[TYPO3-core] Login Form
philipp.gampe at typo3.org
Fri May 10 10:09:06 CEST 2013
Hi Jigal van Hemert,
Jigal van Hemert wrote:
> On 9-5-2013 21:32, Philipp Gampe wrote:
>> The basic functionality is working, but it show some quite some flaws in
>> the current auth process:
>> * There is no pre or post auth hooks.
> Push a patch ;-)
>> * The first auth service with successful result result wins, now way to
>> chain them on success
> The first authentication service (sorted by priority) that validates a
> login causes a user to be validated. Do you want to invalidate a user by
> a lower priority service??
> There is a chain for unsuccessful validation; a service can say "not
> validated, ask the next service" or "not validated, stop trying".
You are right, the services are sorted by priority. The use-cases I have in
mind will be solved by the hooks.
>> * The login template is hard-wired with EXT:openid and RSA login
> It needs to be refactored indeed. Do you feel like working on this?
I am not yet sure. This would turn into a bigger task, because both normal,
rsa and openid support are effect. Plus we would need to maintain backward
compatibility (at least for LTS).
If I find some extra time, maybe I separate it at least so for that it is
possible to render different forms for different extensions.
But this needs more thinking, also UX wise.
>> * The hook for adding form fields only allows one hook to return a
>> nonempty string, if this happens, then the code continues without chance
>> for another hook to add fields
> Sounds like it needs a patch too.
That is not easy to solve, because this logic is hard wired into sv and rsa.
> I personally like to have BE users without a password and only OpenID
> login. This is currently not possible because the password field is
Yes, we should leave such decisions to the services.
Philipp Gampe – PGP-Key 0AD96065 – TYPO3 UG Bonn/Köln
Documentation – Active contributor TYPO3 CMS
TYPO3 .... inspiring people to share!
More information about the TYPO3-team-core