[!!!][TASK] Remove lockToDomain feature for BE and FE (0ce30f0a) · Commits · TYPO3 / TYPO3.CMS

Commit 0ce30f0a authored 4 years ago by

Benni Mack Committed by Georg Ringer 4 years ago

[!!!][TASK] Remove lockToDomain feature for BE and FE

Both fe_users/be_users and be_groups/fe_groups have a feature called "lockToDomain".

Although it is called the same, it has a different use-case:

* Users: If lockToDomain is set, the user is only allowed to login when a given HTTP_HOST is given.
* Groups: If lockToDomain is set, the group is only added to the logged in user, if the HTTP_HOST matches this domain.

Both features are rarely used, and even in multi-tenant setups not viable or flexible
enough. In addition, the features are not any additional security measures as HTTP_HOST can be faked.

They both add unneeded complexity for the rare use of a similar feature,
a custom extension should be used.

Plus: All of these features can be added via extensions, depending on a
specific use case of an installation, so _if_ people use it, custom extensions
should be used instead for the specific use case they have.

The database fields, TCA definitions, labels, domain model logic in Extbase
and actual validation within the AuthenticationService and BE_USER are removed
without any substitution.

Resolves: #91782
Releases: master
Change-Id: I4a12185b79efaf1e3bded5120675e3c1095dcd42
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65011


Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

parent edce3cc7

Branches