[TASK] Deprecate authentication related compareUident() method 20/58020/2
authorChristian Kuhn <lolli@schwarzbu.ch>
Thu, 23 Aug 2018 23:46:06 +0000 (01:46 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Fri, 24 Aug 2018 06:58:59 +0000 (08:58 +0200)
The patch deprecates the unused compareUident() from
AbstractAuthenticationService that calls the also unused method
with the same name from AbstractUserAuthentication.

The code is dead left over stuff from pre password hashing era
and can be safely deprecated now.

Resolves: #85960
Releases: master
Change-Id: I5f02562e35abb27a4126998193edf827edb168ac
Reviewed-on: https://review.typo3.org/58020
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Authentication/AbstractAuthenticationService.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Documentation/Changelog/master/Deprecation-85960-CompareUidentDeprecated.rst [new file with mode: 0644]
typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php

index a4cad40..6fc9f23 100644 (file)
@@ -97,9 +97,11 @@ class AbstractAuthenticationService extends AbstractService
      * @param array $loginData Login data array
      * @param string $passwordCompareStrategy Password compare strategy
      * @return bool TRUE if login data matched
+     * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.
      */
     public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '')
     {
+        trigger_error('This method will be removed in TYPO3 v10.', E_USER_DEPRECATED);
         return $this->pObj->compareUident($user, $loginData, $passwordCompareStrategy);
     }
 
index 83a0e23..86ed588 100644 (file)
@@ -1400,9 +1400,11 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
      * @param array $loginData Login data array
      * @param string $passwordCompareStrategy Alternative passwordCompareStrategy. Used when authentication services wants to override the default.
      * @return bool TRUE if login data matched
+     * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.
      */
     public function compareUident($user, $loginData, $passwordCompareStrategy = '')
     {
+        trigger_error('This method will be removed in TYPO3 v10.', E_USER_DEPRECATED);
         return (string)$loginData['uident_text'] !== '' && (string)$loginData['uident_text'] === (string)$user[$this->userident_column];
     }
 
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-85960-CompareUidentDeprecated.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-85960-CompareUidentDeprecated.rst
new file mode 100644 (file)
index 0000000..f379deb
--- /dev/null
@@ -0,0 +1,37 @@
+.. include:: ../../Includes.txt
+
+==============================================
+Deprecation: #85960 - compareUident deprecated
+==============================================
+
+See :issue:`85960`
+
+Description
+===========
+
+Two methods related to old plain text or simple md5 related password checking have
+been deprecated after those have been unused or overriden for a while already:
+
+* php:`TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->compareUident()`
+* php:`TYPO3\CMS\Core\Authentication\AbstractAuthenticationService->compareUident()`
+
+
+Impact
+======
+
+Calling the above methods will log deprecation level errors.
+
+
+Affected Installations
+======================
+
+Instances using special authentication extensions are unlikely to be, but might be
+affected. The extension scanner should find usages.
+
+
+Migration
+=========
+
+Do not use plain text or simple md5 based password comparison in authentication services.
+
+.. index:: PHP-API, FullyScanned
\ No newline at end of file
index 12bf42a..a037475 100644 (file)
@@ -2991,4 +2991,18 @@ return [
             'Deprecation-85164-LanguageRelatedMethods.rst'
         ],
     ],
+    'TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->compareUident' => [
+        'numberOfMandatoryArguments' => 2,
+        'maximumNumberOfArguments' => 3,
+        'restFiles' => [
+            'Deprecation-85960-CompareUidentDeprecated.rst'
+        ],
+    ],
+    'TYPO3\CMS\Core\Authentication\AbstractAuthenticationService->compareUident' => [
+        'numberOfMandatoryArguments' => 2,
+        'maximumNumberOfArguments' => 3,
+        'restFiles' => [
+            'Deprecation-85960-CompareUidentDeprecated.rst'
+        ],
+    ],
 ];