[SECURITY] Add hook to implement login protection methods 09/40809/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 13:39:41 +0000 (15:39 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:09:58 +0000 (16:09 +0200)
commit3a22249edaae6a1cd6cc66d0d57a2aac46c5c658
treec655585104522d1c69986a829554b7b1752e36ff
parent58380b4728f3a1a2bfb9c329963ecfe427652aad
[SECURITY] Add hook to implement login protection methods

Currently only the backend login is protected with an implement sleep
time after login failure. This patch adds a new hook which can be used
to implement a protection functionality (e.g. for detecting brute force)
and moves the sleep time as default protection in the abstract user
authentication class.

Resolves: #59231
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-006
Change-Id: I1fd1ebdc32ce7797651b5ead284dcff1eb511b94
Reviewed-on: http://review.typo3.org/40809
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Controller/LoginController.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Documentation/Changelog/master/Feature-59231-AddHookToAbstractUserAuthenticationCheckAuthentication.rst [new file with mode: 0644]