[CLEANUP] Remove security_level option from Authentications 25/27825/3
authorBenjamin Mack <benni@typo3.org>
Tue, 25 Feb 2014 08:22:38 +0000 (09:22 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Thu, 27 Feb 2014 17:09:21 +0000 (18:09 +0100)
The option security_level option was deprecated
since 4.7 and can now be removed.

Also do some cleanup in related code.

Releases: 6.2
Resolves: #56256
Change-Id: I48dcb788ca654aea14fb7125128c564fd373b550
Reviewed-on: https://review.typo3.org/27825
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Tests/Unit/Authentication/AbstractUserAuthenticationTest.php
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/rsaauth/Classes/Hook/LoginFormHook.php
typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php
typo3/sysext/sv/Classes/AuthenticationService.php
typo3/sysext/workspaces/Classes/Controller/PreviewController.php

index 23b3623..109960b 100644 (file)
@@ -59,15 +59,6 @@ class FrontendBackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\B
        public $formfield_chalvalue = '';
 
        /**
-        * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
-        * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
-        *
-        * @var         string
-        * @deprecated since 4.7 will be removed in 6.1
-        */
-       public $security_level = '';
-
-       /**
         * Decides if the writelog() function is called at login and logout.
         *
         * @var         boolean
index 95058b1..05bb2a3 100644 (file)
@@ -132,15 +132,6 @@ abstract class AbstractUserAuthentication {
         */
        public $formfield_status = '';
 
-       /**
-        * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
-        * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
-        *
-        * @var string
-        * @deprecated since 4.7 will be removed in 6.1
-        */
-       public $security_level = 'normal';
-
        // Server session lifetime. If > 0: session-timeout in seconds. If FALSE or
        // <0: no timeout. If string: The string is a fieldname from the usertable
        // where the timeout can be found.
@@ -370,14 +361,6 @@ abstract class AbstractUserAuthentication {
                if (empty($this->loginType)) {
                        throw new \TYPO3\CMS\Core\Exception('No loginType defined, should be set explicitly by subclass');
                }
-               // Set level to normal if not already set
-               if (!$this->security_level) {
-                       // Notice: cannot use TYPO3_MODE here because BE user can be logged in and operate inside FE!
-                       $this->security_level = trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']);
-                       if (!$this->security_level) {
-                               $this->security_level = 'normal';
-                       }
-               }
                // Enable dev logging if set
                if ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['writeDevLog']) {
                        $this->writeDevLog = TRUE;
@@ -1314,7 +1297,7 @@ abstract class AbstractUserAuthentication {
         * @todo Define visibility
         */
        public function processLoginData($loginData, $passwordTransmissionStrategy = '') {
-               $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: ($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel'] ? trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']) : $this->security_level);
+               $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: ($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel'] ? trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']) : 'normal');
                if ($this->writeDevLog) {
                        GeneralUtility::devLog('Login data before processing: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');
                }
@@ -1360,8 +1343,6 @@ abstract class AbstractUserAuthentication {
                $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
                $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
                $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
-               /** @deprecated the usage of $authInfo['security_level'] is deprecated since 4.7 */
-               $authInfo['security_level'] = $this->security_level;
                $authInfo['showHiddenRecords'] = $this->showHiddenRecords;
                // Can be overidden in localconf by SVCONF:
                $authInfo['db_user']['table'] = $this->user_table;
@@ -1393,7 +1374,6 @@ abstract class AbstractUserAuthentication {
         */
        public function compareUident($user, $loginData, $passwordCompareStrategy = '') {
                $OK = FALSE;
-               $passwordCompareStrategy = $passwordCompareStrategy ?: $this->security_level;
                switch ($passwordCompareStrategy) {
                        case 'superchallenged':
 
index 640765f..2771ef3 100644 (file)
@@ -334,28 +334,6 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
        }
 
