[CLEANUP] Remove security_level option from Authentications
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Authentication / AbstractUserAuthentication.php
index 95058b1..05bb2a3 100644 (file)
@@ -132,15 +132,6 @@ abstract class AbstractUserAuthentication {
         */
        public $formfield_status = '';
 
-       /**
-        * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
-        * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
-        *
-        * @var string
-        * @deprecated since 4.7 will be removed in 6.1
-        */
-       public $security_level = 'normal';
-
        // Server session lifetime. If > 0: session-timeout in seconds. If FALSE or
        // <0: no timeout. If string: The string is a fieldname from the usertable
        // where the timeout can be found.
@@ -370,14 +361,6 @@ abstract class AbstractUserAuthentication {
                if (empty($this->loginType)) {
                        throw new \TYPO3\CMS\Core\Exception('No loginType defined, should be set explicitly by subclass');
                }
-               // Set level to normal if not already set
-               if (!$this->security_level) {
-                       // Notice: cannot use TYPO3_MODE here because BE user can be logged in and operate inside FE!
-                       $this->security_level = trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']);
-                       if (!$this->security_level) {
-                               $this->security_level = 'normal';
-                       }
-               }
                // Enable dev logging if set
                if ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['writeDevLog']) {
                        $this->writeDevLog = TRUE;
@@ -1314,7 +1297,7 @@ abstract class AbstractUserAuthentication {
         * @todo Define visibility
         */
        public function processLoginData($loginData, $passwordTransmissionStrategy = '') {
-               $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: ($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel'] ? trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']) : $this->security_level);
+               $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: ($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel'] ? trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']) : 'normal');
                if ($this->writeDevLog) {
                        GeneralUtility::devLog('Login data before processing: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');
                }
@@ -1360,8 +1343,6 @@ abstract class AbstractUserAuthentication {
                $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
                $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
                $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
-               /** @deprecated the usage of $authInfo['security_level'] is deprecated since 4.7 */
-               $authInfo['security_level'] = $this->security_level;
                $authInfo['showHiddenRecords'] = $this->showHiddenRecords;
                // Can be overidden in localconf by SVCONF:
                $authInfo['db_user']['table'] = $this->user_table;
@@ -1393,7 +1374,6 @@ abstract class AbstractUserAuthentication {
         */
        public function compareUident($user, $loginData, $passwordCompareStrategy = '') {
                $OK = FALSE;
-               $passwordCompareStrategy = $passwordCompareStrategy ?: $this->security_level;
                switch ($passwordCompareStrategy) {
                        case 'superchallenged':