‪TYPO3CMS  10.4
IpLocker.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Authentication;
19 
20 use ‪TYPO3\CMS\Core\Utility\MathUtility;
21 
25 class ‪IpLocker
26 {
27  const ‪DISABLED_LOCK_VALUE = '[DISABLED]';
28 
35  protected ‪$lockIPv4PartCount = 4;
36 
42  protected ‪$lockIPv6PartCount = 8;
43 
44  public function ‪__construct(int ‪$lockIPv4PartCount, int ‪$lockIPv6PartCount)
45  {
46  $this->lockIPv4PartCount = ‪$lockIPv4PartCount;
47  $this->lockIPv6PartCount = ‪$lockIPv6PartCount;
48  }
49 
50  public function ‪getSessionIpLock(string $ipAddress, bool $enableLocking = true): string
51  {
52  if (!$enableLocking) {
53  return static::DISABLED_LOCK_VALUE;
54  }
55 
56  if ($this->‪isIpv6Address($ipAddress)) {
57  return $this->‪getIpLockPartForIpv6Address($ipAddress);
58  }
59  return $this->‪getIpLockPartForIpv4Address($ipAddress);
60  }
61 
62  public function ‪validateRemoteAddressAgainstSessionIpLock(string $ipAddress, string $sessionIpLock): bool
63  {
64  if ($sessionIpLock === static::DISABLED_LOCK_VALUE) {
65  return true;
66  }
67 
68  $ipToCompare = $this->‪isIpv6Address($ipAddress)
69  ? $this->‪getIpLockPartForIpv6Address($ipAddress)
70  : $this->‪getIpLockPartForIpv4Address($ipAddress);
71  return $ipToCompare === $sessionIpLock;
72  }
73 
74  protected function ‪getIpLockPart(string $ipAddress, int $numberOfParts, int $maxParts, string $delimiter): string
75  {
76  if ($numberOfParts >= $maxParts) {
77  return $ipAddress;
78  }
79 
80  $numberOfParts = ‪MathUtility::forceIntegerInRange($numberOfParts, 1, $maxParts);
81  $ipParts = explode($delimiter, $ipAddress);
82  if ($ipParts === false) {
83  return $ipAddress;
84  }
85  for ($a = $maxParts; $a > $numberOfParts; $a--) {
86  $ipPartValue = $delimiter === '.' ? '0' : str_pad('', strlen($ipParts[$a - 1]), '0');
87  $ipParts[$a - 1] = $ipPartValue;
88  }
89 
90  return implode($delimiter, $ipParts);
91  }
92 
93  protected function ‪getIpLockPartForIpv4Address(string $ipAddress): string
94  {
95  if ($this->lockIPv4PartCount === 0) {
96  return static::DISABLED_LOCK_VALUE;
97  }
98 
99  return $this->‪getIpLockPart($ipAddress, $this->lockIPv4PartCount, 4, '.');
100  }
101 
102  protected function ‪getIpLockPartForIpv6Address(string $ipAddress): string
103  {
104  if ($this->lockIPv6PartCount === 0) {
105  return static::DISABLED_LOCK_VALUE;
106  }
107 
108  // inet_pton also takes care of IPv4-mapped addresses (see https://en.wikipedia.org/wiki/IPv6_address#Representation)
109  $unpacked = unpack('H*hex', (string)inet_pton($ipAddress)) ?: [];
110  $expandedAddress = rtrim(chunk_split($unpacked['hex'] ?? '', 4, ':'), ':');
111  return $this->‪getIpLockPart($expandedAddress, $this->lockIPv6PartCount, 8, ':');
112  }
113 
114  protected function ‪isIpv6Address(string $ipAddress): bool
115  {
116  return strpos($ipAddress, ':') !== false;
117  }
118 }
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPart
‪getIpLockPart(string $ipAddress, int $numberOfParts, int $maxParts, string $delimiter)
Definition: IpLocker.php:72
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\IpLocker\__construct
‪__construct(int $lockIPv4PartCount, int $lockIPv6PartCount)
Definition: IpLocker.php:42
‪TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange
‪static int forceIntegerInRange($theInt, $min, $max=2000000000, $defaultValue=0)
Definition: MathUtility.php:32
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPartForIpv4Address
‪getIpLockPartForIpv4Address(string $ipAddress)
Definition: IpLocker.php:91
‪TYPO3\CMS\Core\Authentication\IpLocker\validateRemoteAddressAgainstSessionIpLock
‪validateRemoteAddressAgainstSessionIpLock(string $ipAddress, string $sessionIpLock)
Definition: IpLocker.php:60
‪TYPO3\CMS\Core\Authentication\IpLocker\getSessionIpLock
‪getSessionIpLock(string $ipAddress, bool $enableLocking=true)
Definition: IpLocker.php:48
‪TYPO3\CMS\Core\Utility\MathUtility
Definition: MathUtility.php:22
‪TYPO3\CMS\Core\Authentication\IpLocker\$lockIPv4PartCount
‪int $lockIPv4PartCount
Definition: IpLocker.php:34
‪TYPO3\CMS\Core\Authentication\IpLocker\isIpv6Address
‪isIpv6Address(string $ipAddress)
Definition: IpLocker.php:112
‪TYPO3\CMS\Core\Authentication\IpLocker
Definition: IpLocker.php:26
‪TYPO3\CMS\Core\Authentication\IpLocker\DISABLED_LOCK_VALUE
‪const DISABLED_LOCK_VALUE
Definition: IpLocker.php:27
‪TYPO3\CMS\Core\Authentication\IpLocker\$lockIPv6PartCount
‪int $lockIPv6PartCount
Definition: IpLocker.php:40
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPartForIpv6Address
‪getIpLockPartForIpv6Address(string $ipAddress)
Definition: IpLocker.php:100