-
Notifications
You must be signed in to change notification settings - Fork 653
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[!!!][TASK] Remove lockToDomain feature for BE and FE
Both fe_users/be_users and be_groups/fe_groups have a feature called "lockToDomain". Although it is called the same, it has a different use-case: * Users: If lockToDomain is set, the user is only allowed to login when a given HTTP_HOST is given. * Groups: If lockToDomain is set, the group is only added to the logged in user, if the HTTP_HOST matches this domain. Both features are rarely used, and even in multi-tenant setups not viable or flexible enough. In addition, the features are not any additional security measures as HTTP_HOST can be faked. They both add unneeded complexity for the rare use of a similar feature, a custom extension should be used. Plus: All of these features can be added via extensions, depending on a specific use case of an installation, so _if_ people use it, custom extensions should be used instead for the specific use case they have. The database fields, TCA definitions, labels, domain model logic in Extbase and actual validation within the AuthenticationService and BE_USER are removed without any substitution. Resolves: #91782 Releases: master Change-Id: I4a12185b79efaf1e3bded5120675e3c1095dcd42 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65011 Tested-by: Daniel Goerz <daniel.goerz@posteo.de> Tested-by: TYPO3com <noreply@typo3.com> Tested-by: Georg Ringer <georg.ringer@gmail.com> Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
- Loading branch information
1 parent
edce3cc
commit 0ce30f0
Showing
28 changed files
with
66 additions
and
353 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
typo3/sysext/core/Documentation/Changelog/master/Breaking-91782-LockToDomain.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
.. include:: ../../Includes.txt | ||
|
||
====================================================================================================== | ||
Breaking: #91782 - lockToDomain feature for frontend users / groups and backend users / groups removed | ||
====================================================================================================== | ||
|
||
See :issue:`91782` | ||
|
||
Description | ||
=========== | ||
|
||
TYPO3 Core shipped with a feature called "lockToDomain" for Frontend users and backend users which made the user login only valid if the exact given HTTP_HOST matches the filled domain. | ||
|
||
A similar functionality, but with the same name for groups existed, which only added the group to a specific user during a session, if the user was accessing a TYPO3 site under a specific domain. | ||
|
||
Both features have been removed. | ||
|
||
Impact | ||
====== | ||
|
||
Frontend users or backend users that have this option set previously, will now be able to login independent of the defined HTTP_HOST header sent with the login page. | ||
|
||
Regardless of any setting of the "lockToDomain" setting of a specific group, all groups added | ||
to a user are now applied during login of a user, both for frontend and backend. | ||
|
||
|
||
Affected Installations | ||
====================== | ||
|
||
TYPO3 Installations using this feature in their database records. When in doubt, this can be identified by running SQL SELECT statements to identify users actively using this feature. | ||
|
||
Frontend Users: | ||
* "SELECT uid, pid, username FROM fe_users WHERE lockToDomain != '' AND lockToDomain IS NOT NULL;" | ||
|
||
Backend Users: | ||
* "SELECT uid, pid, username FROM be_users WHERE lockToDomain != '' AND lockToDomain IS NOT NULL;" | ||
|
||
Frontend Groups: | ||
* "SELECT uid, pid, username FROM fe_groups WHERE lockToDomain != '' AND lockToDomain IS NOT NULL;" | ||
|
||
Backend Groups: | ||
* "SELECT uid, pid, username FROM be_groups WHERE lockToDomain != '' AND lockToDomain IS NOT NULL;" | ||
|
||
|
||
Migration | ||
========= | ||
|
||
Any installations needing this feature should build this in | ||
custom extensions extending TCA and a custom Authentication Service. | ||
|
||
In addition, if such a feature is needed for frontend users | ||
or groups, it is recommended to use the storagePid option to limit | ||
frontend user login by Storage Folders. | ||
|
||
.. index:: Database, TCA, NotScanned, ext:core |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.