This project is mirrored from https://git.typo3.org/typo3/typo3.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Last successful update .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Last successful update .
- 02 Aug, 2021 1 commit
-
-
Christian Kuhn authored
Extbase provides a couple of generic domain repositories and models, especially frontend / backend users and groups. Those are flawed by design: The main issue is that domain models have to be specific for the domain they are used in. By definition, a generic, opinionated model can't be "correct" since the domain it is used in, is unique: It might be that a backend user email has to be set and the domain does not model anything but email and firstname? Many usages don't need backend groups attached to a backend user model at all, or if they need them, then maybe in a recursive presentation, or a specific order or something similar. Having a default group resolution is thus at least misleading, if not wrong, and can be a performance issue on top. A generic model can never foresee its usages. The existing models thus try to 1:1 adapt the database fields, which is also misleading since a domain model is not and should not be a direct representation of a database table. It would only be by chance if the generic models fit a specific domain. Similar issues exist with the repositories: The CategoryRepository for instance assumes it is a good idea to set respectStoragePid(false), which is most likely not the right thing for an extension use. In the end, whatever extbase delivers here, is most likely wrong and does not fit the problem domain. The patch keeps the 'experimental' FAL related models since those can be actually useful for extensions and their final fate has not been decided, yet. The other generic models, especially those with lots of properties are marked as deprecated with the patch. Change-Id: I06629fddd0258c517f3fa8bdf2e9c4b342be9678 Resolves: #94654 Related: #83296 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70061 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 26 Jul, 2021 1 commit
-
-
Benni Mack authored
The GitHub main repository has been renamed from "TYPO3/TYPO3.CMS" to "typo3/typo3". The new URL is https://github.com/typo3/typo3 This change reflects all places in TYPO3 Core to adapt to this renaming. Resolves: #94639 Releases: master, 10.4, 9.5 Change-Id: Ia5c3136a48b8b4580283277da4b7b11768c32132 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70092 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Susanne Moog <look@susi.dev> Tested-by:
-
- 22 Jul, 2021 1 commit
-
-
Christian Kuhn authored
To further clean up ext:beuser and allow more refactoring of the extension, the BackendUser model no longer extends the ext:extbase base BackendUser model. The patch is a straight merge of the lower class for now and further patches will follow. Resolves: #94614 Releases: master Change-Id: I79978cdae8538ce04b15bc703ad0eefc415f6d27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70025 Tested-by:
core-ci <typo3@b13.com>
Tested-by: 
Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 16 Jul, 2021 1 commit
-
-
The PermissionController was previously handled via extbase, even though no pure Extbase-related feature (validation, type-converting, persistence) was used. Furthermore a combination of non-extbase arguments and extbase-prefixed arguments was used, leading to a couple of GeneralUtility::_GP() usages. To clean up the controller, it is now not longer registered as extbase module, while keeping the module name "system_BeuserTxPermission" for backwards-compatibility reasons. Furthermore, is the PermissionAjaxController, used for inline updates in the tree view, moved into the PermissionController. This allowed to streamline and clean up its only endpoint. Besides the clean up, some things got improved, e.g. the shortcut button does now also take the current action into account and all used labels can now be translated. Resolves: #94564 Releases: master Change-Id: Ic03e341df5b69aa154be1a5b737df2eecc433e55 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69893 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 13 Jul, 2021 2 commits
-
-
Benni Mack authored
Change-Id: I3380d28e1da80e182f073ce7ed38c893c7ffdc9a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69821 Tested-by:
core-ci <typo3@b13.com>
Tested-by: -
Benni Mack authored
Change-Id: Icc6e6e01c230ea991a44c49908dd687cd54a867e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69820 Tested-by:
-
- 30 Jun, 2021 2 commits
-
-
Oliver Bartsch authored
Since #94428, the extbase Request implements the PSR-7 ServerRequestInterface. Therefore, all usages of $GLOBALS['TYPO3_REQUEST'] in core extbase controllers are now replaced by accessing the extbase Request object instead. Since the extbase RequestInterface does not yet extend the PSR-7 ServerRequestInterface, as this would be a breaking change, the property type annotation of $request is changed to the specifc Request implementation, to still allow IDE support. Resolves: #94448 Related: #94428 Releases: master Change-Id: Icc8697993eae55766c21bc98d0e1e222d974ebfc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69674 Tested-by:
