Feature: #69190 - Add password generator "wizard" 

See forge#69190

Description 

Password generation in the backend is now driven by password policies. Each password policy can define a generator section through a class implementing \TYPO3\CMS\Core\PasswordPolicy\Generator\PasswordGeneratorInterface .

The passwordGenerator field control references a policy by name via the passwordPolicy option. The dice icon button next to the field generates a password using the configured generator.

The field control can be added to any password field via TCA configuration, making it available to extension developers as well.

Password policies 

Which policy to use is determined by context:

  • Backend users: $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordPolicy']
  • Frontend users: $GLOBALS['TYPO3_CONF_VARS']['FE']['passwordPolicy']

All password policies are registered under $GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies'] .

TYPO3 ships with three preconfigured policies:

  • default — Used for backend and frontend users
  • installTool — Used for Install Tool passwords
  • secretToken — Used for secret token fields (e.g. webhooks, reactions)

Each policy contains both a generator and a validators section. The generator is responsible for creating passwords, while validators enforce password requirements. They are configured independently within the same policy.

Example 

TYPO3 ships with a PasswordGenerator implementation that is configured like this:

<?php

$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['generator'] = [
    'className' => \TYPO3\CMS\Core\PasswordPolicy\Generator\PasswordGenerator::class,
    'options' => [
        'length' => 12,
        'upperCaseCharacters' => true,
        'lowerCaseCharacters' => true,
        'digitCharacters' => true,
        'specialCharacters' => true,
    ],
];
Copied!

The PasswordGenerator supports the following options:

  • length: Length of the generated password
  • upperCaseCharacters: Whether to include uppercase characters
  • lowerCaseCharacters: Whether to include lowercase characters
  • digitCharacters: Whether to include digits
  • specialCharacters: Whether to include special characters

Adjusting an existing policy:

config/system/additional.php OR typo3conf/system/additional.php 
<?php

$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['generator']['options']['length'] = 20;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['generator']['options']['specialCharacters'] = false;
Copied!

Registering a custom password policy with a custom generator:

config/system/additional.php OR typo3conf/system/additional.php 
<?php

$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['customPolicy'] = [
    'generator' => [
        'className' => \Vendor\MyPackage\PasswordPolicy\Generator\MyPasswordGenerator::class,
        'options' => [
            'length' => 12,
            'myCustomOption' => 'my custom value',
        ],
    ],
    'validators' => [
        // Your custom validators
    ],
];

$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordPolicy'] = 'customPolicy';
$GLOBALS['TYPO3_CONF_VARS']['FE']['passwordPolicy'] = 'customPolicy';
Copied!

Impact 

Password generation for backend and frontend users is now configurable through password policies. The Install Tool command vendor/bin/typo3 install:password:set also respects the configured policy.