[FEATURE] Enable validation of password via hooks during password

changes Add a new $_param variable "passwordValid" and "passwordInvalidMessage" process via Hook. In the Hook to can do your own validation or other stuff and set "passwordValid" to false an generate a Message to "passwordInvalidMessage". If $hookPasswordValid is false then the password is not set in DB and the script runs its normal way. (it will redirect to the PasswordChange Form an prints the "passwordInvalidMessage") Resolves: #87726 Releases: master Change-Id: I89f37e7c5036254b40aa4fffe65a4e6cf2cc213f Reviewed-on: https://review.typo3.org/c/59714 Tested-by: TYPO3com <noreply@typo3.com> Tested-by: Susanne Moog <susanne.moog@typo3.org> Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by: Susanne Moog <susanne.moog@typo3.org> Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
TYPO3 · Feb 23, 2019 · 23218f6 · 23218f6
1 parent 7b320c7
commit 23218f6
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 26 deletions.
diff --git a/...og/master/Feature-87726-ExtendFrontendLoginControllerHookToValidatePassword.rst b/...og/master/Feature-87726-ExtendFrontendLoginControllerHookToValidatePassword.rst
@@ -0,0 +1,36 @@
+.. include:: ../../Includes.txt
+
+==========================================================================
+Feature: #87726 - Extend FrontendLoginController Hook to validate password
+==========================================================================
+
+See :issue:`87726`
+
+Description
+===========
+
+The Hook `$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']` is extended to validiade the given password.
+In the Hook you can set a custom validation Message.
+
+
+Impact
+======
+
+You can now use the hook via:
+
+.. code-block:: php
+
+	$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = \Your\Namespace\Hooks\MyBeautifulHook::class . '->passwordChanged';
+
+Example implementation:
+-----------------------
+.. code-block:: php
+	public function passwordChanged(array &$params)
+	{
+		if($params['newPasswordUnencrypted']==='password'){
+			$params['passwordValid']=FALSE;
+			$params['passwordInvalidMessage']='<p class="text-danger">Do not use password as password</p>';
+		}
+	}
+
+.. index:: Frontend, ext:felogin, PHP-API
diff --git a/typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php b/typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
@@ -368,46 +368,57 @@ protected function changePassword()
                         $newPass = $hashInstance->getHashedPassword($postData['password1']);
 
                         // Call a hook for further password processing
+                        $hookPasswordValid = true;
                         if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
                             $_params = [
                                 'user' => $user,
                                 'newPassword' => $newPass,
-                                'newPasswordUnencrypted' => $postData['password1']
+                                'newPasswordUnencrypted' => $postData['password1'],
+                                'passwordValid' => true,
+                                'passwordInvalidMessage' => '',
                             ];
                             foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
                                 if ($_funcRef) {
                                     GeneralUtility::callUserFunction($_funcRef, $_params, $this);
                                 }
                             }
                             $newPass = $_params['newPassword'];
+                            $hookPasswordValid = $_params['passwordValid'];
+
+                            if (!$hookPasswordValid) {
+                                $markerArray['###STATUS_MESSAGE###'] = $_params['passwordInvalidMessage'];
+                            }
                         }
 
-                        // Save new password and clear DB-hash
-                        $userTable = $this->frontendController->fe_user->user_table;
-                        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
-                        $queryBuilder->getRestrictions()->removeAll();
-                        $queryBuilder->update($userTable)
-                            ->set('password', $newPass)
-                            ->set('felogin_forgotHash', '')
-                            ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
-                            ->where(
-                                $queryBuilder->expr()->eq(
-                                    'uid',
-                                    $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
+                        // Change Password only if Hook returns valid
+                        if ($hookPasswordValid) {
+                            // Save new password and clear DB-hash
+                            $userTable = $this->frontendController->fe_user->user_table;
+                            $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
+                            $queryBuilder->getRestrictions()->removeAll();
+                            $queryBuilder->update($userTable)
+                                ->set('password', $newPass)
+                                ->set('felogin_forgotHash', '')
+                                ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
+                                ->where(
+                                    $queryBuilder->expr()->eq(
+                                        'uid',
+                                        $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
+                                    )
                                 )
-                            )
-                            ->execute();
-
-                        $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
-                            'change_password_done_message',
-                            $this->conf['changePasswordDoneMessage_stdWrap.']
-                        );
-                        $done = true;
-                        $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
-                        $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
-                            htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
-                            [$this->prefixId . '[redirectReferrer]' => 'off']
-                        );
+                                ->execute();
+
+                            $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
+                                'change_password_done_message',
+                                $this->conf['changePasswordDoneMessage_stdWrap.']
+                            );
+                            $done = true;
+                            $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
+                            $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
+                                htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
+                                [$this->prefixId . '[redirectReferrer]' => 'off']
+                            );
+                        }
                     }
                 }
                 if (!$done) {