[!!!][TASK] Remove static function parameter in AuthenticationService

The parameter `$passwordTransmissionStrategy` for the
function `processLoginData` has a static value, which
results back from the time, where ext:rsaauth has been
removed from the core. Since the parameter has a static
value, it has no value and should be removed.

This patch removes the parameter for the affected
function. Additionally, a meaningful description
as well as strict return types have been added for
the function.

Resolves: #106869
Releases: main
Signed-off-by: Torben Hansen <derhansen@gmail.com>
Change-Id: I8c0fec8d19c55a79a38935d2da96ba72405329e9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/89709
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Author: derhansen

Build/phpstan/phpstan-baseline.neon

@@ -474,12 +474,6 @@ parameters:
 			count: 1
 			path: ../../typo3/sysext/core/Classes/Authentication/AbstractAuthenticationService.php
 
-		-
-			message: '#^Comparison operation "\>\=" between 1 and 200 is always false\.$#'
-			identifier: greaterOrEqual.alwaysFalse
-			count: 1
-			path: ../../typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
-
 		-
 			message: '#^Left side of && is always true\.$#'
 			identifier: booleanAnd.leftAlwaysTrue

typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php

@@ -1101,6 +1101,7 @@ public function isActiveLogin(ServerRequestInterface $request): bool
      * Processes Login data submitted by a form or params
      *
      * @param array $loginData Login data array
+     * @param ServerRequestInterface $request
      * @return array
      * @internal
      */
@@ -1112,7 +1113,7 @@ public function processLoginData(array $loginData, ServerRequestInterface $reque
         $processedLoginData = $loginData;
         /** @var AuthenticationService $serviceObject */
         foreach ($this->getAuthServices($subType, $loginData, null, $request) as $serviceObject) {
-            $serviceResult = $serviceObject->processLoginData($processedLoginData, 'normal');
+            $serviceResult = $serviceObject->processLoginData($processedLoginData);
             if (!empty($serviceResult)) {
                 $isLoginDataProcessed = true;
                 // If the service returns >=200 then no more processing is needed

typo3/sysext/core/Classes/Authentication/AuthenticationService.php

@@ -31,22 +31,18 @@
 class AuthenticationService extends AbstractAuthenticationService implements MimicServiceInterface
 {
     /**
-     * Process the submitted credentials.
-     * In this case hash the clear text password if it has been submitted.
+     * Process the submitted credentials. Returns true, if loginData was processed successfully, else false.
+     * In addition, extensions overwriting this method or implement the context related methods `processLoginDataFE`
+     * or `processLoginDataBE` may also return an int (e.g. >= 200) in order to stop loginData processing of other
+     * services in the authentication service chain.
      *
      * @param array $loginData Credentials that are submitted and potentially modified by other services
-     * @param string $passwordTransmissionStrategy Keyword of how the password has been hashed or encrypted before submission
-     * @return bool
      */
-    public function processLoginData(array &$loginData, $passwordTransmissionStrategy)
+    public function processLoginData(array &$loginData): bool|int
     {
-        $isProcessed = false;
-        if ($passwordTransmissionStrategy === 'normal') {
-            $loginData = array_map(trim(...), $loginData);
-            $loginData['uident_text'] = $loginData['uident'];
-            $isProcessed = true;
-        }
-        return $isProcessed;
+        $loginData = array_map(trim(...), $loginData);
+        $loginData['uident_text'] = $loginData['uident'];
+        return true;
     }
 
     /**

typo3/sysext/core/Documentation/Changelog/14.0/Breaking-106869-RemoveStaticFunctionParameterInAuthenticationService.rst

@@ -0,0 +1,45 @@
+..  include:: /Includes.rst.txt
+
+..  _breaking-106869-1749659916:
+
+=============================================================================
+Breaking: #106869 - Remove static function parameter in AuthenticationService
+=============================================================================
+
+See :issue:`106869`
+
+Description
+===========
+
+The parameter :php:`$passwordTransmissionStrategy`of the function
+:php:`TYPO3\CMS\Core\Authentication\processLoginData` has been removed.
+Additionally, the function does now use a strict return type.
+
+
+Impact
+======
+
+Authentication services extending
+:php:`TYPO3\CMS\Core\Authentication\processLoginData` or implementing a
+subtype (e.g. :php:`processLoginDataBE` or :php:`processLoginDataFE`) will not
+be called with the :php:`$passwordTransmissionStrategy` parameter any more.
+
+
+Affected installations
+======================
+
+Authentication services extending :php:`TYPO3\CMS\Core\Authentication\processLoginData`
+or implementing a subtype of the function.
+
+
+Migration
+=========
+
+Extension extending :php:`TYPO3\CMS\Core\Authentication\processLoginData` must
+remove the parameter and additionally add :php:`bool|int` as return type for the
+function.
+
+Extensions implementing a subtype of the function should remove the parameter,
+as it it not passed to subtype functions any more.
+
+..  index:: Backend, NotScanned, ext:core

typo3/sysext/core/Tests/Unit/Authentication/AuthenticationServiceTest.php

@@ -38,8 +38,7 @@ protected function tearDown(): void
     public static function processLoginDataProvider(): array
     {
         return [
-            'Backend login with securityLevel "normal"' => [
-                'normal',
+            'Backend login' => [
                 [
                     'status' => 'login',
                     'uname' => 'admin',
@@ -52,8 +51,7 @@ public static function processLoginDataProvider(): array
                     'uident_text' => 'password',
                 ],
             ],
-            'Frontend login with securityLevel "normal"' => [
-                'normal',
+            'Frontend login' => [
                 [
                     'status' => 'login',
                     'uname' => 'admin',
@@ -66,8 +64,7 @@ public static function processLoginDataProvider(): array
                     'uident_text' => 'password',
                 ],
             ],
-            'Frontend login with securityLevel "normal" and spaced passwords removes spaces' => [
-                'normal',
+            'Frontend login with spaced passwords removes spaces' => [
                 [
                     'status' => 'login',
                     'uname' => 'admin ',
@@ -85,11 +82,11 @@ public static function processLoginDataProvider(): array
 
     #[DataProvider('processLoginDataProvider')]
     #[Test]
-    public function processLoginReturnsCorrectData(string $passwordSubmissionStrategy, array $loginData, array $expectedProcessedData): void
+    public function processLoginReturnsCorrectData(array $loginData, array $expectedProcessedData): void
     {
         $subject = new AuthenticationService();
         // Login data is modified by reference
-        $subject->processLoginData($loginData, $passwordSubmissionStrategy);
+        $subject->processLoginData($loginData);
         self::assertEquals($expectedProcessedData, $loginData);
     }