[TYPO3-core] Login Form
Jigal van Hemert
jigal.van.hemert at typo3.org
Fri May 10 09:52:34 CEST 2013
Hi,
On 9-5-2013 21:32, Philipp Gampe wrote:
> The basic functionality is working, but it show some quite some flaws in the
> current auth process:
>
> * There is no pre or post auth hooks.
Push a patch ;-)
> * The first auth service with successful result result wins, now way to
> chain them on success
The first authentication service (sorted by priority) that validates a
login causes a user to be validated. Do you want to invalidate a user by
a lower priority service??
There is a chain for unsuccessful validation; a service can say "not
validated, ask the next service" or "not validated, stop trying".
> * The login template is hard-wired with EXT:openid and RSA login
It needs to be refactored indeed. Do you feel like working on this?
> * The hook for adding form fields only allows one hook to return a nonempty
> string, if this happens, then the code continues without chance for another
> hook to add fields
Sounds like it needs a patch too.
> As authentication is rather sensitive, I wonder if there is a reason to make
> it so hard to extent this?
Not all parts are yet easy to change or extend. This is clearly an area
which needs TLC.
I personally like to have BE users without a password and only OpenID
login. This is currently not possible because the password field is
mandatory.
--
Jigal van Hemert
TYPO3 CMS Core Team member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list