-
Both fe_users/be_users and be_groups/fe_groups have a feature called "lockToDomain". Although it is called the same, it has a different use-case: * Users: If lockToDomain is set, the user is only allowed to login when a given HTTP_HOST is given. * Groups: If lockToDomain is set, the group is only added to the logged in user, if the HTTP_HOST matches this domain. Both features are rarely used, and even in multi-tenant setups not viable or flexible enough. In addition, the features are not any additional security measures as HTTP_HOST can be faked. They both add unneeded complexity for the rare use of a similar feature, a custom extension should be used. Plus: All of these features can be added via extensions, depending on a specific use case of an installation, so _if_ people use it, custom extensions should be used instead for the specific use case they have. The database fields, TCA definitions, labels, domain model logic in Extbase and actual validation within the AuthenticationService and BE_USER are removed without any substitution. Resolves: #91782 Releases: master Change-Id: I4a12185b79efaf1e3bded5120675e3c1095dcd42 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65011 Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
0ce30f0a
