[FEATURE] Enable validation of password via hooks during password 14/59714/5
authorSascha Grötzner <typo3@007sascha.de>
Sun, 17 Feb 2019 10:53:23 +0000 (10:53 +0000)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 23 Feb 2019 19:12:05 +0000 (20:12 +0100)
changes

Add a new $_param variable "passwordValid" and
"passwordInvalidMessage" process via Hook.
In the Hook to can do your own validation or other stuff and
set "passwordValid" to false an generate a Message to
"passwordInvalidMessage".
If $hookPasswordValid is false then the password is not set
in DB and the script runs its normal way. (it will redirect
to the PasswordChange Form an prints the
"passwordInvalidMessage")

Resolves: #87726
Releases: master
Change-Id: I89f37e7c5036254b40aa4fffe65a4e6cf2cc213f
Reviewed-on: https://review.typo3.org/c/59714
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/core/Documentation/Changelog/master/Feature-87726-ExtendFrontendLoginControllerHookToValidatePassword.rst [new file with mode: 0644]
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php

diff --git a/typo3/sysext/core/Documentation/Changelog/master/Feature-87726-ExtendFrontendLoginControllerHookToValidatePassword.rst b/typo3/sysext/core/Documentation/Changelog/master/Feature-87726-ExtendFrontendLoginControllerHookToValidatePassword.rst
new file mode 100644 (file)
index 0000000..68e45cc
--- /dev/null
@@ -0,0 +1,36 @@
+.. include:: ../../Includes.txt
+
+==========================================================================
+Feature: #87726 - Extend FrontendLoginController Hook to validate password
+==========================================================================
+
+See :issue:`87726`
+
+Description
+===========
+
+The Hook `$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']` is extended to validiade the given password.
+In the Hook you can set a custom validation Message.
+
+
+Impact
+======
+
+You can now use the hook via:
+
+.. code-block:: php
+
+       $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = \Your\Namespace\Hooks\MyBeautifulHook::class . '->passwordChanged';
+
+Example implementation:
+-----------------------
+.. code-block:: php
+       public function passwordChanged(array &$params)
+       {
+               if($params['newPasswordUnencrypted']==='password'){
+                       $params['passwordValid']=FALSE;
+                       $params['passwordInvalidMessage']='<p class="text-danger">Do not use password as password</p>';
+               }
+       }
+
+.. index:: Frontend, ext:felogin, PHP-API
index 6e2bcc0..89b2a31 100644 (file)
@@ -368,11 +368,14 @@ class FrontendLoginController extends AbstractPlugin
                         $newPass = $hashInstance->getHashedPassword($postData['password1']);
 
                         // Call a hook for further password processing
+                        $hookPasswordValid = true;
                         if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
                             $_params = [
                                 'user' => $user,
                                 'newPassword' => $newPass,
-                                'newPasswordUnencrypted' => $postData['password1']
+                                'newPasswordUnencrypted' => $postData['password1'],
+                                'passwordValid' => true,
+                                'passwordInvalidMessage' => '',
                             ];
                             foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
                                 if ($_funcRef) {
@@ -380,34 +383,42 @@ class FrontendLoginController extends AbstractPlugin
                                 }
                             }
                             $newPass = $_params['newPassword'];
+                            $hookPasswordValid = $_params['passwordValid'];
+
+                            if (!$hookPasswordValid) {
+                                $markerArray['###STATUS_MESSAGE###'] = $_params['passwordInvalidMessage'];
+                            }
                         }
 
-                        // Save new password and clear DB-hash
-                        $userTable = $this->frontendController->fe_user->user_table;
-                        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
-                        $queryBuilder->getRestrictions()->removeAll();
-                        $queryBuilder->update($userTable)
-                            ->set('password', $newPass)
-                            ->set('felogin_forgotHash', '')
-                            ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
-                            ->where(
-                                $queryBuilder->expr()->eq(
-                                    'uid',
-                                    $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
+                        // Change Password only if Hook returns valid
+                        if ($hookPasswordValid) {
+                            // Save new password and clear DB-hash
+                            $userTable = $this->frontendController->fe_user->user_table;
+                            $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
+                            $queryBuilder->getRestrictions()->removeAll();
+                            $queryBuilder->update($userTable)
+                                ->set('password', $newPass)
+                                ->set('felogin_forgotHash', '')
+                                ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
+                                ->where(
+                                    $queryBuilder->expr()->eq(
+                                        'uid',
+                                        $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
+                                    )
                                 )
-                            )
-                            ->execute();
-
-                        $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
-                            'change_password_done_message',
-                            $this->conf['changePasswordDoneMessage_stdWrap.']
-                        );
-                        $done = true;
-                        $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
-                        $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
-                            htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
-                            [$this->prefixId . '[redirectReferrer]' => 'off']
-                        );
+                                ->execute();
+
+                            $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
+                                'change_password_done_message',
+                                $this->conf['changePasswordDoneMessage_stdWrap.']
+                            );
+                            $done = true;
+                            $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
+                            $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
+                                htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
+                                [$this->prefixId . '[redirectReferrer]' => 'off']
+                            );
+                        }
                     }
                 }
                 if (!$done) {