[TYPO3-core] Login Form

Jigal van Hemert jigal.van.hemert at typo3.org
Fri May 10 09:52:34 CEST 2013


On 9-5-2013 21:32, Philipp Gampe wrote:
> The basic functionality is working, but it show some quite some flaws in the
> current auth process:
> * There is no pre or post auth hooks.

Push a patch ;-)

> * The first auth service with successful result result wins, now way to
> chain them on success

The first authentication service (sorted by priority) that validates a 
login causes a user to be validated. Do you want to invalidate a user by 
a lower priority service??

There is a chain for unsuccessful validation; a service can say "not 
validated, ask the next service" or "not validated, stop trying".

> * The login template is hard-wired with EXT:openid and RSA login

It needs to be refactored indeed. Do you feel like working on this?

> * The hook for adding form fields only allows one hook to return a nonempty
> string, if this happens, then the code continues without chance for another
> hook to add fields

Sounds like it needs a patch too.

> As authentication is rather sensitive, I wonder if there is a reason to make
> it so hard to extent this?

Not all parts are yet easy to change or extend. This is clearly an area 
which needs TLC.

I personally like to have BE users without a password and only OpenID 
login. This is currently not possible because the password field is 

Jigal van Hemert
TYPO3 CMS Core Team member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-team-core mailing list