Jochen <rothjochen@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de> -
Resolves: #94436 Related: #92784 Releases: master Change-Id: I98d1a8d08e44ebf3b9626d6ead686059acd95db2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69659 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 29 Jun, 2021 1 commit
-
-
The switch user handling was previously placed in EXT:beuser, more precisely in the BackendUserControllers' indexAction. It was therefore necessary to link to the extbase based controller with a mix of prefixed arguments and the non prefixed "switchUser" argument. Latter was internally evaluated with GU:_GP(). This means, switching users was done via GET requests in an extbase action, but only in case a non extbase prefixed argument was set. In #94209 this got worse when the BackendUserGroupController was merged into BackendUserController. Since this controller features a "remember my last action" functionality, switch user could no longer reliably be triggered. The evaluation of the non extbase prefixed "switchUser" argument only took place in the "user listing" (indexAction) and the success of the call therefore depended on the users' last called action, as this action was automatically used. This patch now extracts the switch user functionality from EXT:beuser into a dedicated EXT:backend controller, featuring two ajax routes "/switch/user" and "/switch/user/exit". Both accessible via POST requests only. To trigger those requests, a new JS module "TYPO3/CMS/Backend/SwitchUser" is introduced. This also allows to completely remove the logout hook by using the concrete markup (custom element) for the "exit" button. Resolves: #94426 Related: #94209 Releases: master Change-Id: I556b323fe6ae77cf696e7e34dbbe269eb4f9927a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69635 Tested-by:
core-ci <typo3@b13.com>
Tested-by:
-
- 31 May, 2021 1 commit
-
-
In case administrators don't want their users to initiate the reset password process, they have to set the global configuration option "passwordReset" to false. This however also prevents administrators from using the cli command or the action in the backend user module. Therefore, some things changed in the password reset implementation: - `passwordReset` now only affects the login screen - The CLI command is always enabled (requires shell access since the command is not schedulable) - Initiating password reset in the backend can be managed separately with a new user TSconfig option Also the descriptions of the global configuration options are adjusted. Actually `passwordResetForAdmins` previously mentioned that setting this to FALSE will only affect the login screen, which was not the case. It always affected all places. In the end, this enables administrators to be more precise when configuring the password reset functionality in their installations. Resolves: #91496 Releases: master Change-Id: Ic74080adffbaf55f82189dffddb93fdd601034e2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69268 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Richard Haeser <richard@richardhaeser.com> Reviewed-by:
Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 30 May, 2021 1 commit
-
-
Did you know there's supposed to be a context menu entry on pages in 'more' section that jumps to the edit access view of the permission module? No? Well, it's broken since the v8 context menu rewrite and never rendered due to insufficient initialization. forge doesn't have a single bug report about this, it seems nobody ever missed that entry. This is probably due to its limited use - the access module is used by admins rather seldom, as soon as the basic access rights system has been done for an instance and some pageTS settings take care of setting proper access for new pages, there is little need to fiddle with it often. And if it's used, it's accessed via the main module. Let's drop the implementation of the context menu entry instead of fixing it, to not bloat the 'more' section with an entry nobody missed. Resolves: #94237 Related: #78192 Releases: master Change-Id: I6c87ad8b9f4f2945b29b540e800811ab607bdadd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69329 Tested-by:
core-ci <typo3@b13.com>
Tested-by: 
Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by:
-
- 29 May, 2021 2 commits
-
-
ext:beuser BackendUserRepository extends ext:extbase BackendUserGroupRepository, which is of course bogus. It triggers an unneeded call of extbase BackendUserGroupRepository->initializeObject(), which explicitely sets respectStoragePage(false) on query settings. This is redundant since [ctrl][rootLevel] = 1 of the be_user table TCA triggers the same call via the DataMapper. Change-Id: Id809f83fae549e859a426a615c0865d84a5c7250 Resolves: #94229 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69317 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
