Feature: #97104 - New TCA type "password"

Description

Especially TCA type input has a wide range of use cases, depending on the configured renderType and the eval options. Determination of the semantic meaning is therefore usually quite hard and often leads to duplicated checks and evaluations in custom extension code.

In our effort of introducing dedicated TCA types for all those use cases, the TCA type password has been added. It replaces the eval=password and eval=saltedPassword option of TCA type input.

TCA password fields will be rendered as input type=password fields. By default, the autocomplete=new-password attribute will be added to the resulting input field. If autocomplete=true is configured in TCA, a autocomplete=current-password attribute will be added to the element.

The TCA type password features the following column configuration:

autocomplete
behaviour: allowLanguageSynchronization
default
fieldControl
fieldInformation
fieldWizard
mode
nullable
placeholder
readOnly
required
size
hashed

The following column configuration can be overwritten by page TSconfig:

readOnly
size

By default, TCA type password will always save the field value hashed to the database. The value will be hashed using the password hash configuration for BE for all tables except fe_users, where the password hash configuration for FE is used.

The TCA type password introduces the new configuration hashed, which can be set to false, if the field value should be saved as plaintext to the database.

Note

The configuration 'hashed' => false has no effect for all fields in the tables be_users and fe_users. In general it is not recommended to save passwords as plain text to the database.

The migration from eval='password' and eval='saltedPassword' to type=password is done like following:

// Before

'password_field' => [
    'label' => 'Password',
    'config' => [
        'type' => 'input',
        'eval' => 'trim,password,saltedPassword',
    ]
]

// After

'password_field' => [
    'label' => 'Password',
    'config' => [
        'type' => 'password',
    ]
]

// Before

'another_password_field' => [
    'label' => 'Password',
    'config' => [
        'type' => 'input',
        'eval' => 'trim,password',
    ]
]

// After

'another_password_field' => [
    'label' => 'Password',
    'config' => [
        'type' => 'password',
        'hashed' => false,
    ]
]

An automatic TCA migration is performed on the fly, migrating all occurrences to the new TCA type and triggering a PHP E_USER_DEPRECATED error where code adoption has to take place.

Note

The value of TCA type password column is automatically trimmed before being stored (and optionally hashed) in the database. Therefore, the eval=trim option is no longer needed and should be removed from the TCA configuration.

Impact

It's now possible to simplify the TCA configuration by using the new dedicated TCA type password.