[TYPO3-v4] Request for comments: Separating password transmission from password comparison
Oliver Hader
oliver.hader at typo3.org
Tue Jan 17 15:31:38 CET 2012
Hi Helmut,
Am 29.12.11 00:31, schrieb Helmut Hummel:
> Hi,
>
> On 28.12.11 13:04, Oliver Hader wrote:
>
>> You can expect my review by tomorrow.
>
> Olly and me had nice and productive review session this evening. Thanks
> for that.
>
> The result is an improved version of the patch so that the loginData
> before and after the change are exactly the same. It's now completely
> transparent for external authentication services. Additionally I also
> covered this by unit tests now.
>
> One special behaviour is marked as deprecated so we could switch to a
> more consistet behaviour in future TYPO3 versions. I'm happy to discuss
> if this additional compatibility layer is necessary, but I'm also fine
> going thisway.
>
> Extensions that XCLASS on tx_rsaauth_sv1 most likely will fail as this
> class will now be called in a different context. This fact will be
> mentioned in NEWS.txt[1]
>
> Additionally I will add a chapter about authentication services which is
> by now competely missing in the services manual[2]
Thanks for your time back then and your changes. I can confirm that this
change behaves as before - so not breaking if other auth-services did
evaluations with the data provided in $loginData.
After retesting again and with other votes for the change, I took the
freedom to give my final +2 and submitted the patchset to the master branch.
Cheers,
Olly
--
Oliver Hader
TYPO3 v4 Core Team Leader
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-project-v4
mailing list