‪TYPO3CMS  11.5
AbstractUserAuthentication.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
17 
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Log\LoggerAwareInterface;
21 use Psr\Log\LoggerAwareTrait;
22 use Symfony\Component\HttpFoundation\Cookie;
42 use ‪TYPO3\CMS\Core\SysLog\Action\Login as SystemLogLoginAction;
43 use ‪TYPO3\CMS\Core\SysLog\Error as SystemLogErrorClassification;
44 use ‪TYPO3\CMS\Core\SysLog\Type as SystemLogType;
47 
55 abstract class ‪AbstractUserAuthentication implements LoggerAwareInterface
56 {
57  use LoggerAwareTrait;
59 
64  public ‪$name = '';
65 
70  public ‪$user_table = '';
71 
76  public ‪$usergroup_table = '';
77 
82  public ‪$username_column = '';
83 
88  public ‪$userident_column = '';
89 
94  public ‪$userid_column = '';
95 
100  public ‪$usergroup_column = '';
101 
106  public ‪$lastLogin_column = '';
107 
112  public ‪$enablecolumns = [
113  'rootLevel' => '',
114  // Boolean: If TRUE, 'AND pid=0' will be a part of the query...
115  'disabled' => '',
116  'starttime' => '',
117  'endtime' => '',
118  'deleted' => '',
119  ];
120 
125  public ‪$formfield_uname = '';
126 
131  public ‪$formfield_uident = '';
132 
137  public ‪$formfield_status = '';
138 
148  protected ‪$lifetime = 0;
149 
154  public ‪$writeStdLog = false;
155 
160  public ‪$writeAttemptLog = false;
161 
166  public ‪$checkPid = true;
167 
172  public ‪$checkPid_value = 0;
173 
178  public ‪$loginSessionStarted = false;
179 
184  public ‪$user;
185 
189  public array ‪$userGroups = [];
190 
195  public ‪$dontSetCookie = false;
196 
201  public ‪$loginType = '';
202 
206  public ‪$uc;
207 
208  protected ?‪UserSession ‪$userSession = null;
209 
211 
217  protected ?Cookie ‪$setCookie = null;
218 
224  public function ‪__construct()
225  {
226  // Backend or frontend login - used for auth services
227  if (empty($this->loginType)) {
228  throw new ‪Exception('No loginType defined, must be set explicitly by subclass', 1476045345);
229  }
230  $this->lifetime = (int)(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['lifetime'] ?? 0);
231  }
232 
241  {
242  $this->userSessionManager = ‪$userSessionManager ?? ‪UserSessionManager::create($this->loginType);
243  $this->userSession = $this->userSessionManager->createAnonymousSession();
244  }
245 
257  public function ‪start(?ServerRequestInterface $request = null)
258  {
259  $request = $request ?? ‪$GLOBALS['TYPO3_REQUEST'] ?? ‪ServerRequestFactory::fromGlobals();
260  $this->logger->debug('## Beginning of auth logging.');
261  // Make certain that NO user is set initially
262  $this->user = null;
263 
264  if (!isset($this->userSessionManager)) {
266  }
267  $this->userSession = $this->userSessionManager->createFromRequestOrAnonymous($request, $this->name);
268 
269  // Load user session, check to see if anyone has submitted login-information and if so authenticate
270  // the user with the session. $this->user[uid] may be used to write log...
271  try {
272  $this->‪checkAuthentication($request);
273  } catch (MfaRequiredException $mfaRequiredException) {
274  // Ensure the cookie is still set to keep the user session available
275  if (!$this->dontSetCookie || $this->‪isRefreshTimeBasedCookie()) {
276  $this->‪setSessionCookie();
277  }
278  throw $mfaRequiredException;
279  }
280  // Set cookie if generally enabled or if the current session is a non-session cookie (FE permalogin)
281  if (!$this->dontSetCookie || $this->‪isRefreshTimeBasedCookie()) {
282  $this->‪setSessionCookie();
283  }
284  // Hook for alternative ways of filling the $this->user array (is used by the "timtaw" extension)
285  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'] ?? [] as $funcName) {
286  $_params = [
287  'pObj' => $this,
288  ];
289  GeneralUtility::callUserFunction($funcName, $_params, $this);
290  }
291  }
292 
299  public function ‪appendCookieToResponse(ResponseInterface $response): ResponseInterface
300  {
301  if ($this->setCookie !== null) {
302  $response = $response->withAddedHeader('Set-Cookie', $this->setCookie->__toString());
303  }
304  return $response;
305  }
306 
310  protected function ‪setSessionCookie()
311  {
312  $isRefreshTimeBasedCookie = $this->‪isRefreshTimeBasedCookie();
313  if ($this->‪isSetSessionCookie() || $isRefreshTimeBasedCookie) {
314  // Get the domain to be used for the cookie (if any):
315  $cookieDomain = $this->‪getCookieDomain();
316  // If no cookie domain is set, use the base path:
317  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');
318  // If the cookie lifetime is set, use it:
319  $cookieExpire = $isRefreshTimeBasedCookie ? ‪$GLOBALS['EXEC_TIME'] + $this->lifetime : 0;
320  // Valid options are "strict", "lax" or "none", whereas "none" only works in HTTPS requests (default & fallback is "strict")
321  $cookieSameSite = $this->sanitizeSameSiteCookieValue(
322  strtolower(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieSameSite'] ?? Cookie::SAMESITE_STRICT)
323  );
324  // Use the secure option when the current request is served by a secure connection:
325  // SameSite "none" needs the secure option (only allowed on HTTPS)
326  $isSecure = $cookieSameSite === Cookie::SAMESITE_NONE || GeneralUtility::getIndpEnv('TYPO3_SSL');
327  $sessionId = $this->userSession->getIdentifier();
328  $this->setCookie = new Cookie(
329  $this->name,
330  $sessionId,
331  $cookieExpire,
332  $cookiePath,
333  $cookieDomain,
334  $isSecure,
335  true,
336  false,
337  $cookieSameSite
338  );
339  $message = $isRefreshTimeBasedCookie ? 'Updated Cookie: {session}, {domain}' : 'Set Cookie: {session}, {domain}';
340  $this->logger->debug($message, [
341  'session' => sha1($sessionId),
