1. 12 Dec, 2020 1 commit
  2. 21 Jul, 2020 1 commit
    • Benni Mack's avatar
      [!!!][TASK] Remove lockToDomain feature for BE and FE · 0ce30f0a
      Benni Mack authored and Georg Ringer's avatar Georg Ringer committed
      Both fe_users/be_users and be_groups/fe_groups have a feature called "lockToDomain".
      
      Although it is called the same, it has a different use-case:
      
      * Users: If lockToDomain is set, the user is only allowed to login when a given HTTP_HOST is given.
      * Groups: If lockToDomain is set, the group is only added to the logged in user, if the HTTP_HOST matches this domain.
      
      Both features are rarely used, and even in multi-tenant setups not viable or flexible
      enough. In addition, the features are not any additional security measures as HTTP_HOST can be faked.
      
      They both add unneeded complexity for the rare use of a similar feature,
      a custom extension should be used.
      
      Plus: All of these features can be added via extensions, depending on a
      specific use case of an installation, so _if_ people use it, custom extensions
      should be used instead for the specific use case they have.
      
      The database fields, TCA definitions, labels, domain model logic in Extbase
      and actual validation within the AuthenticationService and BE_USER are removed
      without any substitution.
      
      Resolves: #91782
      Releases: master
      Change-Id: I4a12185b79efaf1e3bded5120675e3c1095dcd42
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65011
      
      
      Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
      Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      Reviewed-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
      0ce30f0a
  3. 25 May, 2020 1 commit
  4. 05 Jul, 2019 1 commit