‪TYPO3CMS  11.5
MvcPropertyMappingConfigurationService.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Extbase\Mvc\Controller;
17 
18 use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
19 use ‪TYPO3\CMS\Core\SingletonInterface;
20 use ‪TYPO3\CMS\Extbase\Mvc\Request;
21 use ‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration;
22 use ‪TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter;
23 use ‪TYPO3\CMS\Extbase\Security\Cryptography\HashService;
24 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException;
25 use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
26 
45 class ‪MvcPropertyMappingConfigurationService implements ‪SingletonInterface
46 {
52  protected ‪$hashService;
53 
57  public function ‪injectHashService(‪HashService ‪$hashService)
58  {
59  $this->hashService = ‪$hashService;
60  }
61 
71  public function ‪generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix = '')
72  {
73  $formFieldArray = [];
74  foreach ($formFieldNames as $formField) {
75  $formFieldParts = explode('[', $formField);
76  $currentPosition = &$formFieldArray;
77  $formFieldPartsCount = count($formFieldParts);
78  for ($i = 0; $i < $formFieldPartsCount; $i++) {
79  $formFieldPart = $formFieldParts[$i];
80  $formFieldPart = rtrim($formFieldPart, ']');
81  if (!is_array($currentPosition)) {
82  throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as array, but it collides with a previous form field of the same name which declared the field as string. This is an inconsistency you need to fix inside your Fluid form. (String overridden by Array)', 1255072196);
83  }
84  if ($i === $formFieldPartsCount - 1) {
85  if (isset($currentPosition[$formFieldPart]) && is_array($currentPosition[$formFieldPart])) {
86  throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as string, but it collides with a previous form field of the same name which declared the field as array. This is an inconsistency you need to fix inside your Fluid form. (Array overridden by String)', 1255072587);
87  }
88  // Last iteration - add a string
89  if ($formFieldPart === '') {
90  $currentPosition[] = 1;
91  } else {
92  $currentPosition[$formFieldPart] = 1;
93  }
94  } else {
95  if ($formFieldPart === '') {
96  throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is invalid. Reason: "[]" used not as last argument, but somewhere in the middle (like foo[][bar]).', 1255072832);
97  }
98  if (!isset($currentPosition[$formFieldPart])) {
99  $currentPosition[$formFieldPart] = [];
100  }
101  $currentPosition = &$currentPosition[$formFieldPart];
102  }
103  }
104  }
105  if ($fieldNamePrefix !== '') {
106  $formFieldArray = ($formFieldArray[$fieldNamePrefix] ?? []);
107  }
108  return $this->‪serializeAndHashFormFieldArray($formFieldArray);
109  }
110 
118  protected function ‪serializeAndHashFormFieldArray(array $formFieldArray)
119  {
120  $serializedFormFieldArray = json_encode($formFieldArray);
121  return $this->hashService->appendHmac($serializedFormFieldArray);
122  }
123 
132  public function ‪initializePropertyMappingConfigurationFromRequest(‪Request $request, ‪Arguments $controllerArguments)
133  {
134  $trustedPropertiesToken = $request->‪getInternalArgument('__trustedProperties');
135  if (!is_string($trustedPropertiesToken)) {
136  return;
137  }
138 
139  try {
140  $encodedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
141  } catch (‪InvalidHashException | ‪InvalidArgumentForHashGenerationException $e) {
142  throw new ‪BadRequestException('The HMAC of the form could not be validated.', 1581862822);
143  }
144  $trustedProperties = json_decode($encodedTrustedProperties, true);
145  if (!is_array($trustedProperties)) {
146  if (str_starts_with($encodedTrustedProperties, 'a:')) {
147  throw new ‪BadRequestException('Trusted properties used outdated serialization format instead of json.', 1699604555);
148  }
149  throw new ‪BadRequestException('The HMAC of the form could not be utilized.', 1691267306);
150  }
151 
152  foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
153  if (!$controllerArguments->‪hasArgument($propertyName)) {
154  continue;
155  }
156  $propertyMappingConfiguration = $controllerArguments->‪getArgument($propertyName)->‪getPropertyMappingConfiguration();
157  $this->‪modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
158  }
159  }
160 
171  protected function ‪modifyPropertyMappingConfiguration($propertyConfiguration, ‪PropertyMappingConfiguration $propertyMappingConfiguration)
172  {
173  if (!is_array($propertyConfiguration)) {
174  return;
175  }
176 