342  'domain' => $cookieDomain,
343  ]);
344  }
345  }
346 
353  protected function ‪getCookieDomain()
354  {
355  $result = '';
356  $cookieDomain = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'] ?? '';
357  // If a specific cookie domain is defined for a given application type, use that domain
358  if (!empty(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieDomain'])) {
359  $cookieDomain = ‪$GLOBALS['TYPO3_CONF_VARS'][‪$this->loginType]['cookieDomain'];
360  }
361  if ($cookieDomain) {
362  if ($cookieDomain[0] === '/') {
363  $match = [];
364  $matchCnt = @preg_match($cookieDomain, GeneralUtility::getIndpEnv('TYPO3_HOST_ONLY'), $match);
365  if ($matchCnt === false) {
366  $this->logger->critical('The regular expression for the cookie domain ({domain}) contains errors. The session is not shared across sub-domains.', ['domain' => $cookieDomain]);
367  } elseif ($matchCnt) {
368  $result = $match[0];
369  }
370  } else {
371  $result = $cookieDomain;
372  }
373  }
374  return $result;
375  }
376 
383  protected function ‪getCookie($cookieName)
384  {
385  return isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
386  }
387 
394  public function ‪isSetSessionCookie()
395  {
396  return $this->userSession->isNew() && $this->lifetime === 0;
397  }
398 
405  public function ‪isRefreshTimeBasedCookie()
406  {
407  return $this->lifetime > 0;
408  }
409 
414  protected function ‪getAuthServiceConfiguration(): array
415  {
416  if (is_array(‪$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']['setup'] ?? null)) {
417  return ‪$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']['setup'];
418  }
419  return [];
420  }
421 
429  public function ‪checkAuthentication(?ServerRequestInterface $request = null)
430  {
431  $request = $request ?? ‪$GLOBALS['TYPO3_REQUEST'] ?? ‪ServerRequestFactory::fromGlobals();
432  $authConfiguration = $this->‪getAuthServiceConfiguration();
433  if (!empty($authConfiguration)) {
434  $this->logger->debug('Authentication Service Configuration found.', ['auth_configuration' => $authConfiguration]);
435  }
436  // No user for now - will be searched by service below
437  $tempuserArr = [];
438  $tempuser = false;
439  // User is not authenticated by default
440  $authenticated = false;
441  // User want to login with passed login data (name/password)
442  $activeLogin = false;
443  $this->logger->debug('Login type: {type}', ['type' => $this->loginType]);
444  // The info array provide additional information for auth services
445  $authInfo = $this->‪getAuthInfoArray();
446  // Get Login/Logout data submitted by a form or params
447  $loginData = $this->‪getLoginFormData();
448  $this->logger->debug('Login data', $this->‪removeSensitiveLoginDataForLoggingInfo($loginData));
449  // Active logout (eg. with "logout" button)
450  if ($loginData['status'] === ‪LoginType::LOGOUT) {
451  if ($this->writeStdLog) {
452  // $type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid
453  $this->‪writelog(SystemLogType::LOGIN, SystemLogLoginAction::LOGOUT, SystemLogErrorClassification::MESSAGE, 2, 'User %s logged out', [$this->user['username']], '', 0, 0);
454  }
455  $this->logger->info('User logged out. Id: {session}', ['session' => sha1($this->userSession->getIdentifier())]);
456  $this->‪logoff();
457  }
458  // Determine whether we need to skip session update.
459  // This is used mainly for checking session timeout in advance without refreshing the current session's timeout.
460  $skipSessionUpdate = (bool)($request->getQueryParams()['skipSessionUpdate'] ?? false);
461  $haveSession = false;
462  $anonymousSession = false;
463  if (!$this->userSession->isNew()) {
464  // Read user data if this is bound to a user
465  // However, if the user data is not valid, or the session has timed out we'll recreate a new anonymous session
466  if ($this->userSession->getUserId() > 0) {
467  $authInfo['user'] = $this->‪fetchValidUserFromSessionOrDestroySession($skipSessionUpdate);
468  if (is_array($authInfo['user'])) {
469  $authInfo['userSession'] = $authInfo['user'];
470  } else {
471  $authInfo['userSession'] = false;
472  }
473  }
474  $authInfo['session'] = ‪$this->userSession;
475  $haveSession = !$this->userSession->‪isNew();
476  $anonymousSession = $haveSession && $this->userSession->isAnonymous();
477  }
478 
479  // Active login (eg. with login form).
480  if (!$haveSession && $loginData['status'] === ‪LoginType::LOGIN) {
481  $activeLogin = true;
482  $this->logger->debug('Active login (eg. with login form)');
483  // check referrer for submitted login values
484  if ($this->formfield_status && $loginData['uident'] && $loginData['uname']) {
485  // Delete old user session if any
486  $this->‪logoff();
487  }
488  // Refuse login for _CLI users, if not processing a CLI request type
489  // (although we shouldn't be here in case of a CLI request type)
490  if (stripos($loginData['uname'], '_CLI_') === 0 && !‪Environment::isCli()) {
491  throw new \RuntimeException('TYPO3 Fatal Error: You have tried to login using a CLI user. Access prohibited!', 1270853931);
492  }
493  }
494 
495  // Cause elevation of privilege, make sure regenerateSessionId is called later on
496  if ($anonymousSession && $loginData['status'] === ‪LoginType::LOGIN) {
497  $activeLogin = true;
498  }
499 
500  if ($haveSession) {
501  $this->logger->debug('User found in session', [
502  $this->userid_column => $authInfo['user'][$this->userid_column] ?? null,
503  $this->username_column => $authInfo['user'][$this->username_column] ?? null,
504  ]);
505  } else {
506  $this->logger->debug('No user session found');
507  }
508 
509  // Fetch user if ...
