MfaProviderPropertyManager.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Core\Authentication\Mfa;
 
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
use ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
use ‪TYPO3\CMS\Core\Context\Context;
use ‪TYPO3\CMS\Core\Database\Connection;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪MfaProviderPropertyManager implements LoggerAwareInterface
{
    use LoggerAwareTrait;
 
    protected ‪AbstractUserAuthentication ‪$user;
    protected array ‪$mfa;
    protected string ‪$providerIdentifier;
    protected array ‪$providerProperties;
    protected const ‪DATABASE_FIELD_NAME = 'mfa';
 
    public function ‪__construct(‪AbstractUserAuthentication ‪$user, string $provider)
    {
        $this->user = ‪$user;
        $this->mfa = json_decode(‪$user->user[self::DATABASE_FIELD_NAME] ?? '', true) ?? [];
        $this->providerIdentifier = $provider;
        $this->providerProperties = $this->mfa[$provider] ?? [];
    }
 
    public function ‪hasProviderEntry(): bool
    {
        return isset($this->mfa[$this->providerIdentifier]);
    }
 
    public function ‪hasProperty(string $key): bool
    {
        return isset($this->providerProperties[$key]);
    }
 
    public function ‪getProperty(string $key, $default = null)
    {
        return $this->providerProperties[$key] ?? $default;
    }
 
    public function ‪getProperties(): array
    {
        return ‪$this->providerProperties;
    }
 
    public function ‪updateProperties(array $properties): bool
    {
        // This is to prevent provider data inconsistency
        if (!$this->‪hasProviderEntry()) {
            throw new \InvalidArgumentException(
                'No entry for provider ' . $this->providerIdentifier . ' exists yet. Use createProviderEntry() instead.',
                1613993188
            );
        }
 
        if (!isset($properties['updated'])) {
            $properties['updated'] = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('date', 'timestamp');
        }
 
        $this->providerProperties = array_replace($this->providerProperties, $properties);
        $this->mfa[‪$this->providerIdentifier] = ‪$this->providerProperties;
        return $this->‪storeProperties();
    }
 
    public function ‪createProviderEntry(array $properties): bool
    {
        // This is to prevent unintentional overwriting of provider entries
        if ($this->‪hasProviderEntry()) {
            throw new \InvalidArgumentException(
                'A entry for provider ' . $this->providerIdentifier . ' already exists. Use updateProperties() instead.',
                1612781782
            );
        }
 
        if (!isset($properties['created'])) {
            $properties['created'] = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('date', 'timestamp');
        }
 
        if (!isset($properties['updated'])) {
            $properties['updated'] = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('date', 'timestamp');
        }
 
        $this->providerProperties = $properties;
        $this->mfa[‪$this->providerIdentifier] = ‪$this->providerProperties;
        return $this->‪storeProperties();
    }
 
    public function ‪deleteProviderEntry(): bool
    {
        $this->providerProperties = [];
        unset($this->mfa[$this->providerIdentifier]);
        return $this->‪storeProperties();
    }
 
    protected function ‪storeProperties(): bool
    {
        // encode the mfa properties to store them in the database and the user array
        ‪$mfa = json_encode($this->mfa, JSON_THROW_ON_ERROR) ?: '';
 
        // Write back the updated mfa properties to the user array
        $this->user->user[‪self::DATABASE_FIELD_NAME] = ‪$mfa;
 
        // Log MFA update
        $this->logger->debug('MFA properties updated', [
            'provider' => $this->providerIdentifier,
            'user' => [
                'uid' => $this->user->user[$this->user->userid_column],
                'username' => $this->user->user[$this->user->username_column],
            ],
        ]);
 
        // Store updated mfa properties in the database
        return (bool)GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user->user_table)->update(
            $this->user->user_table,
            [self::DATABASE_FIELD_NAME => ‪$mfa],
            [$this->user->userid_column => (int)$this->user->user[$this->user->userid_column]],
            [self::DATABASE_FIELD_NAME => ‪Connection::PARAM_LOB]
        );
    }
 
    public function ‪getUser(): ‪AbstractUserAuthentication
    {
        return ‪$this->user;
    }
 
    public function ‪getIdentifier(): string
    {
        return ‪$this->providerIdentifier;
    }
 
    public static function ‪create(‪MfaProviderManifestInterface $provider, ‪AbstractUserAuthentication ‪$user): self
    {
        return GeneralUtility::makeInstance(self::class, ‪$user, $provider->‪getIdentifier());
    }
}