177  if (isset($propertyConfiguration['__identity'])) {
178  $propertyMappingConfiguration->‪setTypeConverterOption(PersistentObjectConverter::class, ‪PersistentObjectConverter::CONFIGURATION_MODIFICATION_ALLOWED, true);
179  unset($propertyConfiguration['__identity']);
180  } else {
181  $propertyMappingConfiguration->‪setTypeConverterOption(PersistentObjectConverter::class, ‪PersistentObjectConverter::CONFIGURATION_CREATION_ALLOWED, true);
182  }
183 
184  foreach ($propertyConfiguration as $innerKey => $innerValue) {
185  if (is_array($innerValue)) {
186  $this->‪modifyPropertyMappingConfiguration($innerValue, $propertyMappingConfiguration->‪forProperty($innerKey));
187  }
188  $propertyMappingConfiguration->‪allowProperties($innerKey);
189  }
190  }
191 }
‪TYPO3\CMS\Extbase\Mvc\Controller\Arguments\hasArgument
‪bool hasArgument($argumentName)
Definition: Arguments.php:190
‪TYPO3\CMS\Extbase\Mvc\Controller\Arguments\getArgument
‪Argument getArgument($argumentName)
Definition: Arguments.php:175
‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\setTypeConverterOption
‪TYPO3 CMS Extbase Property PropertyMappingConfiguration setTypeConverterOption($typeConverter, $optionKey, $optionValue)
Definition: PropertyMappingConfiguration.php:288
‪TYPO3\CMS\Extbase\Mvc\Controller\Arguments
Definition: Arguments.php:27
‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException
Definition: InvalidArgumentForHashGenerationException.php:25
‪TYPO3\CMS\Core\Error\Http\BadRequestException
Definition: BadRequestException.php:24
‪TYPO3\CMS\Extbase\Mvc\Controller
Definition: ActionController.php:16
‪TYPO3\CMS\Extbase\Security\Cryptography\HashService
Definition: HashService.php:31
‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\forProperty
‪TYPO3 CMS Extbase Property PropertyMappingConfiguration forProperty($propertyPath)
Definition: PropertyMappingConfiguration.php:321
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\initializePropertyMappingConfigurationFromRequest
‪initializePropertyMappingConfigurationFromRequest(Request $request, Arguments $controllerArguments)
Definition: MvcPropertyMappingConfigurationService.php:131
‪TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter\CONFIGURATION_CREATION_ALLOWED
‪const CONFIGURATION_CREATION_ALLOWED
Definition: PersistentObjectConverter.php:52
‪TYPO3\CMS\Extbase\Mvc\Controller\Argument\getPropertyMappingConfiguration
‪TYPO3 CMS Extbase Mvc Controller MvcPropertyMappingConfiguration getPropertyMappingConfiguration()
Definition: Argument.php:249
‪TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter
Definition: PersistentObjectConverter.php:43
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\injectHashService
‪injectHashService(HashService $hashService)
Definition: MvcPropertyMappingConfigurationService.php:56
‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration
Definition: PropertyMappingConfiguration.php:22
‪TYPO3\CMS\Extbase\Mvc\Request\getInternalArgument
‪getInternalArgument($argumentName)
Definition: Request.php:417
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\$hashService
‪TYPO3 CMS Extbase Security Cryptography HashService $hashService
Definition: MvcPropertyMappingConfigurationService.php:51
‪TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter\CONFIGURATION_MODIFICATION_ALLOWED
‪const CONFIGURATION_MODIFICATION_ALLOWED
Definition: PersistentObjectConverter.php:47
‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException
Definition: InvalidHashException.php:25
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\generateTrustedPropertiesToken
‪string generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix='')
Definition: MvcPropertyMappingConfigurationService.php:70
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\modifyPropertyMappingConfiguration
‪modifyPropertyMappingConfiguration($propertyConfiguration, PropertyMappingConfiguration $propertyMappingConfiguration)
Definition: MvcPropertyMappingConfigurationService.php:170
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService
Definition: MvcPropertyMappingConfigurationService.php:46
‪TYPO3\CMS\Extbase\Mvc\Request
Definition: Request.php:39
‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\allowProperties
‪TYPO3 CMS Extbase Property PropertyMappingConfiguration allowProperties()
Definition: PropertyMappingConfiguration.php:141
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\serializeAndHashFormFieldArray
‪string serializeAndHashFormFieldArray(array $formFieldArray)
Definition: MvcPropertyMappingConfigurationService.php:117