FrontendUserAuthentication.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Frontend\Authentication;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
use ‪TYPO3\CMS\Core\Configuration\Features;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException;
use ‪TYPO3\CMS\Core\TypoScript\Parser\TypoScriptParser;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪FrontendUserAuthentication extends ‪AbstractUserAuthentication
{
    public ‪$formfield_permanent = 'permalogin';
 
    protected ‪$sessionDataLifetime = 86400;
 
    public ‪$sessionTimeout = 6000;
 
    public ‪$usergroup_column = 'usergroup';
 
    public ‪$usergroup_table = 'fe_groups';
 
    public ‪$groupData = [
        'title' => [],
        'uid' => [],
        'pid' => []
    ];
 
    public ‪$TSdataArray = [];
 
    public ‪$userTS = [];
 
    public ‪$userTSUpdated = false;
 
    public ‪$sesData_change = false;
 
    public ‪$userData_change = false;
 
    public ‪$is_permanent = false;
 
    protected ‪$loginHidden = false;
 
    public function ‪__construct()
    {
        parent::__construct();
 
        // Disable cookie by default, will be activated if saveSessionData() is called,
        // a user is logging-in or an existing session is found
        $this->dontSetCookie = true;
 
        $this->name = ‪self::getCookieName();
        $this->get_name = 'ftu';
        $this->loginType = 'FE';
        $this->user_table = 'fe_users';
        $this->username_column = 'username';
        $this->userident_column = 'password';
        $this->userid_column = 'uid';
        $this->lastLogin_column = 'lastlogin';
        $this->enablecolumns = [
            'deleted' => 'deleted',
            'disabled' => 'disable',
            'starttime' => 'starttime',
            'endtime' => 'endtime'
        ];
        $this->formfield_uname = 'user';
        $this->formfield_uident = 'pass';
        $this->formfield_status = 'logintype';
        $this->sendNoCacheHeaders = false;
        $this->getFallBack = true;
        $this->getMethodEnabled = true;
        $this->lockIP = ‪$GLOBALS['TYPO3_CONF_VARS']['FE']['lockIP'];
        $this->checkPid = ‪$GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'];
        $this->lifetime = (int)‪$GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'];
        $this->sessionTimeout = (int)‪$GLOBALS['TYPO3_CONF_VARS']['FE']['sessionTimeout'];
    }
 
    public static function ‪getCookieName()
    {
        $configuredCookieName = trim(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['cookieName']);
        if (empty($configuredCookieName)) {
            $configuredCookieName = 'fe_typo_user';
        }
        return $configuredCookieName;
    }
 
    public function ‪start()
    {
        if ($this->sessionTimeout > 0 && $this->sessionTimeout < $this->lifetime) {
            // If server session timeout is non-zero but less than client session timeout: Copy this value instead.
            $this->sessionTimeout = ‪$this->lifetime;
        }
        $this->sessionDataLifetime = (int)‪$GLOBALS['TYPO3_CONF_VARS']['FE']['sessionDataLifetime'];
        if ($this->sessionDataLifetime <= 0) {
            $this->sessionDataLifetime = 86400;
        }
        parent::start();
    }
 
    public function ‪getNewSessionRecord($tempuser)
    {
        $insertFields = parent::getNewSessionRecord($tempuser);
        $insertFields['ses_permanent'] = $this->is_permanent ? 1 : 0;
        return $insertFields;
    }
 
    public function ‪isSetSessionCookie()
    {
        return ($this->newSessionID || $this->forceSetCookie)
            && ((int)$this->lifetime === 0 || !isset($this->user['ses_permanent']) || !$this->user['ses_permanent']);
    }
 
    public function ‪isRefreshTimeBasedCookie()
    {
        return $this->lifetime > 0 && isset($this->user['ses_permanent']) && $this->user['ses_permanent'];
    }
 
    public function ‪getLoginFormData()
    {
        $loginData = parent::getLoginFormData();
        if (‪$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 0 || ‪$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
            if ($this->getMethodEnabled) {
                $isPermanent = GeneralUtility::_GP($this->formfield_permanent);
            } else {
                $isPermanent = GeneralUtility::_POST($this->formfield_permanent);
            }
            if (strlen($isPermanent) != 1) {
                $isPermanent = ‪$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
            } elseif (!$isPermanent) {
                // To make sure the user gets a session cookie and doesn't keep a possibly existing time based cookie,
                // we need to force setting the session cookie here
                $this->forceSetCookie = true;
            }
            $isPermanent = (bool)$isPermanent;
        } elseif (‪$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 2) {
            $isPermanent = true;
        } else {
            $isPermanent = false;
        }
        $loginData['permanent'] = $isPermanent;
        $this->is_permanent = $isPermanent;
        return $loginData;
    }
 
    public function ‪createUserSession($tempuser)
    {
        // At this point we do not know if we need to set a session or a permanent cookie
        // So we force the cookie to be set after authentication took place, which will
        // then call setSessionCookie(), which will set a cookie with correct settings.
        $this->dontSetCookie = false;
        return parent::createUserSession($tempuser);
    }
 