510  if (
511  $activeLogin || !empty($authConfiguration[$this->loginType . '_alwaysFetchUser'])
512  || !$haveSession && !empty($authConfiguration[$this->loginType . '_fetchUserIfNoSession'])
513  ) {
514  // Use 'auth' service to find the user
515  // First found user will be used
516  $subType = 'getUser' . ‪$this->loginType;
518  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
519  $row = $serviceObj->getUser();
520  if (is_array($row)) {
521  $tempuserArr[] = $row;
522  $this->logger->debug('User found', [
523  $this->userid_column => $row[$this->userid_column],
524  $this->username_column => $row[$this->username_column],
525  ]);
526  // User found, just stop to search for more if not configured to go on
527  if (empty($authConfiguration[$this->loginType . '_fetchAllUsers'])) {
528  break;
529  }
530  }
531  }
532 
533  if (!empty($authConfiguration[$this->loginType . '_alwaysFetchUser'])) {
534  $this->logger->debug($this->loginType . '_alwaysFetchUser option is enabled');
535  }
536  if (empty($tempuserArr)) {
537  $this->logger->debug('No user found by services');
538  } else {
539  $this->logger->debug('{count} user records found by services', ['count' => count($tempuserArr)]);
540  }
541  }
542 
543  // If no new user was set we use the already found user session
544  if (empty($tempuserArr) && $haveSession && !$anonymousSession) {
545  // Check if the previous services returned a proper user
546  if (is_array($authInfo['user'] ?? null)) {
547  $tempuserArr[] = $authInfo['user'];
548  $tempuser = $authInfo['user'];
549  // User is authenticated because we found a user session
550  $authenticated = true;
551  $this->logger->debug('User session used', [
552  $this->userid_column => $authInfo['user'][$this->userid_column] ?? '',
553  $this->username_column => $authInfo['user'][$this->username_column] ?? '',
554  ]);
555  }
556  }
557  // Re-auth user when 'auth'-service option is set
558  if (!empty($authConfiguration[$this->loginType . '_alwaysAuthUser'])) {
559  $authenticated = false;
560  $this->logger->debug('alwaysAuthUser option is enabled');
561  }
562  // Authenticate the user if needed
563  if (!empty($tempuserArr) && !$authenticated) {
564  foreach ($tempuserArr as $tempuser) {
565  // Use 'auth' service to authenticate the user
566  // If one service returns FALSE then authentication failed
567  // a service might return 100 which means there's no reason to stop but the user can't be authenticated by that service
568  $this->logger->debug('Auth user', $this->‪removeSensitiveLoginDataForLoggingInfo($tempuser, true));
569  $subType = 'authUser' . ‪$this->loginType;
570 
572  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
573  if (($ret = $serviceObj->authUser($tempuser)) > 0) {
574  // If the service returns >=200 then no more checking is needed - useful for IP checking without password
575  if ((int)$ret >= 200) {
576  $authenticated = true;
577  break;
578  }
579  if ((int)$ret >= 100) {
580  } else {
581  $authenticated = true;
582  }
583  } else {
584  $authenticated = false;
585  break;
586  }
587  }
588 
589  if ($authenticated) {
590  // Leave foreach() because a user is authenticated
591  break;
592  }
593  }
594  // mimic user authentication to mitigate observable timing discrepancies
595  // @link https://cwe.mitre.org/data/definitions/208.html
596  } elseif ($activeLogin) {
597  $subType = 'authUser' . ‪$this->loginType;
598  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
599  if ($serviceObj instanceof MimicServiceInterface && $serviceObj->mimicAuthUser() === false) {
600  break;
601  }
602  }
603  }
604 
605  // If user is authenticated a valid user is in $tempuser
606  if ($authenticated) {
607  // Insert session record if needed:
608  if (!$haveSession
609  || $anonymousSession
610  || (int)($tempuser['uid'] ?? 0) !== $this->userSession->getUserId()
611  ) {
612  $sessionData = $this->userSession->getData();
613  // Create a new session with a fixated user
614  $this->userSession = $this->‪createUserSession($tempuser);
615 
616  // Preserve session data on login
617  if ($anonymousSession || $haveSession) {
618  $this->userSession->overrideData($sessionData);
619  }
620 
621  $this->user = array_merge($tempuser, $this->user ?? []);
622 
623  // The login session is started.
624  $this->loginSessionStarted = true;
625  if (is_array($this->user)) {
626  $this->logger->debug('User session finally read', [
627  $this->userid_column => $this->user[$this->userid_column],
628  $this->username_column => $this->user[$this->username_column],
629  ]);
630  }
631  } else {
632  // if we come here the current session is for sure not anonymous as this is a pre-condition for $authenticated = true
633  $this->user = $authInfo['user'];
634  }
635 
636  if ($activeLogin && !$this->userSession->isNew()) {
637  $this->‪regenerateSessionId();
638  }
639 
640  if ($activeLogin) {
641  // User logged in - write that to the log!
642  if ($this->writeStdLog) {
643  $this->‪writelog(SystemLogType::LOGIN, SystemLogLoginAction::LOGIN, SystemLogErrorClassification::MESSAGE, 1, 'User %s logged in from ###IP###', [$tempuser[$this->username_column]], '', '', '');
644  }
645  $this->logger->info('User {username} logged in from {ip}', [
646  'username' => $tempuser[$this->username_column],
647  'ip' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
648  ]);
649  } else {
650  $this->logger->debug('User {username} authenticated from {ip}', [
651  'username' => $tempuser[$this->username_column],
652  'ip' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
653  ]);
654  }
655  // Check if multi-factor authentication is required
657  } else {
658  // Mark the current login attempt as failed
659  if (empty($tempuserArr) && $activeLogin) {
660  $this->logger->debug('Login failed', [
661  'loginData' => $this->‪removeSensitiveLoginDataForLoggingInfo($loginData),
662  ]);
663  } elseif (!empty($tempuserArr)) {
664  $this->logger->debug('Login failed', [
665  $this->userid_column => $tempuser[$this->userid_column],
666  $this->username_column => $tempuser[$this->username_column],
667  ]);
668  }
669 
670  // If there were a login failure, check to see if a warning email should be sent
671  if ($activeLogin) {
672  $this->‪handleLoginFailure();
673  }
674  }
675  }
676 
686  protected function ‪evaluateMfaRequirements(): void
687  {
688  // MFA has been validated already, nothing to do
689  if ($this->‪getSessionData('mfa')) {
690  return;
691  }
692  // If the user session does not contain the 'mfa' key - indicating that MFA is already
693  // passed - get the first provider for authentication, which is either the default provider
694  // or the first active provider (based on the providers configured ordering).
