[TASK] Improve usability with multiple tabs open 54/27954/7
authorHelmut Hummel <helmut.hummel@typo3.org>
Fri, 28 Feb 2014 18:28:51 +0000 (19:28 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Tue, 4 Mar 2014 18:08:12 +0000 (19:08 +0100)
commit9aaeaf5120638ef07087226d8409062a29f527ef
treeaeb33878b93feb12475a86032329892a52d9c9ba
parentc518539f4c0a083dd89ff444c5cdeddd095bf165
[TASK] Improve usability with multiple tabs open

When the backend user session expires, currently
a popup window is shown which asks the user to
relogin when salted passwords or rsaauth are used
(which is currently our default).

However when a user works with multiple browser tabs
open, it is easy to overlook this popup. When realizing
that the session is expired and the user logs
into the backend again in one tab, the session
is authenticated in all other open tabs, but a
new CSRF protection token has been generated, which
makes working in this tab impossible, especially
because the tokens are now checked for virtually
any action.

This changes cleans up the AjaxLogin functionality
by making use of the new Ajax API introduced lately
and functionality is added so that AjaxLogin also
works with rsaauth and saltedpasswords enabled.

Additionally the form protection framework is slightly
reworked to better support the re-login and token
restore functionality in the AjaxLogin.

The "showRefreshLoginPopup" functionality is still
kept, because AjaxLogin can still not handle
OpenID logins.

Resolves: #56453
Releases: 6.2
Change-Id: Ic6c3415f292d346293c7d2c775288f4ba62ebc15
Reviewed-on: https://review.typo3.org/27954
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
14 files changed:
typo3/ajax.php
typo3/sysext/backend/Classes/AjaxLoginHandler.php
typo3/sysext/backend/Classes/Controller/BackendController.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/backend/Resources/Public/JavaScript/loginrefresh.js
typo3/sysext/core/Classes/FormProtection/AbstractFormProtection.php
typo3/sysext/core/Classes/FormProtection/BackendFormProtection.php
typo3/sysext/core/Classes/FormProtection/DisabledFormProtection.php
typo3/sysext/core/Tests/Unit/FormProtection/AbstractFormProtectionTest.php
typo3/sysext/core/Tests/Unit/FormProtection/Fixtures/FormProtectionTesting.php
typo3/sysext/rsaauth/Classes/Backend/AjaxLoginHandler.php [new file with mode: 0644]
typo3/sysext/rsaauth/Classes/Hook/BackendHookForAjaxLogin.php [new file with mode: 0644]
typo3/sysext/rsaauth/ext_localconf.php
typo3/sysext/saltedpasswords/ext_localconf.php