[TYPO3-dev] Services architecture

[Christian Lerrahn (Cerebrum)]

Hi,
I've recently gone through the code relating to services used for
authentication. When I first found that a service can exit with a code
100 to neither complete nor fail the authentication, I assumed that
this was used for services like rsaauth that do not actually
authenticate a user. My idea was that rsaauth would decrypt the
password and store the plain text password in the variable where other
services would look for it.

Now, I was rather puzzled (and to be honest a bit shocked) when I found
out that rsaauth calls the basic authentication services again instead
of just exiting to pass the decrypted password down the chain. This
gets even worse when saltedpasswords duplicates rsaauth code to decrypt
the password before it checks it against the stored password hash.

I understand that the chain has to be interrupted by some services. If
e.g. the authentication database is fully external, no password can be
passed on in the service chain. Also, a salted password hash has to be
checked against right away because it cannot be decrypted
(hopefully ;)). Nevertheless, the setup as it stands seems rather
fragile to me. If a competing service to rsaauth was introduced and did
behave in the same manner, the use of e.g. saltedpasswords would become
impossible because saltedpasswords is unaware of this new service.

Is there a reason why the service chain is not handled the way I first
believed it was handled? If so, what is the reason and what makes it
impossible to change the architecture to a real chain of events?

Cheers,
Christian