695  $provider = GeneralUtility::makeInstance(MfaProviderRegistry::class)->getFirstAuthenticationAwareProvider($this);
696  // Throw an exception (hopefully caught in a middleware) when an active provider for the user exists
697  if ($provider !== null) {
698  throw new ‪MfaRequiredException($provider, 1613687097);
699  }
700  }
701 
708  public function ‪isMfaSetupRequired(): bool
709  {
710  return false;
711  }
712 
716  protected function ‪handleLoginFailure(): void
717  {
718  $_params = [];
719  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postLoginFailureProcessing'] ?? [] as $hookIdentifier => $_funcRef) {
720  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
721  }
722  }
723 
730  public function ‪createSessionId()
731  {
732  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(32);
733  }
734 
743  protected function ‪getAuthServices(string $subType, array $loginData, array $authInfo): \Traversable
744  {
745  $serviceChain = [];
746  while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
747  $serviceChain[] = $serviceObj->getServiceKey();
748  $serviceObj->initAuth($subType, $loginData, $authInfo, $this);
749  yield $serviceObj;
750  }
751  if (!empty($serviceChain)) {
752  $this->logger->debug('{subtype} auth services called: {chain}', [
753  'subtype' => $subType,
754  'chain' => implode(',', $serviceChain),
755  ]);
756  }
757  }
758 
764  protected function ‪regenerateSessionId()
765  {
766  $this->userSession = $this->userSessionManager->regenerateSession($this->userSession->getIdentifier());
767  }
768 
769  /*************************
770  *
771  * User Sessions
772  *
773  *************************/
774 
781  public function ‪createUserSession(array $tempuser): UserSession
782  {
783  // Needed for testing framework
784  if (!isset($this->userSessionManager)) {
786  }
787  $tempUserId = (int)($tempuser[$this->userid_column] ?? 0);
788  $session = $this->userSessionManager->elevateToFixatedUserSession($this->userSession, $tempUserId);
789  // Updating lastLogin_column carrying information about last login.
790  $this->‪updateLoginTimestamp($tempUserId);
791  return $session;
792  }
793 
799  protected function ‪updateLoginTimestamp(int $userId)
800  {
801  if ($this->lastLogin_column) {
802  $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table);
803  $connection->update(
804  $this->user_table,
805  [$this->lastLogin_column => ‪$GLOBALS['EXEC_TIME']],
806  [$this->userid_column => $userId]
807  );
808  $this->user[‪$this->lastLogin_column] = ‪$GLOBALS['EXEC_TIME'];
809  }
810  }
811 
819  public function ‪fetchUserSession($skipSessionUpdate = false)
820  {
821  try {
822  $session = $this->userSessionManager->createSessionFromStorage($this->userSession->getIdentifier());
823  } catch (SessionNotFoundException $e) {
824  return false;
825  }
826  $this->userSession = $session;
827  // Session is anonymous so no need to fetch user
828  if ($session->isAnonymous()) {
829  return $session->toArray();
830  }
831 
832  // Fetch the user from the DB
833  $userRecord = $this->‪fetchValidUserFromSessionOrDestroySession($skipSessionUpdate);
834  return is_array($userRecord) ? $userRecord : false;
835  }
836 
847  protected function ‪fetchValidUserFromSessionOrDestroySession(bool $skipSessionUpdate = false): ?array
848  {
849  if ($this->userSession->isAnonymous()) {
850  return null;
851  }
852  // Fetch the user from the DB
853  $userRecord = $this->‪getRawUserByUid($this->userSession->getUserId() ?? 0);
854  if ($userRecord) {
855  // A user was found
856  $userRecord['is_online'] = $this->userSession->getLastUpdated();
857  if (!$this->userSessionManager->hasExpired($this->userSession)) {
858  if (!$skipSessionUpdate) {
859  $this->userSession = $this->userSessionManager->updateSessionTimestamp($this->userSession);
860  }
861  } else {
862  // Delete any user set...
