Breaking: #92801 - Removed "Failed Login" functionality from User Authentication object
See forge#92801
Description
The functionality to send an email to a defined sender was previously hard-coded
into the API class
Abstract and activated specifically for
Backend Users via the option
$GLOBALS.
With some custom implementation it was also possible to use a hook to enable this for frontend users, but the API was not clean.
The backend-user specific logic is now extracted into a hook, so it is possible to replace this functionality with a custom notification API.
For this reason, the following public properties and methods within
Abstract and its subclasses have been removed:
TYPO3\CMS\ Core\ Authentication\ Abstract User Authentication->warning Email TYPO3\CMS\ Core\ Authentication\ Abstract User Authentication->warning Period TYPO3\CMS\ Core\ Authentication\ Abstract User Authentication->warning Max TYPO3\CMS\ Core\ Authentication\ Abstract User Authentication->check Log Failures ()
Impact
Using one of the public properties in custom PHP will trigger a PHP Warning.
Calling the public PHP method will result in a fatal PHP error.
Affected Installations
TYPO3 installations with third-party extensions and custom PHP code that is related to failed login notifications, and rely on the existing login notification code.
Migration
As the properties were public, they made it possible to override the warningMax / warningPeriod values via hooks and middlewares in PHP.
Instead it is recommended to override this functionality via a hook the same way the new hook in EXT:backend is registered within PHP.