christianfutterlieb / t3_http_auth
HTTP Authentication for TYPO3
Installs: 23
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: >=8.1 <8.5
- psr/http-message: *
- symfony/polyfill-php82: *
- typo3/cms-backend: ^11.5 || ^12.4 || ^13.4
- typo3/cms-core: ^11.5 || ^12.4 || ^13.4
- typo3/cms-frontend: ^11.5 || ^12.4 || ^13.4
Requires (Dev)
- ergebnis/composer-normalize: ^2.42
- friendsofphp/php-cs-fixer: ^3.17
- mikey179/vfsstream: ^1.6.7
- phpstan/phpstan: ^1.10
- rector/rector: ^1.0
- typo3/testing-framework: ^7.0 || ^8.0 || ^9.0
Replaces
- typo3-ter/t3_http_auth: dev-main
This package is auto-updated.
Last update: 2025-06-06 00:59:38 UTC
README
This TYPO3 extension allows frontend access restriction by using HTTP Authentication (RFC 7235). The functionality will co-exist with the TYPO3 authentication system, but neither will influence the other.
Supported authentication schemes
- Basic (RFC 7617)
Planned additions
Features
1. Access definitions without the TYPO3 authentication system
2. Define access to the TYPO3 frontend on different levels
| Level | Configuration | Description | Target users |
|---|---|---|---|
| global | Environment-variables | Protect a whole TYPO3 installation, for example on a staging server | Developers, sysadmins, DevOps |
| global | $GLOBALS['TYPO3_CONF_VARS'] |
Same as above | Developers, sysadmins |
| site | Site settings | Protect a site's frontend | Developers, integrators |
| page | Database | Protect single pages. Access definition can be edited through the TYPO3 backend interface | Integrators, editors |
3. Secure access definitions by default
The system only works with hashed passwords, no plaintext storage of secrets is allowed. Available hashing methods are:
- Default: PHP's
password_hash()withPASSWORD_BCRYPT(https://www.php.net/manual/en/function.password-hash.php) - Advanced: TYPO3 Password Hashing (https://docs.typo3.org/m/typo3/reference-coreapi/13.4/en-us/ApiOverview/PasswordHashing/Index.html).
- Planned: Apache-style MD5 salted hashing. This hash is not secure, but it is
the default hashing method of the
htpasswdtool and thus widely used.
4. Idea: TYPO3 authentication service
Authenticate frontend user logins via HTTP Authentication, rather than through the default felogin. Combine the Middleware with an Authentication Service (https://docs.typo3.org/m/typo3/reference-coreapi/13.4/en-us/ApiOverview/Authentication/AuthenticationService/Index.html#authentication-service).
Installation
System requirements
The extension supports TYPO3 v11.5-v13.4 on PHP 8.1-8.4.
Install with composer
composer require christianfutterlieb/t3_http_auth
Docs
A documentation has not been written yet.
License
GPLv2.0 or later
Copyright
2025 by Christian Futterlieb