863  $this->‪logoff();
864  $userRecord = false;
865  $this->userSession = $this->userSessionManager->createAnonymousSession();
866  }
867  }
868  return is_array($userRecord) ? $userRecord : null;
869  }
870 
876  public function ‪enforceNewSessionId()
877  {
878  $this->‪regenerateSessionId();
879  $this->‪setSessionCookie();
880  }
881 
887  public function ‪logoff()
888  {
889  $this->logger->debug('logoff: ses_id = {session}', ['session' => sha1($this->userSession->getIdentifier())]);
890 
891  $_params = [];
892  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'] ?? [] as $_funcRef) {
893  if ($_funcRef) {
894  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
895  }
896  }
897  $this->‪performLogoff();
898 
899  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] ?? [] as $_funcRef) {
900  if ($_funcRef) {
901  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
902  }
903  }
904  }
905 
911  protected function ‪performLogoff()
912  {
913  if ($this->userSession) {
914  $this->userSessionManager->removeSession($this->userSession);
915  }
916  $this->userSession = $this->userSessionManager->createAnonymousSession();
917  $this->user = null;
918  if ($this->‪isCookieSet()) {
919  $this->‪removeCookie($this->name);
920  }
921  }
922 
928  public function ‪removeCookie($cookieName = null)
929  {
930  $cookieName = $cookieName ?? ‪$this->name;
931  $cookieDomain = $this->‪getCookieDomain();
932  // If no cookie domain is set, use the base path
933  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');
934  $this->setCookie = new Cookie(
935  $cookieName,
936  '',
937  -1,
938  $cookiePath,
939  $cookieDomain
940  );
941  }
942 
949  public function ‪isCookieSet()
950  {
951  return isset($this->setCookie) || $this->‪getCookie($this->name);
952  }
953 
954  /*************************
955  *
956  * SQL Functions
957  *
958  *************************/
967  protected function ‪userConstraints(): QueryRestrictionContainerInterface
968  {
969  $restrictionContainer = GeneralUtility::makeInstance(DefaultRestrictionContainer::class);
970 
971  if (empty($this->enablecolumns['disabled'])) {
972  $restrictionContainer->removeByType(HiddenRestriction::class);
973  }
974 
975  if (empty($this->enablecolumns['deleted'])) {
976  $restrictionContainer->removeByType(DeletedRestriction::class);
977  }
978 
979  if (empty($this->enablecolumns['starttime'])) {
980  $restrictionContainer->removeByType(StartTimeRestriction::class);
981  }
982 
983  if (empty($this->enablecolumns['endtime'])) {
984  $restrictionContainer->removeByType(EndTimeRestriction::class);
985  }
986 
987  if (!empty($this->enablecolumns['rootLevel'])) {
988  $restrictionContainer->add(GeneralUtility::makeInstance(RootLevelRestriction::class, [$this->user_table]));
989  }
990 
991  return $restrictionContainer;
992  }
993 
994  /*************************
995  *
996  * Session and Configuration Handling
997  *
998  *************************/
1006  public function ‪writeUC($variable = '')
1007  {
1008  if ($variable !== '') {
1009  trigger_error('Calling ' . __CLASS__ . '->writeUC() with an input argument will stop working with TYPO3 12.0. Setting the "uc" as array can be done via $user->uc = $myValue.', E_USER_DEPRECATED);
1010  }
1011  if (is_array($this->user) && $this->user[$this->userid_column]) {
1012  if (!is_array($variable)) {
1013  $variable = ‪$this->uc;
1014  }
1015  $this->logger->debug('writeUC: {userid_column}={value}', [
1016  'userid_column' => $this->userid_column,
1017  'value' => $this->user[$this->userid_column],
1018  ]);
1019  GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table)->update(
1020  $this->user_table,
1021  ['uc' => serialize($variable)],
1022  [$this->userid_column => (int)$this->user[$this->userid_column]],
1023  ['uc' => ‪Connection::PARAM_LOB]
1024  );
1025  }
1026  }
1027 
1034  public function ‪unpack_uc($theUC = '')
1035  {
1036  if ($theUC !== '') {
1037  trigger_error('Calling ' . __CLASS__ . '->unpack_uc() with an input argument will stop working with TYPO3 12.0. Setting the "uc" as array can be done via $user->uc = $myValue.', E_USER_DEPRECATED);
1038  }
1039  if (!$theUC && isset($this->user['uc'])) {
1040  $theUC = unserialize($this->user['uc'], ['allowed_classes' => false]);
1041  }
1042  if (is_array($theUC)) {
1043  $this->uc = $theUC;
1044  }
1045  }
1046 
1056  public function ‪pushModuleData($module, $data, $noSave = 0)
1057  {
1058  $sessionHash = GeneralUtility::hmac(
1059  $this->userSession->getIdentifier(),
1060  'core-session-hash'
1061  );
1062  $this->uc['moduleData'][$module] = $data;
1063  $this->uc['moduleSessionID'][$module] = $sessionHash;
1064  if (!$noSave) {
1065  $this->‪writeUC();
1066  }
1067  }
1068 
1076  public function ‪getModuleData($module, $type = '')
1077  {
1078  $sessionHash = GeneralUtility::hmac(
1079  $this->userSession->getIdentifier(),
1080  'core-session-hash'
1081  );
1082  $sessionData = $this->uc['moduleData'][$module] ?? null;
1083  $moduleSessionIdHash = $this->uc['moduleSessionID'][$module] ?? null;
1084  if ($type !== 'ses'
1085  || $sessionData !== null && $moduleSessionIdHash === $sessionHash
1086  // @todo Fallback for non-hashed values in `moduleSessionID`, remove for TYPO3 v11.5 LTS
1087  || $sessionData !== null && $moduleSessionIdHash === $this->userSession->getIdentifier()
1088  ) {
1089  return $sessionData;
1090  }
1091  return null;
1092  }
1093 
1101  public function ‪getSessionData($key)
1102  {
1103  return $this->userSession ? $this->userSession->get($key) : '';
1104  }
1105 
1113  public function ‪setSessionData($key, $data)
1114  {
1115  $this->userSession->set($key, $data);
1116  }
1117 
1125  public function ‪setAndSaveSessionData($key, $data)
1126  {
1127  $this->userSession->set($key, $data);
1128  $this->logger->debug('setAndSaveSessionData: ses_id = {session}', ['session' => sha1($this->userSession->getIdentifier())]);
1129  $this->userSession = $this->userSessionManager->updateSession($this->userSession);
1130  }
1131 
1132  /*************************