Reviewed-by: -
Both settings are useless: * The storagePid = 0 setting is ignored for be_users and be_groups queries since the extbase DataMapper sets setRespectStoragePage(false) automatically because both tables have TCA ctrl rootLevel = 1. * The check for this funny 'dummy = foo' has been removed from the controller years ago. Change-Id: Ic5ee3207ae1a7bbe17de640e5dbe61a39492a844 Resolves: #94232 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69322 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com> Tested-by:
Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 27 May, 2021 1 commit
-
-
Christian Kuhn authored
A while after the PHP based ModuleTemplate API has been introduced back in 2015, a couple of fluid view helpers have been added to ext:backend as a second way to handle full backend module content like the doc header. It found an example use in ext:beuser. Development however stopped at this point, the provided view helpers are only a sub set of the PHP based API and they didn't find broader use within the core - all other backend modules stick to the ModuleTemplate based API. On a structural level, those view helpers are questionable: They move functionality to the view component which is arguably more a controller task. The ext:beuser module proofes this since it had to assign controller knowledge like the current action and controller name to the view in order to render the doc header module down and shortcut buttons. The patch drops usages of these view helpers in ext:beuser, plus the minor usages of the outer ModuleLayout view helper in ext:install and ext:belog, substitutes them with the PHP ModuleTemplate API within controllers, and deprecates the full set of ModuleLayout view helpers. The change sharpens our separation between controller and view: The "outer" module handling like doc header buttons and menus are tied to controller logic and should be located there, while the module body is rendered by a fluid view. As a bonus, a couple of issues within ext:beuser are fixed along the way, since they can now be easily solved and were rather hard to tackle with the view helper based approach: * The beuser module now remembers state and jumps to for instance the group sub module when a user selected this last. This is now in line with many other backend modules that do the same. * Shortcuts to single user details work. * The main doc header drop down can now contain all possible sub modules, including those that are available only indirectly, for instance the single user details view. This is good when calling these from shortcuts. Change-Id: Idef3aa6975e97677c1da0cef57f70c855bd2ea9f Resolves: #94209 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69269 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 26 May, 2021 3 commits
-
-
With the bootstrap update in #93126 the data attribute name to set the modal content changed from `data-content` to `data-bs-content`. This patch now adjust all remaining places to display the action specific content, instead of the default "Are you sure?", again. Resolves: #94199 Releases: master Change-Id: I0ca3967dcd831ad31050e170b4d91ef93932cd27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69267 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by: -
Since #94186, extbase controller actions are required to return a PSR-7 response interface. To ease the use for extension authors, the helper method `htmlResponse()` was added to the ActionController. If no data is provided, $this->view->render() is automatically used as response body. This is more or less the usual behaviour of most extbase actions and therefore also described in the corresponding RST. Since core code is often used as example for custom implementations, those places should follow the best practices, described in the RST. Therefore, this patch adjust all places in core, which call htmlResponse() and unnecessarily pass $this->view->render() as data. Resolves: #94186 Releases: master Change-Id: Id6ac4f92cc9b6fdb70150a2de4ea5a6877a9a55f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69229 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Jochen <rothjochen@gmail.com>
Reviewed-by: -
