Deprecation: #85796 - Salted passwords cleanups

See forge#85796

Description

These methods have been marked as deprecated:

TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance()

Use SaltFactory->get() to retrieve a hash instance of for a given password hash. Use SaltFactory->getDefaultHashInstance() to retrieve an instance of the configured default hash algorithm for a given context. See the method comments for usage details.

TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod()

Use SaltFactory->getDefaultHashInstance() instead.

TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::setPreferredHashingMethod()

This method was only used for unit testing and has been marked as deprecated without substitution since object instances of SaltFactory can now be properly mocked. Use Prophecy to do that in unit tests that have SaltFactory as dependency.

TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility->getNumberOfBackendUsersWithInsecurePassword()

This internal method is unused and there is no new implementation to substitute it.

Impact

Calling one of the above methods will trigger a PHP E_USER_DEPRECATED error and a fatal PHP error in TYPO3 v10.

Affected Installations

Most instances are not affected by this change if they don't have custom authentication services loaded that add magic with stored local password hashes, and if they don't use the SaltFactory in own extension which is a seldom use case.

The extension scanner will find usages in extensions.

Migration

Use the new factory methods as outlined in the description section.