1133  *
1134  * Misc
1135  *
1136  *************************/
1143  public function ‪getLoginFormData()
1144  {
1145  $loginData = [
1146  'status' => ‪StringUtility::filter(GeneralUtility::_GP($this->formfield_status)),
1147  'uname' => ‪StringUtility::filter(GeneralUtility::_POST($this->formfield_uname), ''),
1148  'uident' => ‪StringUtility::filter(GeneralUtility::_POST($this->formfield_uident), ''),
1149  ];
1150  // Only process the login data if a login is requested
1151  if ($loginData['status'] === ‪LoginType::LOGIN) {
1152  $loginData = $this->‪processLoginData($loginData);
1153  }
1154  return $loginData;
1155  }
1156 
1157  public function ‪isActiveLogin(ServerRequestInterface $request): bool
1158  {
1159  $status = $request->getParsedBody()[‪$this->formfield_status] ?? $request->getQueryParams()[‪$this->formfield_status] ?? '';
1160  return $status === ‪LoginType::LOGIN;
1161  }
1162 
1170  public function ‪processLoginData($loginData)
1171  {
1172  $this->logger->debug('Login data before processing', $this->‪removeSensitiveLoginDataForLoggingInfo($loginData));
1173  $subType = 'processLoginData' . ‪$this->loginType;
1174  $authInfo = $this->‪getAuthInfoArray();
1175  $isLoginDataProcessed = false;
1176  $processedLoginData = $loginData;
1178  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObject) {
1179  $serviceResult = $serviceObject->processLoginData($processedLoginData, 'normal');
1180  if (!empty($serviceResult)) {
1181  $isLoginDataProcessed = true;
1182  // If the service returns >=200 then no more processing is needed
1183  if ((int)$serviceResult >= 200) {
1184  break;
1185  }
1186  }
1187  }
1188  if ($isLoginDataProcessed) {
1189  $loginData = $processedLoginData;
1190  $this->logger->debug('Processed login data', $this->‪removeSensitiveLoginDataForLoggingInfo($processedLoginData));
1191  }
1192  return $loginData;
1193  }
1194 
1205  protected function ‪removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord = false)
1206  {
1207  if ($isUserRecord && is_array($data)) {
1208  $fieldNames = ['uid', 'pid', 'tstamp', 'crdate', 'cruser_id', 'deleted', 'disabled', 'starttime', 'endtime', 'username', 'admin', 'usergroup', 'db_mountpoints', 'file_mountpoints', 'file_permissions', 'workspace_perms', 'lastlogin', 'workspace_id', 'category_perms'];
1209  $data = array_intersect_key($data, array_combine($fieldNames, $fieldNames));
1210  }
1211  if (isset($data['uident'])) {
1212  $data['uident'] = '********';
1213  }
1214  if (isset($data['uident_text'])) {
1215  $data['uident_text'] = '********';
1216  }
1217  if (isset($data['password'])) {
1218  $data['password'] = '********';
1219  }
1220  return $data;
1221  }
1222 
1229  public function ‪getAuthInfoArray()
1230  {
1231  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1232  $expressionBuilder = $queryBuilder->expr();
1233  $authInfo = [];
1234  $authInfo['loginType'] = ‪$this->loginType;
1235  $authInfo['refInfo'] = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));
1236  $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
1237  $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
1238  $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
1239  // Can be overridden in localconf by SVCONF:
1240  $authInfo['db_user']['table'] = ‪$this->user_table;
1241  $authInfo['db_user']['userid_column'] = ‪$this->userid_column;
1242  $authInfo['db_user']['username_column'] = ‪$this->username_column;
1243  $authInfo['db_user']['userident_column'] = ‪$this->userident_column;
1244  $authInfo['db_user']['enable_clause'] = $this->‪userConstraints()->‪buildExpression(
1245  [$this->user_table => $this->user_table],
1246  $expressionBuilder
1247  );
1248  if ($this->checkPid && $this->checkPid_value !== null) {
1249  $authInfo['db_user']['checkPidList'] = ‪$this->checkPid_value;
1250  $authInfo['db_user']['check_pid_clause'] = $expressionBuilder->in(
1251  'pid',
1252  ‪GeneralUtility::intExplode(',', (string)$this->checkPid_value)
1253  );
1254  } else {
1255  $authInfo['db_user']['checkPidList'] = '';
1256  $authInfo['db_user']['check_pid_clause'] = '';
1257  }
1258  return $authInfo;
1259  }
1260 
1274  public function ‪writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid) {}
1275 
1287  public function ‪setBeUserByUid($uid)
1288  {
1289  $this->user = $this->‪getRawUserByUid($uid);
1290  }
1291 
1299  public function ‪setBeUserByName(‪$name)
1300  {
1301  $this->user = $this->‪getRawUserByName(‪$name) ?: null;
1302  }
1303 
1311  public function ‪getRawUserByUid($uid)
1312  {
1313  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1314  $query->setRestrictions($this->‪userConstraints());
1315  $query->select('*')
1316  ->from($this->user_table)
1317  ->where($query->expr()->eq('uid', $query->createNamedParameter($uid, ‪Connection::PARAM_INT)));
1318 
1319  return $query->executeQuery()->fetchAssociative();
1320  }
1321 
1330  public function ‪getRawUserByName(‪$name)
1331  {
1332  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1333  $query->setRestrictions($this->‪userConstraints());
1334  $query->select('*')
1335  ->from($this->user_table)
1336  ->where($query->expr()->eq('username', $query->createNamedParameter(‪$name, ‪Connection::PARAM_STR)));
1338  return $query->executeQuery()->fetchAssociative();
1339  }
1340 
1344  public function ‪getSession(): ‪UserSession
1345  {
1346  return ‪$this->userSession;
1347  }
1348 
1349  public function ‪__isset(string $propertyName): bool
1350  {
1351  switch ($propertyName) {
1352  case 'id':
1353  trigger_error('Property id is removed in v11.', E_USER_DEPRECATED);
1354  return isset($this->userSession);
1355  }
1356  return isset($this->propertyName);
1357  }
1358 
1359  public function ‪__set(string $propertyName, $propertyValue)
1360  {
1361  switch ($propertyName) {
1362  case 'id':
1363  if (!isset($this->userSessionManager)) {
1365  }
1366  $this->userSession = ‪UserSession::createNonFixated($propertyValue);
1367  // No deprecation due to adaptions in testing framework to remove ->id = ...
