[BUGFIX] Enforce RSA encryption for re-login modal 82/49482/4
authorHelmut Hummel <info@helhum.io>
Sun, 14 Aug 2016 13:06:24 +0000 (15:06 +0200)
committerAndreas Fernandez <typo3@scripting-base.de>
Mon, 29 Aug 2016 10:14:30 +0000 (12:14 +0200)
commit5d99ff2fb289e25a5b9527df0a4de59e68f2a8ad
tree7af14ebbf6a03ed3c291109c6ba057df846932a1
parent97416e982e12be4fc09a2066b8557ab2556fe5d1
[BUGFIX] Enforce RSA encryption for re-login modal

The RsaEncryption and the LoginRefresh module are loaded
independently by requireJS, which means they are loaded
asynchronous. This means that either one of those modules
is initialized first.

However the RsaEncryption module scans the DOM for form elements
and the LoginRefresh inserts a form. This means if the RsaEncryption
is initialized first, then the form created by LoginRefresh
will not be intercepted, leading to the (heisen-)bug described.

This change enforces the loading order by adding the RsaEncryption
as dependency to LoginRefresh and registering the form manually,
to make sure it will be intercepted and passwords
will transmitted encrypted.

Resolves: #75911
Releases: 7.6, master
Change-Id: Ib4aba70b3545f163a16a4eee62bed9e5a48b2fe7
Reviewed-on: https://review.typo3.org/49482
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: David Bruchmann <david.bruchmann@gmail.com>
Tested-by: David Bruchmann <david.bruchmann@gmail.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js
typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryptionModule.js