[!!!][TASK] Merge salted passwords auth service into default service 59/57759/14
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 1 Aug 2018 17:05:45 +0000 (19:05 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Tue, 7 Aug 2018 11:07:01 +0000 (13:07 +0200)
commit01dbe261d88d2db65aeaf648dbc4a18d0bf20a60
tree9178b072b378f30c8eba848ec6854d7cccfdbe8f
parent9f0c7b8305d49c6a50c22ec35a938204e0244857
[!!!][TASK] Merge salted passwords auth service into default service

The patch merges the default 'authUserBE' and 'authUserFE' authentication
service of extension saltedpasswords on priority 70 into the default
authentication service of the core on priority 50.

The now unused SaltedPasswordService is deprecated with this class.
Last inactive ways for authentication against stored plain text
passwords are removed.

While this is in almost all cases not a problem for existing instances
when upgrading, an edge case when this may lead to a security relevant
breaking change is described in a changelog file.

The new 'authUser' of the default core authentication method is
rewritten and carefully crafted to be much easier to understand, much
more defensive, better documented and tested.

Change-Id: Ie21e891b6f8b5ceed694b412f933ad6435240ff9
Resolves: #85761
Releases: master
Reviewed-on: https://review.typo3.org/57759
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Authentication/AbstractAuthenticationService.php
typo3/sysext/core/Classes/Authentication/AuthenticationService.php
typo3/sysext/core/Classes/Service/AbstractService.php
typo3/sysext/core/Documentation/Changelog/master/Breaking-85761-AuthenticationChainChanges.rst [new file with mode: 0644]
typo3/sysext/core/Documentation/Changelog/master/Deprecation-85761-DeprecatedSaltedPasswordService.rst [new file with mode: 0644]
typo3/sysext/core/Tests/Unit/Authentication/AuthenticationServiceTest.php
typo3/sysext/core/ext_localconf.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/ClassNameMatcher.php
typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php
typo3/sysext/saltedpasswords/ext_localconf.php