1368  break;
1369  }
1370  $this->$propertyName = $propertyValue;
1371  }
1372 
1373  public function ‪__get(string $propertyName)
1374  {
1375  switch ($propertyName) {
1376  case 'id':
1377  trigger_error('Property id is marked as protected now. Use ->getSession()->getIdentifier().', E_USER_DEPRECATED);
1378  return $this->‪getSession()->‪getIdentifier();
1379  }
1380  return $this->$propertyName;
1381  }
1382 
1383  public function ‪__unset(string $propertyName): void
1384  {
1385  switch ($propertyName) {
1386  case 'id':
1387  trigger_error('Property id is marked as protected now. Use ->getSession()->getIdentifier().', E_USER_DEPRECATED);
1388  return;
1389  }
1390  unset($this->$propertyName);
1391  }
1392 }
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\initializeUserSessionManager
‪initializeUserSessionManager(?UserSessionManager $userSessionManager=null)
Definition: AbstractUserAuthentication.php:218
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__unset
‪__unset(string $propertyName)
Definition: AbstractUserAuthentication.php:1361
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSession
‪UserSession getSession()
Definition: AbstractUserAuthentication.php:1322
‪TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction
Definition: HiddenRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid
‪bool $checkPid
Definition: AbstractUserAuthentication.php:150
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff
‪logoff()
Definition: AbstractUserAuthentication.php:865
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo
‪mixed removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord=false)
Definition: AbstractUserAuthentication.php:1183
‪TYPO3\CMS\Core\Database\Connection\PARAM_INT
‪const PARAM_INT
Definition: Connection.php:49
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType
‪string $loginType
Definition: AbstractUserAuthentication.php:180
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface
Definition: MimicServiceInterface.php:21
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp
‪updateLoginTimestamp(int $userId)
Definition: AbstractUserAuthentication.php:777
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId
‪string createSessionId()
Definition: AbstractUserAuthentication.php:708
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain
‪string getCookieDomain()
Definition: AbstractUserAuthentication.php:331
‪TYPO3\CMS\Core\Session\UserSession\getIdentifier
‪string getIdentifier()
Definition: UserSession.php:63
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC
‪writeUC($variable='')
Definition: AbstractUserAuthentication.php:984
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\unpack_uc
‪unpack_uc($theUC='')
Definition: AbstractUserAuthentication.php:1012
‪TYPO3\CMS\Core\Database\Query\Restriction\EndTimeRestriction
Definition: EndTimeRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid
‪array getRawUserByUid($uid)
Definition: AbstractUserAuthentication.php:1289
‪TYPO3\CMS\Core\Exception
Definition: Exception.php:21
‪TYPO3\CMS\Core\Database\Query\Restriction\StartTimeRestriction
Definition: StartTimeRestriction.php:27
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionInterface\buildExpression
‪CompositeExpression buildExpression(array $queriedTables, ExpressionBuilder $expressionBuilder)
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userGroups
‪array $userGroups
Definition: AbstractUserAuthentication.php:170
‪TYPO3\CMS\Core\Session\UserSession
Definition: UserSession.php:39
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column
‪string $username_column
Definition: AbstractUserAuthentication.php:78
‪TYPO3\CMS\Core\Exception
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__isset
‪__isset(string $propertyName)
Definition: AbstractUserAuthentication.php:1327
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isMfaSetupRequired
‪bool isMfaSetupRequired()
Definition: AbstractUserAuthentication.php:686
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray
‪array getAuthInfoArray()
Definition: AbstractUserAuthentication.php:1207
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__construct
‪__construct()
Definition: AbstractUserAuthentication.php:202
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie
‪string getCookie($cookieName)
Definition: AbstractUserAuthentication.php:361
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog
‪writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
Definition: AbstractUserAuthentication.php:1252
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionContainerInterface
Definition: QueryRestrictionContainerInterface.php:25
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start
‪start(?ServerRequestInterface $request=null)
Definition: AbstractUserAuthentication.php:235
‪TYPO3\CMS\Core\Session\UserSession\isNew
‪bool isNew()
Definition: UserSession.php:191
‪TYPO3\CMS\Core\Database\Connection\PARAM_STR
‪const PARAM_STR
Definition: Connection.php:54
‪TYPO3\CMS\Core\SysLog\Action\Login
Definition: Login.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uident
‪string $formfield_uident
Definition: AbstractUserAuthentication.php:120
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication
‪checkAuthentication(?ServerRequestInterface $request=null)
Definition: AbstractUserAuthentication.php:407
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServiceConfiguration
‪array getAuthServiceConfiguration()
Definition: AbstractUserAuthentication.php:392
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\appendCookieToResponse
‪ResponseInterface appendCookieToResponse(ResponseInterface $response)
Definition: AbstractUserAuthentication.php:277
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData
‪array processLoginData($loginData)
Definition: AbstractUserAuthentication.php:1148
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$enablecolumns
‪array $enablecolumns
Definition: AbstractUserAuthentication.php:103
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\handleLoginFailure
‪handleLoginFailure()
Definition: AbstractUserAuthentication.php:694
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession
‪UserSession createUserSession(array $tempuser)
Definition: AbstractUserAuthentication.php:759
‪TYPO3\CMS\Core\Session\UserSession\createNonFixated
‪static UserSession createNonFixated(string $identifier)
Definition: UserSession.php:247
‪TYPO3\CMS\Core\Utility\StringUtility\filter
‪static filter($value, ?string $default=null)
Definition: StringUtility.php:50
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userSessionManager
‪UserSessionManager $userSessionManager
Definition: AbstractUserAuthentication.php:188
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_status
‪string $formfield_status
Definition: AbstractUserAuthentication.php:125
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession
‪array bool fetchUserSession($skipSessionUpdate=false)
Definition: AbstractUserAuthentication.php:797
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff
‪performLogoff()
Definition: AbstractUserAuthentication.php:889
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionData
‪setSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1091
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_table
‪string $usergroup_table
Definition: AbstractUserAuthentication.php:73
‪TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction
Definition: RootLevelRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__get
