[!!!][TASK] Remove Frontend Track User functionality 40/60840/4
authorBenni Mack <benni@typo3.org>
Wed, 29 May 2019 19:51:37 +0000 (21:51 +0200)
committerAndreas Fernandez <a.fernandez@scripting-base.de>
Thu, 30 May 2019 18:34:13 +0000 (20:34 +0200)
commit8300dd31f225f03d3a8251ba1c26231caf9ce328
tree0afcfc78bef598f1d41f3c4ad6f2851e0c4e8c88
parent2d941445827fda76d53203c3337568bbf92e93d3
[!!!][TASK] Remove Frontend Track User functionality

The functionality "ftu" ("Frontend Track User"), which allows
to send the session through GET parameter within the site
has been removed.

It was used to hand in a session via `config.ftu = 1` and
the GET parameter "ftu=a-32-character-string", which then
started a session which was added to any link generated.

This way, sessions could _have_ been transferred across
domains but only if cookies would not be activated by
the browser, which is unreliable.

In order to pave the way to modern standards (OTP
or JWT), this functionality is removed, as the ftu functionality
has some flaws, conceptually and security wise.

Removed public properties
* AbstractUserAuthentication->get_name
* AbstractUserAuthentication->getFallBack
* AbstractUserAuthentication->getMethodEnabled
* AbstractUserAuthentication->get_URL_ID
* TypoScriptFrontendController->getMethodUrlIdToken

Removed TypoScript:
* config.ftu = 1

Removed TYPO3_CONF_VARS
* $TYPO3_CONF_VARS[FE][get_url_id_token]

GET Parameter "ftu" has no special meaning anymore.

Resolves: #88458
Releases: master
Change-Id: I664be44228b2180909f6abfda8acfcd5fe36aa5a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
12 files changed:
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
typo3/sysext/core/Documentation/Changelog/master/Breaking-88458-RemovedFrontendTrackUserFtuFunctionality.rst [new file with mode: 0644]
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3/sysext/frontend/Classes/Page/CacheHashCalculator.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/ArrayDimensionMatcher.php
typo3/sysext/install/Configuration/ExtensionScanner/Php/PropertyPublicMatcher.php
typo3/sysext/t3editor/Resources/Private/tsref.xml
typo3/sysext/t3editor/Resources/Public/JavaScript/Mode/typoscript/typoscript.js