[TYPO3-core] RFC #14727: Code cleanup: tx_saltedpasswords_sv1 should use parent object instead of TYPO3_MODE
Marcus Krause
marcus#exp2010 at t3sec.info
Sun Jan 9 01:30:55 CET 2011
Hi!
Steffen Gebert schrieb am 01/08/2011 02:27 PM Uhr:
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=0014727
>>
>> Branches:
>> trunk
>>
>> Problem:
>> At the moment, tx_saltedpasswords_sv1 uses the TYPO3_MODE constant to
>> determine in which table the password should be updated (in
>> updatePassword() method).
>> This isn't very clean and can lead to problems if you use some kind of
>> be/fe login combination extension like simulatebe. There, the user
>> logs in to the Frontend, to TYPO3_MODE is "FE" but wants to
>> authenticate a BE user.
>>
>> Solution:
>> A simple solution to this is the usage of the $pObj field. See the
>> attached patch. It makes things much simpler and cleaner as far as I
>> can see.
>
> +1 by reading and testing
>
> Attached a cleaned-up patch against svn root.
Although this is a nice catch, the patch doesn't solve the problem once
and forever.
In tx_saltedpasswords_sv1::init() there's a function call to
tx_saltedpasswords_div::isUsageEnabled() which determines if
saltedpasswords is enabled for the desired TYPO3_MODE.
To completely fix this problem, you would hand over the mode somehow
retrieved from $pObj to tx_saltedpasswords_div::isUsageEnabled().
Luckily, isUsageEnabled() accepts an optional parameter with the TYPO3_MODE.
Unluckily, $pObj is not yet available at this state. It's available with
tx_sv_authbase::initAuth(), the next call in authentication service
instanciation/service.
Marcus.
More information about the TYPO3-team-core
mailing list