[TYPO3-core] RFC: #7189: Bugfix: Processing of loginSecurityLevel in t3lib_userauth

Steffen Ritter info at rs-websystems.de
Thu Jan 17 13:50:33 CET 2008 

Steffen Kamper schrieb:
> "Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag 
> news:mailman.1.1200572822.10691.typo3-team-core at lists.netfielders.de...
>> Steffen Kamper schrieb:
>>> "Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag 
>>> news:mailman.1.1200570989.23586.typo3-team-core at lists.netfielders.de...
>>>> This is an SVN patch request.
>>>>
>>>> Type: Bugfix
>>>>
>>>> Bugtracker references:
>>>> http://bugs.typo3.org/view.php?id=7189
>>>>
>>>> Branches:
>>>> trunk
>>>>
>>>> Problem:
>>>> t3lib_userauth::start() does not set t3_lib_userauth::security_level
>>>> depending on a change of $TYPO3_CONF_VARS[FE/BE]['loginsecurityLevel']
>>>> but t3lib_userauth::processLoginData() changes the array of loginData
>>>> based upon this information.
>>>> Due to this, Frontend Login with challenged oder superchallenged mode is
>>>> not possible, because $loginData['uident'] becomes cleared.
>>>>
>>>> Solution:
>>>> adding:
>>>> if ( $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] ) {
>>>> $this->security_level =
>>>> $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
>>>> }
>>>>
>>>> to t3lib_userauth::start();
>>>>
>>>>
>>>> Notes:
>>>> Se Patch attached
>>>>
>>>> Greetings
>>>>
>>>> Steffen
>>> Hi Steffen,
>>>
>>> in general i agree. but you have to account for prior settings, see 
>>> comment above:
>>> // set level to normal if not already set
>>>
>>> in this case you overwrite it.
>>>
>>> vg  Steffen
>> Yes you're right. I did not think of this.
>>
>> Hardcoded it's set to normal. (Line 135).
>> So
>> // set level to normal if not already set
>> $this->security_level = $this->security_level ? $this->security_level : 
>> 'normal';
>>
>> does not have any effect.
>>
>> But you're right, the value can't be overwritten without cecking...
>> Probably wie should change my if statement and ask
>> if ( ($this->security_level=='normal') 
>> &&$TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] )
>>
>> which would have the effect, that the value only is written over if was 
>> not modified before.
>>
>> Greetings
> 
> i would change it arround:
> 
> if (!$this->security_level) {
>   if ($TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel']) {
>         $this->security_level = 
> $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
>   } else {
>         $this->security_level = 'normal';
>   }
> }
> 
> btw: it does not make sense in processLoginData to ask this value again, it 
> should be replaced then with $this->security_level
> 
> vg  Steffen 
> 
> 
If we clear out the definition in line 135 this would be perfect.

I added a solution integrating this discussion.

Steffen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: t3lib_userauth2.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20080117/309b47e6/attachment.txt

More information about the TYPO3-team-core mailing list