Deprecation: #69190 - Deprecate random password generator for frontend and backend users
See forge#69190
Description
The password option of the password field control has been
deprecated. Password generation is now configured through password policies
registered in
$GLOBALS.
Each password policy can define a generator section with a class implementing
\TYPO3\.
The field control references a policy by name via the new password
option instead of defining rules inline.
Impact
Using the password option in TCA field control configuration will
trigger a PHP deprecation warning. Support for password will be
removed in TYPO3 v15.
Affected installations
Installations that use the password field control with the
password option in custom TCA configurations, for example in password
or secret token fields.
Migration
Replace the password option with a password reference.
'fieldControl' => [
'passwordGenerator' => [
'renderType' => 'passwordGenerator',
'options' => [
- 'passwordRules' => [
- 'length' => 20,
- 'upperCaseCharacters' => true,
- 'lowerCaseCharacters' => true,
- 'digitCharacters' => true,
- 'specialCharacters' => false,
- ],
+ 'passwordPolicy' => 'myCustomPolicy',
],
],
],The referenced password policy must be registered in
$GLOBALS:
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['myCustomPolicy'] = [
'generator' => [
'className' => \TYPO3\CMS\Core\PasswordPolicy\Generator\PasswordGenerator::class,
'options' => [
'length' => 20,
'upperCaseCharacters' => true,
'lowerCaseCharacters' => true,
'digitCharacters' => true,
'specialCharacters' => false,
],
],
'validators' => [],
];Note
For backend and frontend user password fields, the field control is now
provided by the core automatically. If your TCA override only added the
password field control with default rules, you can remove it
entirely. The core uses the password policy configured in
$GLOBALS and
$GLOBALS respectively.
See Feature: #69190 - Add password generator "wizard" for details on password policies and custom password generators.