[TASK] Improve usability with multiple tabs open
When the backend user session expires, currently a popup window is shown which asks the user to relogin when salted passwords or rsaauth are used (which is currently our default). However when a user works with multiple browser tabs open, it is easy to overlook this popup. When realizing that the session is expired and the user logs into the backend again in one tab, the session is authenticated in all other open tabs, but a new CSRF protection token has been generated, which makes working in this tab impossible, especially because the tokens are now checked for virtually any action. This changes cleans up the AjaxLogin functionality by making use of the new Ajax API introduced lately and functionality is added so that AjaxLogin also works with rsaauth and saltedpasswords enabled. Additionally the form protection framework is slightly reworked to better support the re-login and token restore functionality in the AjaxLogin. The "showRefreshLoginPopup" functionality is still kept, because AjaxLogin can still not handle OpenID logins. Resolves: #56453 Releases: 6.2 Change-Id: Ic6c3415f292d346293c7d2c775288f4ba62ebc15 Reviewed-on: https://review.typo3.org/27954 Reviewed-by: Nicole Cordes Tested-by: Nicole Cordes Reviewed-by: Anja Leichsenring Tested-by: Anja Leichsenring Reviewed-by: Frans Saris Tested-by: Frans Saris Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- typo3/ajax.php 2 additions, 1 deletiontypo3/ajax.php
- typo3/sysext/backend/Classes/AjaxLoginHandler.php 1 addition, 1 deletiontypo3/sysext/backend/Classes/AjaxLoginHandler.php
- typo3/sysext/backend/Classes/Controller/BackendController.php 5 additions, 0 deletions...3/sysext/backend/Classes/Controller/BackendController.php
- typo3/sysext/backend/Classes/Utility/BackendUtility.php 7 additions, 5 deletionstypo3/sysext/backend/Classes/Utility/BackendUtility.php
- typo3/sysext/backend/Resources/Public/JavaScript/loginrefresh.js 84 additions, 75 deletions...ysext/backend/Resources/Public/JavaScript/loginrefresh.js
- typo3/sysext/core/Classes/FormProtection/AbstractFormProtection.php 9 additions, 6 deletions...xt/core/Classes/FormProtection/AbstractFormProtection.php
- typo3/sysext/core/Classes/FormProtection/BackendFormProtection.php 5 additions, 5 deletions...ext/core/Classes/FormProtection/BackendFormProtection.php
- typo3/sysext/core/Classes/FormProtection/DisabledFormProtection.php 5 additions, 1 deletion...xt/core/Classes/FormProtection/DisabledFormProtection.php
- typo3/sysext/core/Tests/Unit/FormProtection/AbstractFormProtectionTest.php 62 additions, 52 deletions.../Tests/Unit/FormProtection/AbstractFormProtectionTest.php
- typo3/sysext/core/Tests/Unit/FormProtection/Fixtures/FormProtectionTesting.php 2 additions, 2 deletions...ts/Unit/FormProtection/Fixtures/FormProtectionTesting.php
- typo3/sysext/rsaauth/Classes/Backend/AjaxLoginHandler.php 55 additions, 0 deletionstypo3/sysext/rsaauth/Classes/Backend/AjaxLoginHandler.php
- typo3/sysext/rsaauth/Classes/Hook/BackendHookForAjaxLogin.php 53 additions, 0 deletions...3/sysext/rsaauth/Classes/Hook/BackendHookForAjaxLogin.php
- typo3/sysext/rsaauth/ext_localconf.php 8 additions, 2 deletionstypo3/sysext/rsaauth/ext_localconf.php
- typo3/sysext/saltedpasswords/ext_localconf.php 0 additions, 2 deletionstypo3/sysext/saltedpasswords/ext_localconf.php
Please register or sign in to comment