With the introduction of the new backend module web component router, the title of the backend windows will be set to the title of the main iframe. Most of the modules didn't provide a proper name though. For most modules we have a proper name now which will show up in the title of the backend window, if no title is propagated by the module, the backend router will fallback to the default backend title. As the format of the title is quite "personal". If you are used to have opened more TYPO3 backend windows, you would like to see which installation you have open. If you only work in one backend, you might want to see on which module you are currently working. It is possible to set the order of the title of the backend within your user settings now. By default it will be title - siteName [version] Resolves: #94182 Releases: master Change-Id: I02602650370140217aa252bbd8e29ea4e05d994a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69172 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 25 May, 2021 1 commit
-
-
Benni Mack authored
The database table sys_language has become obsolete with the introduction of site handling and site languages. Since language configuration is not content, it does not have to be included system-wide in the database. Therefore the table is now marked as deprecated and not referenced in the Core anymore. This means, that this patch removes any direct usages of sys_language in the core, except the site configuration module, as this requires an overall rework of how site languages can be created and pre-filled in the GUI and is therefore handled in a separate patch. This also enables us to possibly use locales (and unify the typo3 languages to locales) for content in the future. Resolves: #94165 Releases: master Change-Id: I8612c9f8df1b90201fc4315307a405f963325d82 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68468 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 19 May, 2021 1 commit
-
-
Daniel Goerz authored
* EXT: backend * EXT: belog * EXT: beuser In addition an adjustment is added that was forgotten in https://review.typo3.org/c/Packages/TYPO3.CMS/+/69038 Resolves: #94126 Releases: master Change-Id: I610b39268d417344517e76d7cc436da50d3db898 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69134 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 14 May, 2021 1 commit
-
-
PHP 8 promotes a lot of notices (previously ignored) to warnings. That means they can no longer be ignored. Resolves: #94057 Releases: master Change-Id: I37de1b7e8e31eb2be78b8e90af015bc88e121791 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69012 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 05 May, 2021 1 commit
-
-
Since #94046, the reset buttons, used in the EXT:beuser and EXT:redirects modules, have an insufficient color contrast and are therefore changed to `btn-link`, restoring the previous display. Resolves: #94070 Related: #94046 Releases: master Change-Id: I115174b5ccff513064c7cea1266fbd6be22cfb58 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69032 Tested-by:
core-ci <typo3@b13.com>
Tested-by:
-
- 04 May, 2021 3 commits
-
-
Oliver Bartsch authored
Improves the overall look and feel of the filters in various backend modules, thanks to the new bootstrap v5 grid. We can therefore now rely on flex-form instead of float technology. By using the `g-X` gutter classes and the `align-items-X` arrangement classes, we ensure the positioning and spacing is the same in each module. This allows to effectively remove the `form-inline-spaced` class since this can easily be done with flex-form and the mentioned classes in bootstrap v5. Adjustments done: * Use of flex-form to align and position form fields * Add missing labels and unify arrangement * Adjust size and position of form components * Unify select field size * Unify search field display * Unify submit and reset button styles Resolves: #94042 Resolves: #94026 Releases: master Change-Id: Iae95a3e90179c6708ce6e1f0f272f267b6cae645 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68926 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de> Tested-by:
Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de> -
Change-Id: Ib8345499805813806ead6c0068fb0db6834b8f34 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68984 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Benni Mack authored
Change-Id: If9e35910fbf5556a93557ae17c2f3dba23748080 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68982 Tested-by:
-
- 30 Apr, 2021 1 commit
-
-
* Store an array in uc instead of serialized objects * PHP 7.4 strictness in some classes * Simplified inheritance chain * Drop a service class of little use by merging calls to controller * Avoid another ObjectManager->get() call * Minor bugfix that a shortcut to 'compare users' is not reflected in module menu drop down * Minor cosmetics Change-Id: I73bd2f884573807a819e4ae0d68c93897641b0f1 Resolves: #94025 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68924 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 28 Apr, 2021 1 commit
-
-
This change simplifies the ExportPageTreeView to extend from AbstractTreeView directly, making the intermediate subclassing to BrowseTreeView obsolete. In addition, several properties which are only used within ExportPageTreeView are moved into this class, reducing the actual logic within AbstractTreeView. Unused properties such as "MOUNTS", "bank" and "stored" are moved to the respective usage'd subclasses. Resolves: #94007 Releases: master Change-Id: Ieba1fd4fa6d8df33d1ebdb047f6d76b1b3413bfb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68901 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 27 Apr, 2021 1 commit
