[TASK] Merge saltedpasswords felogin hook into felogin 52/57752/2
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 1 Aug 2018 08:59:24 +0000 (10:59 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Wed, 1 Aug 2018 12:20:07 +0000 (14:20 +0200)
Extension salted passwords hooks into felogin to hash a new
password before it is written to database if the user resets
his password using the 'forgot password' functionality.
Since salted passwords is a mandatory extension, this hook
usage is now removed and the hash creation is put into
felogin directly.
Note the hook method feloginForgotPasswordHook() had a type
hint to FrontendLoginController, is thus tailored for this
extension only and can't be abused by a different one. It is
safe to remove that method entirely.

Change-Id: I85d4ba59cecd3bd43b148008e70fe20f0f5dc0bc
Resolves: #85703
Releases: master
Reviewed-on: https://review.typo3.org/57752
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
typo3/sysext/saltedpasswords/ext_localconf.php

index 223ce11..935404c 100644 (file)
@@ -351,12 +351,16 @@ class FrontendLoginController extends AbstractPlugin implements LoggerAwareInter
                             $minLength
                         );
                     } else {
-                        $newPass = $postData['password1'];
+                        // Hash password using configured salted passwords hash mechanism for FE
+                        $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
+                        $newPass = $objInstanceSaltedPW->getHashedPassword($postData['password1']);
+
+                        // Call a hook for further password processing
                         if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
                             $_params = [
                                 'user' => $user,
                                 'newPassword' => $newPass,
-                                'newPasswordUnencrypted' => $newPass
+                                'newPasswordUnencrypted' => $postData['password1']
                             ];
                             foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
                                 if ($_funcRef) {
index d6a4228..1b578a8 100644 (file)
@@ -71,19 +71,6 @@ class SaltedPasswordsUtility
     }
 
     /**
-     * Hook function for felogin "forgotPassword" functionality
-     * encrypts the new password before storing in database
-     *
-     * @param array $params Parameter the hook delivers
-     * @param \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
-     */
-    public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
-    {
-        $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
-        $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
-    }
-
-    /**
      * Returns default configuration of this extension.
      *
      * @return array Default extension configuration data for localconf.php
index d22bf0c..567e4e3 100644 (file)
@@ -1,9 +1,6 @@
 <?php
 defined('TYPO3_MODE') or die();
 
-// Hook for processing "forgotPassword" in felogin
-$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::class . '->feloginForgotPasswordHook';
-
 // Extension may register additional salted hashing methods in this array
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] = [];