‪TYPO3CMS  10.4
AuthenticationService.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Install\Authentication;
19 
20 use Psr\Http\Message\ServerRequestInterface;
21 use Symfony\Component\Mailer\Exception\TransportException;
22 use Symfony\Component\Mime\Address;
23 use Symfony\Component\Mime\Exception\RfcComplianceException;
24 use Symfony\Component\Mime\RawMessage;
25 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
26 use ‪TYPO3\CMS\Core\Log\LogManager;
27 use ‪TYPO3\CMS\Core\Mail\FluidEmail;
28 use ‪TYPO3\CMS\Core\Mail\Mailer;
29 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
30 use ‪TYPO3\CMS\Core\Utility\MailUtility;
31 use ‪TYPO3\CMS\Fluid\View\TemplatePaths;
32 use TYPO3\CMS\Install\Service\SessionService;
33 
38 class ‪AuthenticationService
39 {
43  protected ‪$sessionService;
44 
48  protected ‪$templatePaths;
49 
53  public function ‪__construct(SessionService ‪$sessionService)
54  {
55  $this->sessionService = ‪$sessionService;
56  $templateConfiguration = ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL'];
57  $templateConfiguration['templateRootPaths'][20] = 'EXT:install/Resources/Private/Templates/Email/';
58  $this->templatePaths = new ‪TemplatePaths($templateConfiguration);
59  }
60 
68  public function ‪loginWithPassword($password, ServerRequestInterface $request): bool
69  {
70  $validPassword = false;
71  if ($password !== null && $password !== '') {
72  $installToolPassword = ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
73  $hashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class);
74  // Throws an InvalidPasswordHashException if no hash mechanism for the stored password is found
75  $hashInstance = $hashFactory->get($installToolPassword, 'BE');
76  // @todo: This code should check required hash updates and update the hash if needed
77  $validPassword = $hashInstance->checkPassword($password, $installToolPassword);
78  }
79  if ($validPassword) {
80  $this->sessionService->setAuthorized();
81  $this->‪sendLoginSuccessfulMail($request);
82  return true;
83  }
84  $this->‪sendLoginFailedMail($request);
85  return false;
86  }
87 
93  protected function ‪sendLoginSuccessfulMail(ServerRequestInterface $request)
94  {
95  $warningEmailAddress = ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
96  if (!$warningEmailAddress) {
97  return;
98  }
99  $email = GeneralUtility::makeInstance(FluidEmail::class, $this->templatePaths);
100  $email
101  ->to($warningEmailAddress)
102  ->subject('Install Tool Login at \'' . ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\'')
103  ->from(new Address($this->‪getSenderEmailAddress(), $this->‪getSenderEmailName()))
104  ->setTemplate('Security/InstallToolLogin')
105  ->setRequest($request);
106  $this->‪sendEmail($email);
107  }
108 
114  protected function ‪sendLoginFailedMail(ServerRequestInterface $request)
115  {
116  $warningEmailAddress = ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
117  if (!$warningEmailAddress) {
118  return;
119  }
120  $formValues = GeneralUtility::_GP('install');
121  $email = GeneralUtility::makeInstance(FluidEmail::class, $this->templatePaths);
122  $email
123  ->to($warningEmailAddress)
124  ->subject('Install Tool Login ATTEMPT at \'' . ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\'')
125  ->from(new Address($this->‪getSenderEmailAddress(), $this->‪getSenderEmailName()))
126  ->setTemplate('Security/InstallToolLoginAttempt')
127  ->assign('lastCharactersOfPassword', substr(md5($formValues['password']), -5))
128  ->setRequest($request);
129  $this->‪sendEmail($email);
130  }
131 
138  protected function ‪sendEmail(RawMessage $email): void
139  {
140  try {
141  GeneralUtility::makeInstance(Mailer::class)->send($email);
142  } catch (TransportException $e) {
143  $logger = GeneralUtility::makeInstance(LogManager::class)->getLogger(__CLASS__);
144  $logger->warning('Could not send notification email to ' . $this->‪getSenderEmailAddress() . ' due to mailer settings error', [
145  'recipientList' => $this->‪getSenderEmailAddress(),
146  'exception' => $e
147  ]);
148  } catch (RfcComplianceException $e) {
149  $logger = GeneralUtility::makeInstance(LogManager::class)->getLogger(__CLASS__);
150  $logger->warning('Could not send notification email to ' . $this->‪getSenderEmailAddress() . ' due to invalid email address', [
151  'recipientList' => $this->‪getSenderEmailAddress(),
152  'exception' => $e
153  ]);
154  }
155  }
156 
164  protected function ‪getSenderEmailAddress()
165  {
166  return ‪MailUtility::getSystemFromAddress();
167  }
168 
176  protected function ‪getSenderEmailName()
177  {
178  return ‪MailUtility::getSystemFromName() ?: 'TYPO3 CMS install tool';
179  }
180 }
‪TYPO3\CMS\Install\Authentication\AuthenticationService\sendLoginFailedMail
‪sendLoginFailedMail(ServerRequestInterface $request)
Definition: AuthenticationService.php:112
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory
Definition: PasswordHashFactory.php:27
‪TYPO3\CMS\Fluid\View\TemplatePaths
Definition: TemplatePaths.php:35
‪TYPO3\CMS\Install\Authentication\AuthenticationService\$sessionService
‪SessionService $sessionService
Definition: AuthenticationService.php:42
‪TYPO3\CMS\Install\Authentication
Definition: AuthenticationService.php:18
‪TYPO3\CMS\Install\Authentication\AuthenticationService\sendEmail
‪sendEmail(RawMessage $email)
Definition: AuthenticationService.php:136
‪TYPO3\CMS\Core\Utility\MailUtility\getSystemFromAddress
‪static string getSystemFromAddress()
Definition: MailUtility.php:73
‪TYPO3\CMS\Install\Authentication\AuthenticationService\loginWithPassword
‪bool loginWithPassword($password, ServerRequestInterface $request)
Definition: AuthenticationService.php:66
‪TYPO3\CMS\Install\Authentication\AuthenticationService\$templatePaths
‪TemplatePaths $templatePaths
Definition: AuthenticationService.php:46
‪TYPO3\CMS\Core\Mail\FluidEmail
Definition: FluidEmail.php:35
‪TYPO3\CMS\Core\Utility\MailUtility
Definition: MailUtility.php:24
‪TYPO3\CMS\Install\Authentication\AuthenticationService\getSenderEmailName
‪string getSenderEmailName()
Definition: AuthenticationService.php:174
‪TYPO3\CMS\Core\Mail\Mailer
Definition: Mailer.php:38
‪TYPO3\CMS\Install\Authentication\AuthenticationService\__construct
‪__construct(SessionService $sessionService)
Definition: AuthenticationService.php:51
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Log\LogManager
Definition: LogManager.php:30
‪TYPO3\CMS\Core\Utility\MailUtility\getSystemFromName
‪static string getSystemFromName()
Definition: MailUtility.php:52
‪TYPO3\CMS\Install\Authentication\AuthenticationService
Definition: AuthenticationService.php:39
‪TYPO3\CMS\Install\Authentication\AuthenticationService\getSenderEmailAddress
‪string getSenderEmailAddress()
Definition: AuthenticationService.php:162
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Install\Authentication\AuthenticationService\sendLoginSuccessfulMail
‪sendLoginSuccessfulMail(ServerRequestInterface $request)
Definition: AuthenticationService.php:91