‪TYPO3CMS  11.5
AbstractMfaController.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
30 
37 {
42  protected array ‪$mfaTsConfig;
43  protected bool ‪$mfaRequired;
44  protected array ‪$allowedProviders;
45  protected array ‪$allowedActions = [];
46 
47  public function ‪__construct(
51  ) {
52  $this->uriBuilder = ‪$uriBuilder;
53  $this->mfaProviderRegistry = ‪$mfaProviderRegistry;
54  $this->moduleTemplateFactory = ‪$moduleTemplateFactory;
56  }
57 
64  abstract public function ‪handleRequest(ServerRequestInterface $request): ResponseInterface;
65 
66  protected function ‪isActionAllowed(string $action): bool
67  {
68  return in_array($action, $this->allowedActions, true);
69  }
70 
71  protected function ‪isProviderAllowed(string $identifier): bool
72  {
73  return isset($this->allowedProviders[$identifier]);
74  }
75 
76  protected function ‪isValidIdentifier(string $identifier): bool
77  {
78  return $identifier !== ''
79  && $this->‪isProviderAllowed($identifier)
80  && $this->mfaProviderRegistry->hasProvider($identifier);
81  }
82 
86  protected function ‪initializeMfaConfiguration(): void
87  {
88  $backendUser = $this->‪getBackendUser();
89  $this->mfaTsConfig = $backendUser->getTSConfig()['auth.']['mfa.'] ?? [];
90  $this->mfaRequired = $backendUser->isMfaSetupRequired();
91 
92  // Set up allowed providers based on user TSconfig and user groupData
93  $this->allowedProviders = array_filter($this->mfaProviderRegistry->getProviders(), ‪function ($identifier) use ($backendUser) {
94  return $backendUser->check('mfa_providers', $identifier)
95  && !GeneralUtility::inList(($this->mfaTsConfig['disableProviders'] ?? ''), $identifier);
96  }, ARRAY_FILTER_USE_KEY);
97  }
98 
103  {
104  $recommendedProviderIdentifier = (string)($this->mfaTsConfig['recommendedProvider'] ?? '');
105  // Check if valid and allowed to be default provider, which is obviously a prerequisite
106  if (!$this->‪isValidIdentifier($recommendedProviderIdentifier)
107  || !$this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier)->isDefaultProviderAllowed()
108  ) {
109  // If the provider, defined in user TSconfig is not valid or is not set, check the globally defined
110  $recommendedProviderIdentifier = (string)(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['recommendedMfaProvider'] ?? '');
111  if (!$this->‪isValidIdentifier($recommendedProviderIdentifier)
112  || !$this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier)->isDefaultProviderAllowed()
113  ) {
114  // If also not valid or not set, return
115  return null;
116  }
117  }
118 
119  return $this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier);
120  }
121 
123  {
124  return ‪$GLOBALS['BE_USER'];
125  }
126 
128  {
129  return ‪$GLOBALS['LANG'];
130  }
131 }
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isValidIdentifier
‪isValidIdentifier(string $identifier)
Definition: AbstractMfaController.php:76
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$moduleTemplate
‪ModuleTemplate $moduleTemplate
Definition: AbstractMfaController.php:41
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getBackendUser
‪getBackendUser()
Definition: AbstractMfaController.php:122
‪TYPO3\CMS\Backend\Template\ModuleTemplateFactory
Definition: ModuleTemplateFactory.php:29
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$moduleTemplateFactory
‪ModuleTemplateFactory $moduleTemplateFactory
Definition: AbstractMfaController.php:40
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getLanguageService
‪getLanguageService()
Definition: AbstractMfaController.php:127
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderManifestInterface
Definition: MfaProviderManifestInterface.php:26
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaTsConfig
‪array $mfaTsConfig
Definition: AbstractMfaController.php:42
‪TYPO3\CMS\Backend\function
‪static return function(ContainerConfigurator $container, ContainerBuilder $containerBuilder)
Definition: Services.php:11
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaProviderRegistry
‪MfaProviderRegistry $mfaProviderRegistry
Definition: AbstractMfaController.php:39
‪TYPO3\CMS\Backend\Template\ModuleTemplate
Definition: ModuleTemplate.php:46
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$allowedActions
‪array $allowedActions
Definition: AbstractMfaController.php:45
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaRequired
‪bool $mfaRequired
Definition: AbstractMfaController.php:43
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getRecommendedProvider
‪getRecommendedProvider()
Definition: AbstractMfaController.php:102
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$allowedProviders
‪array $allowedProviders
Definition: AbstractMfaController.php:44
‪TYPO3\CMS\Backend\Routing\UriBuilder
Definition: UriBuilder.php:40
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isActionAllowed
‪isActionAllowed(string $action)
Definition: AbstractMfaController.php:66
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\initializeMfaConfiguration
‪initializeMfaConfiguration()
Definition: AbstractMfaController.php:86
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\__construct
‪__construct(UriBuilder $uriBuilder, MfaProviderRegistry $mfaProviderRegistry, ModuleTemplateFactory $moduleTemplateFactory)
Definition: AbstractMfaController.php:47
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Localization\LanguageService
Definition: LanguageService.php:42
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isProviderAllowed
‪isProviderAllowed(string $identifier)
Definition: AbstractMfaController.php:71
‪TYPO3\CMS\Backend\Controller
Definition: AboutController.php:16
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$uriBuilder
‪UriBuilder $uriBuilder
Definition: AbstractMfaController.php:38
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\handleRequest
‪ResponseInterface handleRequest(ServerRequestInterface $request)
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderRegistry
Definition: MfaProviderRegistry.php:28
‪TYPO3\CMS\Backend\Controller\AbstractMfaController
Definition: AbstractMfaController.php:37