updatePasswd & BE.updatePasswd (default 1) Setting this to 0 disabled upgrading one salted password to another. This is dropped: Passwords will now always be upgraded to the currently configured hash algorithm if the currently used algorithm does no match the configured one. * FE.onlyAuthService & BE.onlyAuthService (default 0) Setting this to 1 allowed stopping the authentication chain if the salted passwords did not verify a password. This setting is pretty useless since it can be expected that any sane authentication provider kicks in before the native salted passwords authentication. We found not a single usage of that flag in TER. * checkConfigurationFE & checkConfigurationFE2 & checkConfigurationBE & checkConfigurationBE2 These configuration user function have been responsible to check various combinations of valid and invalid salted passwords combinations. This is obsolete with removing the other options and the deprecated rsaauth extension. An install tool preset for sane options and according warnings will be set up to establish better usability from an administrator point of view as soon as this patch is done. The only option left is the main "saltedPWHashingMethod". This will be transferred to an install tool preset including best option selection during installation in a next step. Resolves: #85683 Releases: master Change-Id: I7e8150ba9bc8b36f59d08ca5cadeb547e1301f67 Reviewed-on: https://review.typo3.org/57725 Tested-by:TYPO3com <no-reply@typo3.com> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Showing
- typo3/sysext/core/Classes/Configuration/ExtensionConfiguration.php 3 additions, 4 deletions...ext/core/Classes/Configuration/ExtensionConfiguration.php
- typo3/sysext/core/Documentation/Changelog/master/Important-85683-DoppedSaltedpasswordOptions.rst 40 additions, 0 deletions...og/master/Important-85683-DoppedSaltedpasswordOptions.rst
- typo3/sysext/core/Tests/Unit/Configuration/ExtensionConfigurationTest.php 6 additions, 6 deletions...e/Tests/Unit/Configuration/ExtensionConfigurationTest.php
- typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php 0 additions, 56 deletions...3/sysext/reports/Classes/Report/Status/SecurityStatus.php
- typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php 15 additions, 23 deletions.../sysext/saltedpasswords/Classes/SaltedPasswordService.php
- typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php 0 additions, 296 deletions.../Classes/Utility/ExtensionManagerConfigurationUtility.php
- typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php 0 additions, 3 deletions...altedpasswords/Classes/Utility/SaltedPasswordsUtility.php
- typo3/sysext/saltedpasswords/Documentation/Configuration/Index.rst 0 additions, 61 deletions...ext/saltedpasswords/Documentation/Configuration/Index.rst
- typo3/sysext/saltedpasswords/Resources/Private/Language/locallang.xlf 0 additions, 90 deletions.../saltedpasswords/Resources/Private/Language/locallang.xlf
- typo3/sysext/saltedpasswords/Resources/Private/Language/locallang_em.xlf 0 additions, 30 deletions...ltedpasswords/Resources/Private/Language/locallang_em.xlf
- typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php 0 additions, 6 deletions...ysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php
- typo3/sysext/saltedpasswords/ext_conf_template.txt 0 additions, 30 deletionstypo3/sysext/saltedpasswords/ext_conf_template.txt
Loading
Please register or sign in to comment