diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index d85124e2a051708d3b1c19d75aca69a3494aef33..5d403810c778a03e348e5a960ab8735e36328945 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -1636,7 +1636,8 @@ abstract class AbstractUserAuthentication
$user = false;
if ($username || $extraWhere) {
$query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($dbUser['table']);
- $query->getRestrictions()->removeAll();
+ $query->getRestrictions()->removeAll()
+ ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
$constraints = array_filter([
QueryHelper::stripLogicalOperatorPrefix($dbUser['check_pid_clause']),
diff --git a/typo3/sysext/sv/Tests/Functional/AuthenticationServiceTest.php b/typo3/sysext/sv/Tests/Functional/AuthenticationServiceTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..9b5f50cf35b8579f836a45bd84849b40eac430f5
--- /dev/null
+++ b/typo3/sysext/sv/Tests/Functional/AuthenticationServiceTest.php
@@ -0,0 +1,63 @@
+<?php
+declare(strict_types=1);
+namespace TYPO3\CMS\Sv\Tests\Functional;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+use TYPO3\CMS\Core\Tests\FunctionalTestCase;
+use TYPO3\CMS\Sv\AuthenticationService;
+
+/**
+ * Testcase for class \TYPO3\CMS\Sv\AuthenticationService
+ */
+class AuthenticationServiceTest extends FunctionalTestCase
+{
+ /**
+ * @var AuthenticationService
+ */
+ protected $subject;
+
+ protected function setUp()
+ {
+ $this->subject = new AuthenticationService();
+ parent::setUp();
+ $this->importDataSet(ORIGINAL_ROOT . 'typo3/sysext/sv/Tests/Functional/Fixtures/be_users.xml');
+ }
+
+ /**
+ * @test
+ */
+ public function getUserReturnsOnlyNotDeletedRecords()
+ {
+ $this->subject->pObj = new BackendUserAuthentication();
+ $this->subject->login = [
+ 'status' => 'login',
+ 'uname' => 'test1',
+ 'uident' => 'password',
+ 'uident_text' => 'password',
+ ];
+ $this->subject->db_user = [
+ 'table' => 'be_users',
+ 'check_pid_clause' => '',
+ 'enable_clause' => '',
+ 'username_column' => 'username',
+ ];
+ $expected = [
+ 'username' => 'test1',
+ 'deleted' => 0
+ ];
+ $result = $this->subject->getUser();
+ $this->assertArraySubset($expected, $result);
+ }
+}
diff --git a/typo3/sysext/sv/Tests/Functional/Fixtures/be_users.xml b/typo3/sysext/sv/Tests/Functional/Fixtures/be_users.xml
new file mode 100644
index 0000000000000000000000000000000000000000..09cf81f94a84ea7e65346617b50cb7725a441456
--- /dev/null
+++ b/typo3/sysext/sv/Tests/Functional/Fixtures/be_users.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<dataset>
+ <be_users>
+ <uid>1</uid>
+ <pid>1</pid>
+ <username>admin</username>
+ <deleted>0</deleted>
+ </be_users>
+ <be_users>
+ <uid>2</uid>
+ <pid>1</pid>
+ <username>test1</username>
+ <deleted>1</deleted>
+ </be_users>
+ <be_users>
+ <uid>3</uid>
+ <pid>1</pid>
+ <username>test1</username>
+ <deleted>0</deleted>
+ </be_users>
+</dataset>