-
-
Various code occurrences within the legacy tree implementations, which were marked as internal are removed (e.g. the method to evaluate a "PM" query parameter) as the functionality is not needed anymore, along with some unused properties as well, which are never evaluated anymore due to the removal of the methods. Resolves: #93990 Releases: master Change-Id: I3b8841959156f87fafed7eb58bea01770ea9dce6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68877 Tested-by:
core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 24 Mar, 2021 2 commits
-
-
This introduces various tests for the previously introduced MFA feature and its classes. Resolves: #93566 Releases: master Change-Id: Ibc771b40cad2473dbc15a8131b1335db4f117177 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68052 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
core-ci <typo3@b13.com>
Tested-by: -
Georg Ringer authored
Update all XLIFF files to use version 1.2, which makes it possible to use a validation schema. Also drop the TYPO3-specific XLIFF file IDs (together with the reference to the corresponding XML namespace) as those are not needed anymore, but prevented XML validation. Also drop checking the XLIFF file IDs from the CI jobs as this does not make sense anymore now. This change does not fix the discovered validation errors in the XLIFF files. This will come later in a separate change. Resolves: #93594 Releases: master, 10.4 Change-Id: I1f263b0a5a7f170e90a906d7992d7bbf08503f7d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68169 Tested-by:
core-ci <typo3@b13.com>
Tested-by:
-
- 23 Feb, 2021 2 commits
-
-
Change-Id: I27ce98bf74121f0e30a39d5c078901a2ecdb9242 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68055 Tested-by:
core-ci <typo3@b13.com>
Tested-by: -
Benni Mack authored
Change-Id: I88d5f2a08c28e121705be557dc3c9278902f69e4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68054 Tested-by:
-
- 19 Feb, 2021 1 commit
-
-
A new API is introduced, providing multi-factor authentication for the Core. The API is furthermore directly used to add two MFA providers by default: * TOTP (time-based one-time passwords) * Recovery codes Even if the API is designed to allow MFA in both, backend and frontend, it is currently only implemented into the backend. Users can therefore configure their available MFA providers in a new backend module, accessible via their user settings. There are also some configuration options for administrators to e.g. define a recommended provider or to disallow available providers for specific users or user groups. Administration of the users' MFA providers is possible for administrators in the corresponding user records. New providers can be introduced by implementing the MfaProviderInterface and tagging the service with the `mfa.provider` tag. Note that the API is currently marked as internal since changes in upcoming patches are to be expected. Following dependencies are introduced: * bacon/bacon-qr-code "^2.0" * christian-riesen/base32 "^1.5" Possible features that could follow later-on: * MFA frontend integration * Webauthn core provider for FIDO2 and U2F. * Forcing users to set up MFA on login * Password-recovery with active MFA Resolves: #93526 Releases: master Change-Id: I4e902be624c80295c9c0c3286c90a6a680feeb5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67548 Reviewed-by:
core-ci <typo3@b13.com>
Tested-by:
-
- 11 Feb, 2021 1 commit
-
-
Passing a current page number which exceeds the maximum number of pages to the paginator is now silently resolved by using the last available page as the current page. This is done to prevent empty results, since such value can be passed unintentionally by a user. For example in case some internal state changed after the view was initially rendered or the view does not perform checks on this value at all. The later will now be prevented at least in core by adding the "max" attribute to all core paginations which previously missed it. Resolves: #93351 Releases: master, 10.4 Change-Id: I56fa1bd0ea62b7ddf7ea049819efc403fdf70d10 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67509 Tested-by:
Jochen <rothjochen@gmail.com>
Tested-by: Jochen <rothjochen@gmail.com>
Reviewed-by:
-
- 03 Feb, 2021 1 commit
-
-
The help button belongs to the toolbar and not within the content area. Resolves: #93416 Releases: master Change-Id: Ie28f3f3fcedc53d4addbfcff8bd83576be8a4200 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67634 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 25 Jan, 2021 1 commit
-
-
