Deprecation: #85804 - Salted password hash class deprecations¶
See forge#85804
Description¶
Selecting the hash algorithm used to store frontend and backend user hashes is now a "preset" and can be changed using "Admin tools" -> "Settings" -> "Configuration Presets".
Existing settings are updated automatically when upgrading from an older TYPO3 version to TYPO3 v9. The detail list below is only interesting for instances that need to run custom hash mechanisms.
The password hash mechanism used for backend user passwords has been moved from
$GLOBALS
to $GLOBALS
. Options for a specific
hash algorithms can be defined using $GLOBALS
.
The password hash mechanism used for frontend user passwords has been moved from
$GLOBALS
to $GLOBALS
. Options for a specific
hash algorithms can be defined using $GLOBALS
.
Custom password hash algorithms should now be registered in
$GLOBALS
.
The usage of the former array entry
$GLOBALS
has been marked as deprecated.
These interfaces and classes have been marked as deprecated and should not be implemented any longer:
\TYPO3\
CMS\ Saltedpasswords\ Salt\ Composed Salt Interface \TYPO3\
CMS\ Saltedpasswords\ Salt\ Abstract Composed Salt \TYPO3\
CMS\ Saltedpasswords\ Salt\ Utility\ Extension Manager Configuration Utility \TYPO3\
CMS\ Saltedpasswords\ Salt\ Utility\ Salted Passwords Utility
An interface has been changed:
TYPO3\
- The second argument has been dropped. Classes implementing the interface should remove the second argument.CMS\ Saltedpasswords\ Salt\ Salt Interface->get Hashed Password (string $password)
These methods have been marked as deprecated:
TYPO3\
CMS\ Saltedpasswords\ Salt\ Argon2i Salt->get Options () TYPO3\
CMS\ Saltedpasswords\ Salt\ Argon2i Salt->set Options () TYPO3\
CMS\ Saltedpasswords\ Salt\ Bcrypt Salt->get Options () TYPO3\
CMS\ Saltedpasswords\ Salt\ Bcrypt Salt->set Options () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Min Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Salt Length () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Setting () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->set Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->set Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->set Min Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Md5Salt->get Setting () TYPO3\
CMS\ Saltedpasswords\ Salt\ Md5Salt->get Salt Length () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Min Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Salt Length () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Setting () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->set Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->set Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->set Min Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->get Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->get Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->get Min Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->get Salt Length () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->get Setting () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->set Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->set Max Hash Count () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->set Min Hash Count ()
These methods changed their signature:
TYPO3\
- Second argument marked as deprecatedCMS\ Saltedpasswords\ Salt\ Blowfish Salt->get Hashed Password () TYPO3\
- Second argument marked as deprecatedCMS\ Saltedpasswords\ Salt\ Md5Salt->get Hashed Password () TYPO3\
- Second argument marked as deprecatedCMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->get Hashed Password () TYPO3\
- Second argument marked as deprecatedCMS\ Saltedpasswords\ Salt\ Phpass Salt->get Hashed Password ()
These methods changed their visibility from public to protected:
TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->is Valid Salt () TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt->base64Encode () TYPO3\
CMS\ Saltedpasswords\ Salt\ Md5Salt->is Valid Salt () TYPO3\
CMS\ Saltedpasswords\ Salt\ Md5Salt->base64Encode () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->is Valid Salt () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->base64Encode () TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt->base64Decode () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->is Valid Salt () TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt->base64Encode ()
These class constants have been marked as deprecated and will be removed in TYPO3 v10:
TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt:: ITOA64 TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt:: HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt:: MAX_ HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Blowfish Salt:: MIN_ HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Md5Salt:: ITOA64 TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt:: ITOA64 TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt:: HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt:: MAX_ HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Pbkdf2Salt:: MIN_ HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt:: ITOA64 TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt:: HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt:: MAX_ HASH_ COUNT TYPO3\
CMS\ Saltedpasswords\ Salt\ Phpass Salt:: MIN_ HASH_ COUNT
Impact¶
Using functionality from the above list will trigger PHP E_
errors.
Affected Installations¶
Almost no TYPO3 instances are directly affected by the changes outlined above. A configuration upgrade is in place to move from old to new settings when calling the install tool the first time after upgrade without further user interaction.
If in rare cases an existing TYPO3 instance runs custom salt mechanisms, the extension scanner will find affected code places that should be adapted.
Migration¶
If the extension scanner finds affected code, adapt the method calls, class constant usages and interface usages.