‪TYPO3CMS  9.5
All Classes Namespaces Files Functions Variables Pages
SplitStorage.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Rsaauth\Storage;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use Symfony\Component\HttpFoundation\Cookie;
18 use ‪TYPO3\CMS\Core\Database\ConnectionPool;
19 use ‪TYPO3\CMS\Core\Http\CookieHeaderTrait;
20 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
21 use ‪TYPO3\CMS\Core\Utility\MathUtility;
22 
27 class ‪SplitStorage extends ‪AbstractStorage
28 {
29  use ‪CookieHeaderTrait;
30 
35  public function ‪__construct()
36  {
37  if (session_id() === '') {
38  $options = [
39  'cookie_httponly' => true,
40  'cookie_secure' => GeneralUtility::getIndpEnv('TYPO3_SSL'),
41  ];
42  if ($this->‪hasSameSiteCookieSupport()) {
43  $options['cookie_samesite'] = Cookie::SAMESITE_STRICT;
44  }
45  session_start($options);
46  if (!$this->‪hasSameSiteCookieSupport()) {
47  $this->‪resendCookieHeader([session_name()]);
48  }
49  }
50  }
51 
58  public function get()
59  {
60  $result = null;
61  list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
62  if (‪MathUtility::canBeInterpretedAsInteger($keyId)) {
63  $this->‪removeExpiredKeys();
64 
65  // Get our value
66  $keyValue = GeneralUtility::makeInstance(ConnectionPool::class)
67  ->getConnectionForTable('tx_rsaauth_keys')
68  ->select(['key_value'], 'tx_rsaauth_keys', ['uid' => $keyId])
69  ->fetchColumn();
70 
71  if ($keyValue !== false) {
72  $result = $keyPart1 . $keyValue;
73  }
74  }
75 
76  return $result;
77  }
78 
85  public function ‪put($key)
86  {
87  $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable('tx_rsaauth_keys');
88  if ($key == null) {
89  // Remove existing key
90  list($keyId) = $_SESSION['tx_rsaauth_key'];
91  if (‪MathUtility::canBeInterpretedAsInteger($keyId)) {
92  $connection->delete(
93  'tx_rsaauth_keys',
94  ['uid' => $keyId]
95  );
96  unset($_SESSION['tx_rsaauth_key']);
97  if (empty($_SESSION)) {
98  $sessionName = session_name();
99  $sessionCookie = session_get_cookie_params();
100  session_destroy();
101  // By using setcookie with the second parameter set to false we actually delete the cookie
102  setcookie(
103  $sessionName,
104  false,
105  -1,
106  $sessionCookie['path'],
107  $sessionCookie['domain'],
108  $sessionCookie['secure']
109  );
110  }
111  }
112  } else {
113  // Add key
114  // Get split point. First part is always smaller than the second
115  // because it goes to the file system
116  $keyLength = strlen($key);
117  $splitPoint = rand((int)($keyLength / 10), (int)($keyLength / 2));
118  // Get key parts
119  $keyPart1 = substr($key, 0, $splitPoint);
120  $keyPart2 = substr($key, $splitPoint);
121  // Store part of the key in the database
122  //
123  // Notice: we may not use DataHandler below to insert key part into the
124  // table because DataHandler requires a valid BE user!
125  $time = ‪$GLOBALS['EXEC_TIME'];
126  $connection->insert(
127  'tx_rsaauth_keys',
128  [
129  'pid' => 0,
130  'crdate' => $time,
131  'key_value' => $keyPart2
132  ]
133  );
134  $keyId = $connection->lastInsertId('tx_rsaauth_keys');
135  // Store another part in session
136  $_SESSION['tx_rsaauth_key'] = [$keyId, $keyPart1];
137  }
138 
139  $this->‪removeExpiredKeys();
140  }
141 
147  protected function ‪removeExpiredKeys(): int
148  {
149  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_rsaauth_keys');
150  $count = $queryBuilder->delete('tx_rsaauth_keys')
151  ->where(
152  $queryBuilder->expr()->lt(
153  'crdate',
154  $queryBuilder->createNamedParameter(‪$GLOBALS['EXEC_TIME'] - 30 * 60, \PDO::PARAM_INT)
155  )
156  )
157  ->execute();
158 
159  return (int)$count;
160  }
161 }
‪TYPO3\CMS\Rsaauth\Storage\SplitStorage
Definition: SplitStorage.php:28
‪TYPO3\CMS\Rsaauth\Storage\SplitStorage\put
‪put($key)
Definition: SplitStorage.php:84
‪TYPO3\CMS\Core\Utility\MathUtility\canBeInterpretedAsInteger
‪static bool canBeInterpretedAsInteger($var)
Definition: MathUtility.php:73
‪TYPO3\CMS\Rsaauth\Storage
Definition: AbstractStorage.php:2
‪TYPO3\CMS\Rsaauth\Storage\SplitStorage\__construct
‪__construct()
Definition: SplitStorage.php:34
‪TYPO3\CMS\Rsaauth\Storage\AbstractStorage
Definition: AbstractStorage.php:21
‪TYPO3\CMS\Rsaauth\Storage\SplitStorage\removeExpiredKeys
‪int removeExpiredKeys()
Definition: SplitStorage.php:146
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Utility\MathUtility
Definition: MathUtility.php:21
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:44
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45