‪TYPO3CMS  11.5
CommandLineUserAuthentication.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\Authentication;
17 
18 use Psr\Http\Message\ServerRequestInterface;
19 use ‪TYPO3\CMS\Core\Core\Environment;
20 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
21 use ‪TYPO3\CMS\Core\Crypto\Random;
22 use ‪TYPO3\CMS\Core\Database\ConnectionPool;
23 use ‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 
30 class ‪CommandLineUserAuthentication extends ‪BackendUserAuthentication
31 {
36  protected ‪$username = '_cli_';
37 
43  public function ‪__construct()
44  {
45  if (!‪Environment::isCli()) {
46  throw new \RuntimeException('Creating a CLI-based user object on non-CLI level is not allowed', 1483971165);
47  }
48  if (!$this->‪isUserAllowedToLogin()) {
49  throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
50  }
51  $this->dontSetCookie = true;
52  parent::__construct();
53  }
54 
63  public function ‪start(ServerRequestInterface $request = null)
64  {
65  // do nothing
66  }
67 
73  public function ‪checkAuthentication(ServerRequestInterface $request = null)
74  {
75  // do nothing
76  }
77 
81  public function ‪getOriginalUserIdWhenInSwitchUserMode(): ?int
82  {
83  return null;
84  }
85 
91  public function ‪authenticate()
92  {
93  // check if a _CLI_ user exists, if not, create one
94  $this->‪setBeUserByName($this->username);
95  if (empty($this->user['uid'])) {
96  // create a new BE user in the database
97  if (!$this->‪checkIfCliUserExists()) {
98  $this->‪createCliUser();
99  } else {
100  throw new \RuntimeException('No backend user named "_cli_" could be authenticated, maybe this user is "hidden"?', 1484050401);
101  }
102  $this->‪setBeUserByName($this->username);
103  }
104  if (empty($this->user['uid'])) {
105  throw new \RuntimeException('No backend user named "_cli_" could be created.', 1476107195);
106  }
107  // The groups are fetched and ready for permission checking in this initialization.
108  $this->‪fetchGroupData();
109  $this->‪backendSetUC();
110  }
111 
117  public function ‪backendCheckLogin($proceedIfNoUserIsLoggedIn = null)
118  {
119  $this->‪authenticate();
120  }
121 
129  public function ‪isUserAllowedToLogin()
130  {
131  return in_array((int)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
132  }
133 
140  protected function ‪checkIfCliUserExists()
141  {
142  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
143  $queryBuilder->getRestrictions()
144  ->removeAll()
145  ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
146  $count = $queryBuilder
147  ->count('*')
148  ->from('be_users')
149  ->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_cli_')))
150  ->executeQuery()
151  ->fetchOne();
152  return (bool)$count;
153  }
154 
158  protected function ‪createCliUser()
159  {
160  $userFields = [
161  'username' => ‪$this->username,
162  'password' => $this->‪generateHashedPassword(),
163  'admin' => 1,
164  'tstamp' => ‪$GLOBALS['EXEC_TIME'] ?? time(),
165  'crdate' => ‪$GLOBALS['EXEC_TIME'] ?? time(),
166  ];
167 
168  $databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
169  ->getConnectionForTable('be_users');
170  $databaseConnection->insert('be_users', $userFields);
171  }
172 
178  protected function ‪generateHashedPassword()
179  {
180  $cryptoService = GeneralUtility::makeInstance(Random::class);
181  $password = $cryptoService->generateRandomBytes(20);
182  $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
183  return $hashInstance->getHashedPassword($password);
184  }
185 }
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory
Definition: PasswordHashFactory.php:27
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\generateHashedPassword
‪string generateHashedPassword()
Definition: CommandLineUserAuthentication.php:177
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\getOriginalUserIdWhenInSwitchUserMode
‪getOriginalUserIdWhenInSwitchUserMode()
Definition: CommandLineUserAuthentication.php:80
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate
‪authenticate()
Definition: CommandLineUserAuthentication.php:90
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData
‪fetchGroupData()
Definition: BackendUserAuthentication.php:1092
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\createCliUser
‪createCliUser()
Definition: CommandLineUserAuthentication.php:157
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\isUserAllowedToLogin
‪bool isUserAllowedToLogin()
Definition: CommandLineUserAuthentication.php:128
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\start
‪start(ServerRequestInterface $request=null)
Definition: CommandLineUserAuthentication.php:62
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC
‪backendSetUC()
Definition: BackendUserAuthentication.php:2162
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\checkAuthentication
‪checkAuthentication(ServerRequestInterface $request=null)
Definition: CommandLineUserAuthentication.php:72
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\backendCheckLogin
‪backendCheckLogin($proceedIfNoUserIsLoggedIn=null)
Definition: CommandLineUserAuthentication.php:116
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
Definition: DeletedRestriction.php:28
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\__construct
‪__construct()
Definition: CommandLineUserAuthentication.php:42
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:43
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\checkIfCliUserExists
‪bool checkIfCliUserExists()
Definition: CommandLineUserAuthentication.php:139
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:46
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName
‪setBeUserByName($name)
Definition: AbstractUserAuthentication.php:1277
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\$username
‪string $username
Definition: CommandLineUserAuthentication.php:35
‪TYPO3\CMS\Core\Core\Environment\isCli
‪static bool isCli()
Definition: Environment.php:162
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication
Definition: CommandLineUserAuthentication.php:31