Bug #9403
Authentication does not work
Status: | Closed | Start date: | 2010-09-02 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Karsten Dambekalns | % Done: | 0% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 1.0 alpha 12 | |||
PHP Version: | Complexity: | |||
Has patch: | Affected Flow version: |
Description
After recent changes (and as far as I can see the issue occurs in alpha-11, too), user authentication with Security Framework does not work any more.
Exception #1222204027:
Authentication failed: "Could not authenticate any token. Might be missing or wrong credentials or no authentication provider matched."
Submitted data (username and password) are correct (see further information about name of input-tag below).
PHP Suhosin is active but configured to accept 128 characters for POST names (these settings worked in the past):
suhosin.post.max_name_length = 128 suhosin.request.max_varname_length = 128
Fluid template contains the following <input...> tag naming:
DOES NOT WORK (as in older FLOW3 version before revision r5005)F3\FLOW3\Security\Authentication\Token\UsernamePassword::username
F3\FLOW3\Security\Authentication\Token\UsernamePassword::password
DOES NOT WORK (as in FLOW3-1.0.0-alpha11)F3.FLOW3.Security.Authentication.Token.UsernamePassword.username
F3.FLOW3.Security.Authentication.Token.UsernamePassword.password
It also does not work if keywords are shortened (this proves that Suhosin or the length is not the issue) as follows.
DOES NOT WORK (< 64 characters)F3.FLOW3.Security.Authentication.Token.UsernamePassword.user
("user" instead of "username" => string length 60 characters)
If I change FLOW3 core file Packages/Framework/FLOW3/Classes/Security/Authentication/Token/UsernamePassword.php
as follows (and naming of the input tag in Fluid templates as well) - it works:
Method updateCredentials()
$username = \F3\FLOW3\Reflection\ObjectAccess::getPropertyPath($postArguments, 'username'); $password = \F3\FLOW3\Reflection\ObjectAccess::getPropertyPath($postArguments, 'password');
Possibly a side effect of revision r5005 and/or issue #6315.
History
#1 Updated by Michael Schams almost 5 years ago
Further analysis revealed:
It is most likely the dot in the input-tag name that causes this issue.
DOES NOT WORKF3FLOW3SecurityAuthenticationTokenUsernamePassword.Username
WORKSF3FLOW3SecurityAuthenticationTokenUsernamePasswordUsername
Suhosin is currently deactivated on this server.
#2 Updated by Karsten Dambekalns almost 5 years ago
- Subject changed from Authentication does not work (Security Framework) to Authentication does not work
- Category set to Security
- Status changed from New to Accepted
- Assigned To set to Karsten Dambekalns
- Target version set to 1.0 alpha 12
- Start date changed from 2010-08-23 to 2010-09-02
#3 Updated by Karsten Dambekalns almost 5 years ago
- Status changed from Accepted to Closed
The template must contain form elements like this:
<input type="text" name="F3[FLOW3][Security][Authentication][Token][UsernamePassword][username]"/> <input type="password" name="F3[FLOW3][Security][Authentication][Token][UsernamePassword][password]"/>