Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[TASK] Extract request processing from RsaEncryptionEncoder
* Deprecate now unused methods * Update JavaScript to properly use JSON objects Change-Id: Ibb76c140eb0bdbbc3f1d155e3d6f273c26d90a42 Resolves: #84407 Releases: master Reviewed-on: https://review.typo3.org/56307 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by: Benni Mack <benni@typo3.org> Tested-by: Benni Mack <benni@typo3.org>
- Loading branch information
Showing
9 changed files
with
164 additions
and
21 deletions.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
...Changelog/master/Deprecation-84407-AJAXRequestMethodsInRsaEncryptionEncoder.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
.. include:: ../../Includes.txt | ||
|
||
================================================================== | ||
Deprecation: #84407 - AJAX request methods in RsaEncryptionEncoder | ||
================================================================== | ||
|
||
See :issue:`84407` | ||
|
||
Description | ||
=========== | ||
|
||
All methods related to AJAX requests in :php:`\TYPO3\CMS\Rsaauth\RsaEncryptionEncoder` have been | ||
deprecated: | ||
|
||
* :php:`getRsaPublicKey()` | ||
* :php:`getRsaPublicKeyAjaxHandler()` | ||
|
||
The ``rsa_publickey`` AJAX route has been adapted to use the | ||
:php:`\TYPO3\CMS\Rsaauth\Controller\RsaPublicKeyGenerationController` which was already used for | ||
RSA key retrieval via eID in the frontend. | ||
|
||
|
||
Impact | ||
====== | ||
|
||
Calling one of the above methods on an instance of :php:`RsaEncryptionEncoder` will throw a | ||
deprecation warning in v9 and a PHP fatal in v10. | ||
|
||
|
||
Affected Installations | ||
====================== | ||
|
||
All extensions that call the deprecated methods are affected. | ||
|
||
|
||
Migration | ||
========= | ||
|
||
Extensions should not use the deprecated methods but directly request a key pair via the RSA | ||
backend API. | ||
|
||
.. index:: Backend, Frontend, PHP-API, FullyScanned |
48 changes: 48 additions & 0 deletions
48
...r/Deprecation-84407-RSAPublicKeyGenerationWithoutContentTypeApplicationJson.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
.. include:: ../../Includes.txt | ||
|
||
======================================================================================== | ||
Deprecation: #84407 - RSA public key generation without "Content-Type: application/json" | ||
======================================================================================== | ||
|
||
See :issue:`84407` | ||
|
||
Description | ||
=========== | ||
|
||
The default response of the :php:`RsaPublicKeyGenerationController` eID script was broken since it | ||
claimed to return a JSON response but in fact returned a simple string containing a concatenation of | ||
public key modulus and exponent. | ||
|
||
The eID script now returns a proper JSON response if requested with the | ||
`Content-Type: application/json` HTTP header: | ||
|
||
.. code-block:: javascript | ||
{ | ||
"publicKeyModulus": "ABC...", | ||
"exponent": "10..." | ||
} | ||
Impact | ||
====== | ||
|
||
Extensions performing custom AJAX requests against the :php:`RsaPublicKeyGenerationController` | ||
eID script without the `Content-Type: application/json` HTTP header will trigger a deprecation | ||
warning in v9 and an error response in v10. | ||
|
||
|
||
Affected Installations | ||
====================== | ||
|
||
Sites which do not use the default RSA encryption JavaScript to handle form value encryption. | ||
|
||
|
||
Migration | ||
========= | ||
|
||
The default RSA encryption JavaScript has been migrated, custom implementations must add the | ||
`Content-Type: application/json` HTTP header to AJAX requests and parse the JSON response | ||
accordingly. | ||
|
||
.. index:: Backend, Frontend, JavaScript, PHP-API, FullyScanned, ext:rsaauth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryptionWithLib.min.js
Large diffs are not rendered by default.
Oops, something went wrong.