The user name and group name are stored as data attribute in the "reset" button in the permission module once somebody wants to change the owner/group of a page. If the button is clicked, the stored value is recovered. Since the value might contains HTML entities, these values get escaped before written back into DOM. Additionally, the unnecessary "not set" span element has been removed. Resolves: #93335 Releases: master Change-Id: I9255d8b263f6bacf7991913b004eb3c7acdebbaf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67508 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 20 Jan, 2021 1 commit
-
-
The permissions module previously used a lot of anchor elements without a target defined. To improve accessibility and semantic correctness these selectors are now changed to button tags. Resolves: #93306 Releases: master, 10.4 Change-Id: I181264307294bd84e0896d1602ddd8c9dc313167 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67460 Tested-by:
-
- 19 Jan, 2021 1 commit
-
-
The Permissions backend module and its JavaScript module now ditch jQuery in favor of native browser API and TYPO3 API. The JavaScript has been refactored a little bit; initially checking the permission checkboxes or writing back the calculcated permission value is now decoupled and executed in the Permission module only. To support for..of with NodeList collections, TypeScript now loads the internal "dom.iterable" library. Additionally, the interim solution to add `editform` to Document has been removed which made another change in LinkPopup necessary. Furthermore, a bug has been fixed, where the value of the first visible select element was used when saving any other select element with a completely different value. Resolves: #93301 Releases: master Change-Id: Iffede862a0eb36e805a5f127d7b19f32c899ce31 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67457 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 18 Jan, 2021 1 commit
-
-
User and group names in the access module are no longer shortened after 20 characters. It is now possible to see the full 50 characters. In addition, a title attribute has been added. Resolves: #93089 Releases: master Change-Id: If37d24235ff445297548a2830e5745cb889d5a32 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67363 Tested-by:
Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by:
-
- 07 Jan, 2021 2 commits
-
-
The "route" GET parameter is deprecated since #93048. Therefore the route path has now to be fetched from the request object instead. This patch replaces all places in core where the route is still fetched via GET. It's currently often necessary to access $GLOBALS['TYPO3_REQUEST'] therefore, since the request object is not always present at those places. This will be tackeled in upcoming patches. Resolves: #93158 Releases: master Change-Id: I6e163919b19484171b6ebf8087fdc650cf977c9c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67355 Tested-by:
-
When a controller finds some pre-requisites of the called action are not fulfilled, it can create an 'early' response and throw it as ImmediateResponseException. This exception bypasses the middleware stack, and is caught in the Application to emit the response. This is a big win in contrast to die/exit calls. Some middlewares however expect to be always called when the response bubbles up. Good examples are 'locking' middlewares: They set up a lock when called, dispatch to inner middlewares, and tear town the lock when a response is retrieved. The tear down code of those middlewares is bypassed when a controller throws an ImmediateResponseException. The patch introduces a second exception: PropagateResponseException. This one is caught by a new very inner middleware positioned at the end of the middleware stack, just before the request is dispatched to some controller. It then sends the response up the outer middlewares. This allows middlewares like a 'locking' middleware to do it's job without being bypassed, and at the same time allows a controller to bypass any further local processing by throwing such a response exception. ImmediateResponseException exists as before and can still be used to directly bypass the middleware stack and is kept as safety net in case a PropagateResponseException is thrown within a middleware. PropagateResponseException therefore extends ImmediateResponseException. It's however discouraged to throw ImmediateResponseException from within controllers - they require knowledge on what middlewares do in their 'tear down' part and there shouldn't be a reason to bypass them. Middleware/BackendUserAuthenticator is adapted to properly handle ImmediateResponseException that would have been thrown BackendUserAuthentication::backendCheckLogin(). BackendUserAuthentication is therefore refactored to allow to call the backend login initialization without (duplicate) login check. This allows to propagate redirect/maintenance responses. Releases: master Resolves: #93007 Change-Id: I291d9d532e7fa289b803e5eef38b23402e57e8ba Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67042 Tested-by:
-