        /**
-        * Sets the security level for the Backend login
-        *
-        * @return      void
-        * @todo Define visibility
-        */
-       public function start() {
-               $securityLevel = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']);
-               $standardSecurityLevels = array('normal', 'challenged', 'superchallenged');
-               // The TYPO3 standard login service relies on $this->security_level being set
-               // to 'superchallenged' because of the password in the database is stored as md5 hash.
-               // @deprecated since 4.7
-               // These lines are here for compatibility purpose only, can be removed in 6.1.
-               // @see \TYPO3\CMS\Sv\AuthenticationService::processLoginData()
-               if (!empty($securityLevel) && !in_array($securityLevel, $standardSecurityLevels)) {
-                       $this->security_level = $securityLevel;
-               } else {
-                       $this->security_level = 'superchallenged';
-               }
-               parent::start();
-       }
-
-       /**
         * Returns TRUE if user is admin
         * Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.
         *
index 4edfdff..8df72aa 100644 (file)
@@ -60,7 +60,6 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                        'Backend login with securityLevel "normal"' => array(
                                'BE',
                                'normal',
-                               'superchallenged',
                                array(
                                        'status' => 'login',
                                        'uname' => 'admin',
@@ -70,7 +69,7 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                                array(
                                        'status' => 'login',
                                        'uname' => 'admin',
-                                       'uident' => '651219fccfbe0c9004c7196515d780ce',
+                                       'uident' => 'password',
                                        'chalvalue' => NULL,
                                        'uident_text' => 'password',
                                        'uident_challenged' => '458203772635d38f05ca9e62d8237974',
@@ -80,7 +79,6 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                        'Backend login with securityLevel "superchallenged"' => array(
                                'BE',
                                'superchallenged',
-                               'superchallenged',
                                array(
                                        'status' => 'login',
                                        'uname' => 'admin',
@@ -100,7 +98,6 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                        'Frontend login with securityLevel "normal"' => array(
                                'FE',
                                'normal',
-                               'normal',
                                array(
                                        'status' => 'login',
                                        'uname' => 'admin',
@@ -120,7 +117,6 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                        'Frontend login with securityLevel "challenged"' => array(
                                'FE',
                                'challenged',
-                               'challenged',
                                array(
                                        'status' => 'login',
                                        'uname' => 'admin',
@@ -144,10 +140,9 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
         * @test
         * @dataProvider processLoginDataProvider
         */
-       public function processLoginReturnsCorrectData($loginType, $passwordSubmissionStrategy, $passwordCompareStrategy, $originalData, $processedData) {
+       public function processLoginReturnsCorrectData($loginType, $passwordSubmissionStrategy, $originalData, $processedData) {
                /** @var $mock \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication */
                $mock = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', array('_dummy'));
-               $mock->security_level = $passwordCompareStrategy;
                $mock->loginType = $loginType;
                $this->assertEquals($mock->processLoginData($originalData, $passwordSubmissionStrategy), $processedData);
        }
index 2249b48..a6b843b 100644 (file)
@@ -136,7 +136,6 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
                $this->formfield_uident = 'pass';
                $this->formfield_chalvalue = 'challenge';
                $this->formfield_status = 'logintype';
-               $this->security_level = '';
                $this->auth_timeout_field = 6000;
                $this->sendNoCacheHeaders = FALSE;
                $this->getFallBack = TRUE;
index 943249b..ddbda53 100644 (file)
@@ -34,7 +34,10 @@ class LoginFormHook {
        /**
         * Adds RSA-specific JavaScript and returns a form tag
         *
+        * @param array $params
+        * @param \TYPO3\CMS\Backend\Controller\LoginController $pObj
         * @return string Form tag
+        * @throws \TYPO3\CMS\Core\Error\Exception
         */
        public function getLoginFormTag(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) {
                $form = NULL;
index 9c1c616..8ca166d 100644 (file)
@@ -112,18 +112,12 @@ class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService
         *
         * @param array $user User data array
         * @param array $loginData Login data array
-        * @param string $security_level Login security level (optional)
         * @return boolean TRUE if login data matched
         * @todo Define visibility
         */
-       public function compareUident(array $user, array $loginData, $security_level = 'normal') {
+       public function compareUident(array $user, array $loginData) {
                $validPasswd = FALSE;
-               // Could be merged; still here to clarify
-               if (TYPO3_MODE === 'BE') {
-                       $password = $loginData['uident_text'];
-               } elseif (TYPO3_MODE === 'FE') {
-                       $password = $loginData['uident_text'];
-               }
+               $password = $loginData['uident_text'];
                // Determine method used for given salted hashed password
                $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
                // Existing record is in format of Salted Hash password
index f440217..bda31c7 100644 (file)
@@ -65,30 +65,12 @@ class AuthenticationService extends \TYPO3\CMS\Sv\AbstractAuthenticationService
                if (!empty($loginData['uident_text'])) {
                        $loginData['uident_challenged'] = (string) md5(($loginData['uname'] . ':' . $loginData['uident_text'] . ':' . $loginData['chalvalue']));
                        $loginData['uident_superchallenged'] = (string) md5(($loginData['uname'] . ':' . md5($loginData['uident_text']) . ':' . $loginData['chalvalue']));
-                       $this->processOriginalPasswordValue($loginData);
                        $isProcessed = TRUE;
                }
                return $isProcessed;
        }
 
        /**
-        * This method ensures backwards compatibility of the processed loginData
-        * with older TYPO3 versions.
-        * Starting with TYPO3 6.1 $loginData['uident'] will always contain the raw
-        * value of the submitted password field and will not be processed any further.
-        *
-        * @param array $loginData
-        * @deprecated will be removed with 6.1
-        */
-       protected function processOriginalPasswordValue(&$loginData) {
-               if ($this->authInfo['security_level'] === 'superchallenged') {
-                       $loginData['uident'] = $loginData['uident_superchallenged'];
-               } elseif ($this->authInfo['security_level'] === 'challenged') {
-                       $loginData['uident'] = $loginData['uident_challenged'];
-               }
-       }
-
-       /**
         * Find a user (eg. look up the user record in database when a login is sent)
         *
         * @return mixed User array or FALSE
index b1285c6..ead7bf2 100644 (file)
@@ -210,11 +210,7 @@ class PreviewController extends \TYPO3\CMS\Workspaces\Controller\AbstractControl
                if (!$GLOBALS['BE_USER']->check('modules', $pageModule)) {
                        $pageModule = '';
                }
-               $menuFrameName = 'menu';
-               if ($GLOBALS['BE_USER']->uc['noMenuMode'] === 'icons') {
-                       $menuFrameName = 'topmenuFrame';
-               }
-               // determine security level from conf vars and default to super challenged
+               // Determine security level from conf vars and default to super challenged
                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
                        $loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
                } else {
@@ -226,7 +222,7 @@ class PreviewController extends \TYPO3\CMS\Workspaces\Controller\AbstractControl
                        'PATH_typo3_enc' => rawurlencode($pathTYPO3),
                        'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
                        'uniqueID' => GeneralUtility::shortMD5(uniqid('')),
-                       'securityLevel' => $this->loginSecurityLevel,
+                       'securityLevel' => $loginSecurityLevel,
                        'TYPO3_mainDir' => TYPO3_mainDir,
                        'pageModule' => $pageModule,
                        'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0,