[TASK] Remove obsolete install tool report

The install tool has a ext:report entry to check for old "joh316" password, which was a default back in very old times. This check has been marked as to-be-removed for v10 already. Resolves: #96274 Related: #85796 Releases: main Change-Id: Ic8b4a4aabfdb52b6560c57edeb477c1ba0a4de74 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72545 Tested-by: Georg Ringer <georg.ringer@gmail.com> Tested-by: core-ci <typo3@b13.com> Tested-by: Stefan Bürk <stefan@buerk.tech> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Georg Ringer <georg.ringer@gmail.com> Reviewed-by: Stefan Bürk <stefan@buerk.tech> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
TYPO3 · Dec 7, 2021 · e94a610 · e94a610
1 parent a6cf158
commit e94a610
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 66 deletions.
diff --git a/typo3/sysext/core/Resources/Private/Language/locallang_core.xlf b/typo3/sysext/core/Resources/Private/Language/locallang_core.xlf
@@ -1206,12 +1206,6 @@ Do you want to refresh it now?</source>
 			<trans-unit id="tree.searchTermInfo" resname="tree.searchTermInfo">
 				<source>Enter search term</source>
 			</trans-unit>
-			<trans-unit id="warning.install_password" resname="warning.install_password">
-				<source>The Install Tool is still using the default password "joh316". Update this within the %sAbout section%s of the Install Tool.</source>
-			</trans-unit>
-			<trans-unit id="warning.installtool_default_password" resname="warning.installtool_default_password">
-				<source>The Install Tool is still using the default password "joh316". Update this within the %sImportant actions section%s of the Install Tool.</source>
-			</trans-unit>
 			<trans-unit id="warning.backend_admin" resname="warning.backend_admin">
 				<source>The default backend user "admin" with password "password" is still present. %sEdit this account%s, either deleting it completely or changing the username and password.</source>
 			</trans-unit>

diff --git a/typo3/sysext/install/Classes/Report/SecurityStatusReport.php b/typo3/sysext/install/Classes/Report/SecurityStatusReport.php
@@ -15,10 +15,7 @@
 
 namespace TYPO3\CMS\Install\Report;
 
-use TYPO3\CMS\Backend\Routing\UriBuilder;
 use TYPO3\CMS\Core\Core\Environment;
-use TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException;
-use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
 use TYPO3\CMS\Core\Localization\LanguageService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Install\Service\EnableFileService;
@@ -41,62 +38,11 @@ public function getStatus()
     {
         $this->executeAdminCommand();
         return [
-            'installToolPassword' => $this->getInstallToolPasswordStatus(),
             'installToolProtection' => $this->getInstallToolProtectionStatus(),
             'serverResponseStatus' => GeneralUtility::makeInstance(ServerResponseCheck::class)->asStatus(),
         ];
     }
 
-    /**
-     * Checks whether the Install Tool password is set to its default value.
-     *
-     * @return Status An object representing the security of the install tool password
-     */
-    protected function getInstallToolPasswordStatus()
-    {
-        // @todo @deprecated: This should be removed in TYPO3 v10.0 when install tool allows proper hashes only
-        $value = $this->getLanguageService()->getLL('status_ok');
-        $message = '';
-        $severity = Status::OK;
-        $isDefaultPassword = false;
-        $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
-        $hashInstance = null;
-        $hashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class);
-        try {
-            $hashInstance = $hashFactory->get($installToolPassword, 'BE');
-        } catch (InvalidPasswordHashException $e) {
-            // $hashInstance stays null
-            $value = $this->getLanguageService()->getLL('status_wrongValue');
-            $message = $e->getMessage();
-            $severity = Status::ERROR;
-        }
-        if ($installToolPassword !== '' && $hashInstance !== null) {
-            $isDefaultPassword = $hashInstance->checkPassword('joh316', $installToolPassword);
-        } elseif ($installToolPassword === 'bacb98acf97e0b6112b1d1b650b84971') {
-            // using MD5 of legacy default password 'joh316'
-            $isDefaultPassword = true;
-        }
-        if ($isDefaultPassword) {
-            $value = $this->getLanguageService()->getLL('status_insecure');
-            $severity = Status::ERROR;
-            /** @var \TYPO3\CMS\Backend\Routing\UriBuilder $uriBuilder */
-            $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
-            $changeInstallToolPasswordUrl = (string)$uriBuilder->buildUriFromRoute('tools_toolssettings');
-            $message = sprintf(
-                $this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:warning.installtool_default_password'),
-                '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">',
-                '</a>'
-            );
-        }
-        return GeneralUtility::makeInstance(
-            Status::class,
-            $this->getLanguageService()->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'),
-            $value,
-            $message,
-            $severity
-        );
-    }
-
     /**
      * Checks for the existence of the ENABLE_INSTALL_TOOL file.
      *

diff --git a/typo3/sysext/install/Resources/Private/Language/Report/locallang.xlf b/typo3/sysext/install/Resources/Private/Language/Report/locallang.xlf
@@ -93,9 +93,6 @@
 			<trans-unit id="status_uptodate" resname="status_uptodate">
 				<source>Your TYPO3 version is up-to-date.</source>
 			</trans-unit>
-			<trans-unit id="status_installToolPassword" resname="status_installToolPassword">
-				<source>Install Tool Password</source>
-			</trans-unit>
 			<trans-unit id="status_installTool" resname="status_installTool">
 				<source>Install Tool</source>
 			</trans-unit>

diff --git a/typo3/sysext/reports/Resources/Private/Language/locallang_reports.xlf b/typo3/sysext/reports/Resources/Private/Language/locallang_reports.xlf
@@ -162,9 +162,6 @@
 			<trans-unit id="status_exceptionHandler_errorMessage" resname="status_exceptionHandler_errorMessage">
 				<source>Debug Exception Handler enabled in Production Context - will show full error messages including stack traces.</source>
 			</trans-unit>
-			<trans-unit id="status_installToolPassword" resname="status_installToolPassword">
-				<source>Install Tool Password</source>
-			</trans-unit>
 			<trans-unit id="status_installTool" resname="status_installTool">
 				<source>Install Tool</source>
 			</trans-unit>