[BUGFIX] Fetch RSA public key by Ajax before login 93/28893/5
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 26 Mar 2014 22:44:54 +0000 (23:44 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Thu, 3 Apr 2014 20:02:07 +0000 (22:02 +0200)
commitb5798938ebeb5e2c6f11a12b3ab6ad10dc8ec905
tree64196db2e74651c934eaaf2c113e377a06f9e3f1
parentc67e8ebbb074c46dae40bec329db7392e023b0d6
[BUGFIX] Fetch RSA public key by Ajax before login

Currently public and private RSA keys are generated when rendering the
login form. This has several drawbacks.

It can lead to strange and hard to debug errors when a second request is
done in the same browser, which invalidates the key for the current
login form (#38660), opening a second login in a different tab
invalidates the key on the first tab and finally when the login form
stays open until the PHP session expires (parts of the private key are
stored in the PHP session), the key is also invalid for the form.

Solution is to create a new key pair on the fly when a user clicks the
submit button and fetch the public key via Ajax.

This change implements this for the backend login. Frontend login should
be tackled in a different patch.

Resolves: #37421
Releases: 6.2
Change-Id: I0cd9a049d892ee872436347153a0e1114b17585d
Reviewed-on: https://review.typo3.org/28893
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/rsaauth/Classes/Hook/LoginFormHook.php
typo3/sysext/rsaauth/ext_localconf.php
typo3/sysext/rsaauth/resources/BackendLoginFormRsaEncryption.js [new file with mode: 0644]
typo3/sysext/rsaauth/resources/rsaauth.js
typo3/sysext/rsaauth/resources/rsaauth_min.js