‪__get(string $propertyName)
Definition: AbstractUserAuthentication.php:1351
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userSession
‪UserSession $userSession
Definition: AbstractUserAuthentication.php:186
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isSetSessionCookie
‪bool isSetSessionCookie()
Definition: AbstractUserAuthentication.php:372
‪TYPO3\CMS\Core\Authentication\Mfa\MfaRequiredException
Definition: MfaRequiredException.php:29
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getModuleData
‪mixed getModuleData($module, $type='')
Definition: AbstractUserAuthentication.php:1054
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData
‪pushModuleData($module, $data, $noSave=0)
Definition: AbstractUserAuthentication.php:1034
‪TYPO3\CMS\Core\Http\ServerRequestFactory
Definition: ServerRequestFactory.php:34
‪TYPO3\CMS\Core\SysLog\Error
Definition: Error.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_column
‪string $usergroup_column
Definition: AbstractUserAuthentication.php:93
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData
‪mixed getSessionData($key)
Definition: AbstractUserAuthentication.php:1079
‪TYPO3\CMS\Core\Authentication\LoginType\LOGOUT
‪const LOGOUT
Definition: LoginType.php:35
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices
‪Traversable getAuthServices(string $subType, array $loginData, array $authInfo)
Definition: AbstractUserAuthentication.php:721
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setAndSaveSessionData
‪setAndSaveSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1103
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name
‪string $name
Definition: AbstractUserAuthentication.php:63
‪TYPO3\CMS\Core\Session\UserSessionManager\create
‪static static create(string $loginType, ?int $sessionLifetime=null, ?SessionManager $sessionManager=null, ?IpLocker $ipLocker=null)
Definition: UserSessionManager.php:392
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeAttemptLog
‪bool $writeAttemptLog
Definition: AbstractUserAuthentication.php:145
‪TYPO3\CMS\Core\Authentication\LoginType\LOGIN
‪const LOGIN
Definition: LoginType.php:30
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__set
‪__set(string $propertyName, $propertyValue)
Definition: AbstractUserAuthentication.php:1337
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId
‪enforceNewSessionId()
Definition: AbstractUserAuthentication.php:854
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user
‪array null $user
Definition: AbstractUserAuthentication.php:165
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\evaluateMfaRequirements
‪evaluateMfaRequirements()
Definition: AbstractUserAuthentication.php:664
‪TYPO3\CMS\Core\Database\Connection
Definition: Connection.php:38
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginSessionStarted
‪bool $loginSessionStarted
Definition: AbstractUserAuthentication.php:160
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$lastLogin_column
‪string $lastLogin_column
Definition: AbstractUserAuthentication.php:98
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column
‪string $userident_column
Definition: AbstractUserAuthentication.php:83
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isRefreshTimeBasedCookie
‪bool isRefreshTimeBasedCookie()
Definition: AbstractUserAuthentication.php:383
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId
‪regenerateSessionId()
Definition: AbstractUserAuthentication.php:742
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData
‪array getLoginFormData()
Definition: AbstractUserAuthentication.php:1121
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
Definition: DeletedRestriction.php:28
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:43
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid_value
‪int string $checkPid_value
Definition: AbstractUserAuthentication.php:155
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isActiveLogin
‪isActiveLogin(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1135
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column
‪string $userid_column
Definition: AbstractUserAuthentication.php:88
‪TYPO3\CMS\Core\Utility\GeneralUtility\intExplode
‪static int[] intExplode($delimiter, $string, $removeEmptyValues=false, $limit=0)
Definition: GeneralUtility.php:927
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie
‪removeCookie($cookieName=null)
Definition: AbstractUserAuthentication.php:906
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet
‪bool isCookieSet()
Definition: AbstractUserAuthentication.php:927
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$dontSetCookie
‪bool $dontSetCookie
Definition: AbstractUserAuthentication.php:175
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$setCookie
‪Cookie $setCookie
Definition: AbstractUserAuthentication.php:195
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie
‪setSessionCookie()
Definition: AbstractUserAuthentication.php:288
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByUid
‪setBeUserByUid($uid)
Definition: AbstractUserAuthentication.php:1265
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:46
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchValidUserFromSessionOrDestroySession
‪array null fetchValidUserFromSessionOrDestroySession(bool $skipSessionUpdate=false)
Definition: AbstractUserAuthentication.php:825
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName
‪setBeUserByName($name)
Definition: AbstractUserAuthentication.php:1277
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$uc
‪array $uc
Definition: AbstractUserAuthentication.php:184
‪TYPO3\CMS\Core\Utility\StringUtility
Definition: StringUtility.php:22
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface\mimicAuthUser
‪bool mimicAuthUser()
‪TYPO3\CMS\Core\Core\Environment\isCli
‪static bool isCli()
Definition: Environment.php:162
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeStdLog
‪bool $writeStdLog
Definition: AbstractUserAuthentication.php:140
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uname
‪string $formfield_uname
Definition: AbstractUserAuthentication.php:115
‪TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException
Definition: SessionNotFoundException.php:23
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user_table
‪string $user_table
Definition: AbstractUserAuthentication.php:68
‪TYPO3\CMS\Core\Session\UserSessionManager
Definition: UserSessionManager.php:38
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$lifetime
‪int $lifetime
Definition: AbstractUserAuthentication.php:135
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName
‪array getRawUserByName($name)
Definition: AbstractUserAuthentication.php:1308
‪TYPO3\CMS\Core\SysLog\Type
Definition: Type.php:28
‪TYPO3\CMS\Core\Database\Query\Restriction\DefaultRestrictionContainer
Definition: DefaultRestrictionContainer.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
Definition: AbstractUserAuthentication.php:56
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints
‪QueryRestrictionContainerInterface userConstraints()
Definition: AbstractUserAuthentication.php:945
‪TYPO3\CMS\Core\Http\ServerRequestFactory\fromGlobals
‪static ServerRequest fromGlobals()
Definition: ServerRequestFactory.php:59
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderRegistry
Definition: MfaProviderRegistry.php:28
‪TYPO3\CMS\Core\Database\Connection\PARAM_LOB
‪const PARAM_LOB
Definition: Connection.php:59