    public function ‪fetchGroupData()
    {
        $this->TSdataArray = [];
        $this->userTS = [];
        $this->userTSUpdated = false;
        $this->groupData = [
            'title' => [],
            'uid' => [],
            'pid' => []
        ];
        // Setting default configuration:
        $this->TSdataArray[] = ‪$GLOBALS['TYPO3_CONF_VARS']['FE']['defaultUserTSconfig'];
        // Get the info data for auth services
        $authInfo = $this->‪getAuthInfoArray();
        if (is_array($this->user)) {
            $this->logger->debug('Get usergroups for user', [
                $this->userid_column => $this->user[$this->userid_column],
                $this->username_column => $this->user[$this->username_column]
            ]);
        } else {
            $this->logger->debug('Get usergroups for "anonymous" user');
        }
        $groupDataArr = [];
        // Use 'auth' service to find the groups for the user
        $serviceChain = '';
        $subType = 'getGroups' . ‪$this->loginType;
        while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
            $serviceChain .= ',' . $serviceObj->getServiceKey();
            $serviceObj->initAuth($subType, [], $authInfo, $this);
            ‪$groupData = $serviceObj->getGroups($this->user, $groupDataArr);
            if (is_array(‪$groupData) && !empty(‪$groupData)) {
                // Keys in $groupData should be unique ids of the groups (like "uid") so this function will override groups.
                $groupDataArr = ‪$groupData + $groupDataArr;
            }
            unset($serviceObj);
        }
        if ($serviceChain) {
            $this->logger->debug($subType . ' auth services called: ' . $serviceChain);
        }
        if (empty($groupDataArr)) {
            $this->logger->debug('No usergroups found by services');
        }
        if (!empty($groupDataArr)) {
            $this->logger->debug(count($groupDataArr) . ' usergroup records found by services');
        }
        // Use 'auth' service to check the usergroups if they are really valid
        foreach ($groupDataArr as ‪$groupData) {
            // By default a group is valid
            $validGroup = true;
            $serviceChain = '';
            $subType = 'authGroups' . ‪$this->loginType;
            while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
                $serviceChain .= ',' . $serviceObj->getServiceKey();
                $serviceObj->initAuth($subType, [], $authInfo, $this);
                if (!$serviceObj->authGroup($this->user, ‪$groupData)) {
                    $validGroup = false;
                    $this->logger->debug($subType . ' auth service did not auth group', [
                        'uid ' => ‪$groupData['uid'],
                        'title' => ‪$groupData['title']
                    ]);
                    break;
                }
                unset($serviceObj);
            }
            unset($serviceObj);
            if ($validGroup && (string)‪$groupData['uid'] !== '') {
                $this->groupData['title'][‪$groupData['uid']] = ‪$groupData['title'];
                $this->groupData['uid'][‪$groupData['uid']] = ‪$groupData['uid'];
                $this->groupData['pid'][‪$groupData['uid']] = ‪$groupData['pid'];
                $this->groupData['TSconfig'][‪$groupData['uid']] = ‪$groupData['TSconfig'];
            }
        }
        if (!empty($this->groupData) && !empty($this->groupData['TSconfig'])) {
            // TSconfig: collect it in the order it was collected
            foreach ($this->groupData['TSconfig'] as $TSdata) {
                $this->TSdataArray[] = $TSdata;
            }
            $this->TSdataArray[] = $this->user['TSconfig'];
            // Sort information
            ksort($this->groupData['title']);
            ksort($this->groupData['uid']);
            ksort($this->groupData['pid']);
        }
        return !empty($this->groupData['uid']) ? count($this->groupData['uid']) : 0;
    }
 
    public function ‪getUserTSconf()
    {
        if (!$this->userTSUpdated) {
            // Parsing the user TS (or getting from cache)
            $this->TSdataArray = ‪TypoScriptParser::checkIncludeLines_array($this->TSdataArray);
            ‪$userTS = implode(LF . '[GLOBAL]' . LF, $this->TSdataArray);
            $parseObj = GeneralUtility::makeInstance(TypoScriptParser::class);
            $parseObj->parse(‪$userTS);
            $this->userTS = $parseObj->setup;
            $this->userTSUpdated = true;
        }
        return ‪$this->userTS;
    }
 
