[BUGFIX] Enforce RSA encryption for re-login modal 78/49478/4
authorHelmut Hummel <info@helhum.io>
Sun, 14 Aug 2016 13:06:24 +0000 (15:06 +0200)
committerAndreas Fernandez <typo3@scripting-base.de>
Mon, 29 Aug 2016 12:54:38 +0000 (14:54 +0200)
commit2ffb2e7e2c3b3b022fffa91ec010b83d3f0e7bf6
tree1bf7a173f3d4545ff383b70fc17b216472448659
parent57f6bba9e8b5eeae007a6dfe6d65c46642391d0c
[BUGFIX] Enforce RSA encryption for re-login modal

The RsaEncryption and the LoginRefresh module are loaded
independently by requireJS, which means they are loaded
asynchronous. This means that either one of those modules
is initialized first.

However the RsaEncryption module scans the DOM for form elements
and the LoginRefresh inserts a form. This means if the RsaEncryption
is initialized first, then the form created by LoginRefresh
will not be intercepted, leading to the (heisen-)bug described.

This change enforces the loading order by adding the RsaEncryption
as dependency to LoginRefresh and registering the form manually,
to make sure it will be intercepted and passwords
will transmitted encrypted.

Resolves: #75911
Releases: 7.6, master
Change-Id: Ib4aba70b3545f163a16a4eee62bed9e5a48b2fe7
Reviewed-on: https://review.typo3.org/49478
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js
typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryptionModule.js