Feature: #97104 - New TCA type "password"
See forge#97104
Description
Especially TCA type
input
has a wide range of use cases, depending
on the configured
render
and the
eval
options. Determination
of the semantic meaning is therefore usually quite hard and often leads to
duplicated checks and evaluations in custom extension code.
In our effort of introducing dedicated TCA types for all those use cases, the
TCA type
password
has been added. It replaces the
eval=password
and
eval=salted
option of TCA type
input
.
TCA password fields will be rendered as input
type=password
fields.
By default, the
autocomplete=new-
attribute will be added to the
resulting input field. If
autocomplete=true
is configured in TCA, a
autocomplete=current-
attribute will be added to the element.
The TCA type
password
features the following column configuration:
autocomplete
behaviour
:allow
Language Synchronization default
field
Control field
Information field
Wizard mode
nullable
placeholder
read
Only required
size
hashed
The following column configuration can be overwritten by page TSconfig:
read
Only size
By default, TCA type
password
will always save the field value
hashed to the database. The value will be hashed using the password hash
configuration for BE for all tables except
fe_
, where the password hash
configuration for FE is used.
The TCA type
password
introduces the new configuration
hashed
,
which can be set to
false
, if the field value should be saved as
plaintext to the database.
Note
The configuration
'hashed' => false
has no effect for all fields in
the tables
be_
and
fe_
. In general it is not
recommended to save passwords as plain text to the database.
The migration from
eval='password'
and
eval='salted
to
type=password
is done like following:
// Before
'password_field' => [
'label' => 'Password',
'config' => [
'type' => 'input',
'eval' => 'trim,password,saltedPassword',
]
]
// After
'password_field' => [
'label' => 'Password',
'config' => [
'type' => 'password',
]
]
// Before
'another_password_field' => [
'label' => 'Password',
'config' => [
'type' => 'input',
'eval' => 'trim,password',
]
]
// After
'another_password_field' => [
'label' => 'Password',
'config' => [
'type' => 'password',
'hashed' => false,
]
]
An automatic TCA migration is performed on the fly, migrating all occurrences
to the new TCA type and triggering a PHP
E_
error
where code adoption has to take place.
Note
The value of TCA type
password
column is automatically trimmed before
being stored (and optionally hashed) in the database. Therefore, the
eval=trim
option is no longer needed and should be removed from the TCA configuration.
Impact
It's now possible to simplify the TCA configuration by using the new
dedicated TCA type
password
.