    /*****************************************
     *
     * Session data management functions
     *
     ****************************************/
    public function ‪storeSessionData()
    {
        // Saves UC and SesData if changed.
        if ($this->userData_change) {
            $this->‪writeUC();
        }
 
        if ($this->sesData_change && $this->id) {
            if (empty($this->sessionData)) {
                // Remove session-data
                $this->‪removeSessionData();
                // Remove cookie if not logged in as the session data is removed as well
                if (empty($this->user['uid']) && !$this->loginHidden && $this->‪isCookieSet()) {
                    $this->‪removeCookie($this->name);
                }
            } elseif (!$this->‪isExistingSessionRecord($this->id)) {
                $sessionRecord = $this->‪getNewSessionRecord([]);
                $sessionRecord['ses_anonymous'] = 1;
                $sessionRecord['ses_data'] = serialize($this->sessionData);
                $updatedSession = $this->‪getSessionBackend()->‪set($this->id, $sessionRecord);
                $this->user = array_merge($this->user ?? [], $updatedSession);
                // Now set the cookie (= fix the session)
                $this->‪setSessionCookie();
            } else {
                // Update session data
                $insertFields = [
                    'ses_data' => serialize($this->sessionData)
                ];
                $updatedSession = $this->‪getSessionBackend()->‪update($this->id, $insertFields);
                $this->user = array_merge($this->user ?? [], $updatedSession);
            }
        }
    }
 
    public function ‪removeSessionData()
    {
        if (!empty($this->sessionData)) {
            $this->sesData_change = true;
        }
        $this->sessionData = [];
 
        if ($this->‪isExistingSessionRecord($this->id)) {
            // Remove session record if $this->user is empty is if session is anonymous
            if ((empty($this->user) && !$this->loginHidden) || $this->user['ses_anonymous']) {
                $this->‪getSessionBackend()->‪remove($this->id);
            } else {
                $this->‪getSessionBackend()->‪update($this->id, [
                    'ses_data' => ''
                ]);
            }
        }
    }
 
    protected function ‪performLogoff()
    {
        ‪$sessionData = [];
        try {
            // Session might not be loaded at this point, so fetch it
            $oldSession = $this->‪getSessionBackend()->‪get($this->id);
            ‪$sessionData = unserialize($oldSession['ses_data']);
        } catch (SessionNotFoundException $e) {
            // Leave uncaught, will unset cookie later in this method
        }
 
        $keepSessionDataOnLogout = GeneralUtility::makeInstance(Features::class)
            ->isFeatureEnabled('security.frontend.keepSessionDataOnLogout');
 
        if ($keepSessionDataOnLogout && !empty(‪$sessionData)) {
            // Regenerate session as anonymous
            $this->‪regenerateSessionId($oldSession, true);
            $this->user = null;
        } else {
            parent::performLogoff();
            if ($this->‪isCookieSet()) {
                $this->‪removeCookie($this->name);
            }
        }
    }
 
    protected function ‪regenerateSessionId(array $existingSessionRecord = [], bool $anonymous = false)
    {
        if (empty($existingSessionRecord)) {
            $existingSessionRecord = $this->‪getSessionBackend()->‪get($this->id);
        }
        $existingSessionRecord['ses_anonymous'] = (int)$anonymous;
        if ($anonymous) {
            $existingSessionRecord['ses_userid'] = 0;
        }
        parent::regenerateSessionId($existingSessionRecord, $anonymous);
        // We force the cookie to be set later in the authentication process
        $this->dontSetCookie = false;
    }
 
    public function ‪getKey($type, $key)
    {
        if (!$key) {
            return null;
        }
        $value = null;
        switch ($type) {
            case 'user':
                $value = $this->uc[$key];
                break;
            case 'ses':
                $value = $this->‪getSessionData($key);
                break;
        }
        return $value;
    }
 
    public function ‪setKey($type, $key, $data)
    {
        if (!$key) {
            return;
        }
        switch ($type) {
            case 'user':
                if ($this->user['uid']) {
                    if ($data === null) {
                        unset($this->uc[$key]);
                    } else {
                        $this->uc[$key] = $data;
                    }
                    $this->userData_change = true;
                }
                break;
            case 'ses':
                $this->‪setSessionData($key, $data);
                break;
        }
    }
 
    public function ‪setSessionData($key, $data)
    {
        $this->sesData_change = true;
        if ($data === null) {
            unset($this->sessionData[$key]);
            return;
        }
        parent::setSessionData($key, $data);
    }
 
    public function ‪setAndSaveSessionData($key, $data)
    {
        $this->‪setSessionData($key, $data);
        $this->‪storeSessionData();
    }
 
    public function ‪gc()
    {
        $this->‪getSessionBackend()->‪collectGarbage($this->gc_time, $this->sessionDataLifetime);
    }
 
    public function ‪hideActiveLogin()
    {
        $this->user = null;
        $this->loginHidden = true;
    }
 
    public function ‪updateOnlineTimestamp()
    {
        if (!is_array($this->user) || !$this->user['uid']
            || $this->user['is_online'] >= ‪$GLOBALS['EXEC_TIME'] - 60) {
            return;
        }
        $dbConnection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable('fe_users');
        $dbConnection->update(
            'fe_users',
            ['is_online' => ‪$GLOBALS['EXEC_TIME']],
            ['uid' => (int)$this->user['uid']]
        );
        $this->user['is_online'] = ‪$GLOBALS['EXEC_TIME'];
    }
}