[TYPO3-core] RFC #14727: Code cleanup: tx_saltedpasswords_sv1 should use parent object instead of TYPO3_MODE
Alexander Stehlik
alexander.stehlik at googlemail.com
Fri Feb 4 12:52:59 CET 2011
Reminder #1
Am 09.01.2011 15:30, schrieb Alexander Stehlik:
> Hi,
>
> you are right this problem is quite tricky.
>
> The only solution I could think of is a modification of
> t3lib_div::makeInstanceService, that provides additional information in
> the t3lib_svbase::info array (see attached patch).
>
> What do you think of it?
>
> Kind regards,
> Alex
>
> Am 09.01.2011 01:30, schrieb Marcus Krause:
>> Hi!
>>
>> Steffen Gebert schrieb am 01/08/2011 02:27 PM Uhr:
>>>> Bugtracker references:
>>>> http://bugs.typo3.org/view.php?id=0014727
>>>>
>>>> Branches:
>>>> trunk
>>>>
>>>> Problem:
>>>> At the moment, tx_saltedpasswords_sv1 uses the TYPO3_MODE constant to
>>>> determine in which table the password should be updated (in
>>>> updatePassword() method).
>>>> This isn't very clean and can lead to problems if you use some kind of
>>>> be/fe login combination extension like simulatebe. There, the user
>>>> logs in to the Frontend, to TYPO3_MODE is "FE" but wants to
>>>> authenticate a BE user.
>>>>
>>>> Solution:
>>>> A simple solution to this is the usage of the $pObj field. See the
>>>> attached patch. It makes things much simpler and cleaner as far as I
>>>> can see.
>>>
>>> +1 by reading and testing
>>>
>>> Attached a cleaned-up patch against svn root.
>>
>> Although this is a nice catch, the patch doesn't solve the problem once
>> and forever.
>>
>> In tx_saltedpasswords_sv1::init() there's a function call to
>> tx_saltedpasswords_div::isUsageEnabled() which determines if
>> saltedpasswords is enabled for the desired TYPO3_MODE.
>>
>> To completely fix this problem, you would hand over the mode somehow
>> retrieved from $pObj to tx_saltedpasswords_div::isUsageEnabled().
>>
>> Luckily, isUsageEnabled() accepts an optional parameter with the
>> TYPO3_MODE.
>> Unluckily, $pObj is not yet available at this state. It's available with
>> tx_sv_authbase::initAuth(), the next call in authentication service
>> instanciation/service.
>>
>>
>> Marcus.
>
More information about the TYPO3-team-core
mailing list