9.5/_ajax_login_controller_8php_source.html

<?php

namespace ‪TYPO3\CMS\Backend\Controller;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use Psr\Http\Message\ResponseInterface;

use Psr\Http\Message\ServerRequestInterface;

use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use ‪TYPO3\CMS\Core\Core\Environment;

use ‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory;

use ‪TYPO3\CMS\Core\Http\JsonResponse;


class ‪AjaxLoginController

{

    public function ‪loginAction(ServerRequestInterface $request): ResponseInterface

    {

        if ($this->‪isAuthorizedBackendSession()) {

            $result = ['success' => true];

            if ($this->‪hasLoginBeenProcessed()) {

                $formProtection = ‪FormProtectionFactory::get();

                $formProtection->setSessionTokenFromRegistry();

                $formProtection->persistSessionToken();

            }

        } else {

            $result = ['success' => false];

        }

        return new ‪JsonResponse(['login' => $result]);

    }


    public function ‪logoutAction(ServerRequestInterface $request): ResponseInterface

    {

        $backendUser = $this->‪getBackendUser();

        $backendUser->logoff();

        return new ‪JsonResponse([

            'logout' => [

                'success' => !isset($backendUser->user['uid'])

            ]

        ]);

    }


    public function ‪preflightAction(ServerRequestInterface $request): ResponseInterface

    {

        $headers = $request->getHeaders();

        return new ‪JsonResponse([

            'capabilities' => [

                'cookie' => !empty($request->getCookieParams()),

                // using legacy `Referer` (sic!) header name

                'referrer' => array_filter($headers['referer'] ?? []) !== [],

            ],

        ]);

    }


    public function ‪refreshAction(ServerRequestInterface $request): ResponseInterface

    {

        $this->‪getBackendUser()->‪checkAuthentication();

        return new ‪JsonResponse([

            'refresh' => [

                'success' => true

            ]

        ]);

    }


    public function ‪isTimedOutAction(ServerRequestInterface $request): ResponseInterface

    {

        $session = [

            'timed_out' => false,

            'will_time_out' => false,

            'locked' => false

        ];

        $backendUser = $this->‪getBackendUser();

        if (@is_file(‪Environment::getLegacyConfigPath() . '/LOCK_BACKEND')) {

            $session['locked'] = true;

        } elseif (!isset($backendUser->user['uid'])) {

            $session['timed_out'] = true;

        } else {

            $backendUser->fetchUserSession(true);

            $ses_tstamp = $backendUser->user['ses_tstamp'];

            $timeout = $backendUser->sessionTimeout;

            // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.

            // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.

            $session['will_time_out'] = ‪$GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120;

        }

        return new ‪JsonResponse(['login' => $session]);

    }


    protected function ‪isAuthorizedBackendSession()

    {

        $backendUser = $this->‪getBackendUser();

        return $backendUser !== null && $backendUser instanceof ‪BackendUserAuthentication && isset($backendUser->user['uid']);

    }


    protected function ‪hasLoginBeenProcessed()

    {

        $loginFormData = $this->‪getBackendUser()->‪getLoginFormData();

        return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);

    }


    protected function ‪getBackendUser()

    {

        return ‪$GLOBALS['BE_USER'] ?? null;

    }

}