LoginController.php

Go to the documentation of this file.

<?php
declare(strict_types = 1);
namespace ‪TYPO3\CMS\Backend\Controller;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
use Symfony\Component\HttpFoundation\Cookie;
use ‪TYPO3\CMS\Backend\Exception;
use ‪TYPO3\CMS\Backend\LoginProvider\LoginProviderInterface;
use ‪TYPO3\CMS\Backend\Routing\UriBuilder;
use ‪TYPO3\CMS\Backend\Template\DocumentTemplate;
use ‪TYPO3\CMS\Backend\Utility\BackendUtility;
use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use ‪TYPO3\CMS\Core\Configuration\ExtensionConfiguration;
use ‪TYPO3\CMS\Core\Configuration\Features;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\FormProtection\BackendFormProtection;
use ‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
use ‪TYPO3\CMS\Core\Http\HtmlResponse;
use ‪TYPO3\CMS\Core\Http\NormalizedParams;
use ‪TYPO3\CMS\Core\Localization\LanguageService;
use ‪TYPO3\CMS\Core\Localization\Locales;
use ‪TYPO3\CMS\Core\Page\PageRenderer;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
use ‪TYPO3\CMS\Core\Utility\HttpUtility;
use ‪TYPO3\CMS\Core\Utility\PathUtility;
use ‪TYPO3\CMS\Fluid\View\StandaloneView;
 
class ‪LoginController implements LoggerAwareInterface
{
    use LoggerAwareTrait;
 
    protected ‪$redirectUrl;
 
    protected ‪$redirectToURL;
 
    protected ‪$loginProviderIdentifier;
 
    protected ‪$loginProviders = [];
 
    protected ‪$loginRefresh;
 
    protected ‪$submitValue;
 
    protected ‪$view;
 
    public function ‪__construct()
    {
        // @deprecated since TYPO3 v9, will be obsolete in TYPO3 v10.0
        $request = ‪$GLOBALS['TYPO3_REQUEST'];
        $parsedBody = $request->getParsedBody();
        $queryParams = $request->getQueryParams();
        $this->‪validateAndSortLoginProviders();
 
        $this->redirectUrl = GeneralUtility::sanitizeLocalUrl($parsedBody['redirect_url'] ?? $queryParams['redirect_url'] ?? null);
        $this->loginProviderIdentifier = $this->‪detectLoginProvider($request);
 
        $this->loginRefresh = (bool)($parsedBody['loginRefresh'] ?? $queryParams['loginRefresh'] ?? false);
        // Value of "Login" button. If set, the login button was pressed.
        $this->submitValue = $parsedBody['commandLI'] ?? $queryParams['commandLI'] ?? null;
        // Try to get the preferred browser language
        ‪$locales = GeneralUtility::makeInstance(Locales::class);
        $httpAcceptLanguage = $request->getServerParams()['HTTP_ACCEPT_LANGUAGE'];
        $preferredBrowserLanguage = ‪$locales
            ->getPreferredClientLanguage($httpAcceptLanguage);
 
        // If we found a $preferredBrowserLanguage and it is not the default language and no be_user is logged in
        // initialize $this->getLanguageService() again with $preferredBrowserLanguage
        if ($preferredBrowserLanguage !== 'default' && empty($this->‪getBackendUserAuthentication()->user['uid'])) {
            $this->‪getLanguageService()->‪init($preferredBrowserLanguage);
            GeneralUtility::makeInstance(PageRenderer::class)->setLanguage($preferredBrowserLanguage);
        }
 
        $this->‪getLanguageService()->‪includeLLFile('EXT:backend/Resources/Private/Language/locallang_login.xlf');
 
        // Setting the redirect URL to "index.php?M=main" if no alternative input is given
        if ($this->redirectUrl) {
            $this->redirectToURL = ‪$this->redirectUrl;
        } else {
            // (consolidate RouteDispatcher::evaluateReferrer() when changing 'main' to something different)
            $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
            $this->redirectToURL = (string)$uriBuilder->buildUriFromRoute('main');
        }
 
        // If "L" is "OUT", then any logged in is logged out. If redirect_url is given, we redirect to it
        if (($parsedBody['L'] ?? $queryParams['L'] ?? null) === 'OUT' && is_object($this->‪getBackendUserAuthentication())) {
            $this->‪getBackendUserAuthentication()->‪logoff();
            $this->‪redirectToUrl();
        }
 
        $this->view = $this->‪getFluidTemplateObject();
    }
 
    public function ‪formAction(ServerRequestInterface $request): ResponseInterface
    {
        return new ‪HtmlResponse($this->‪createLoginLogoutForm($request));
    }
 
    public function ‪refreshAction(ServerRequestInterface $request): ResponseInterface
    {
        $this->loginRefresh = true;
        return new ‪HtmlResponse($this->‪createLoginLogoutForm($request));
    }
 
    public function ‪main(): string
    {
        trigger_error('LoginController->main() will be replaced by protected method createLoginLogoutForm() in TYPO3 v10.0. Do not call from other extension.', E_USER_DEPRECATED);
        return $this->‪createLoginLogoutForm(‪$GLOBALS['TYPO3_REQUEST']);
    }
 
    protected function ‪createLoginLogoutForm(ServerRequestInterface $request): string
    {
        $pageRenderer = GeneralUtility::makeInstance(PageRenderer::class);
        $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Login');
 
        // Checking, if we should make a redirect.
        // Might set JavaScript in the header to close window.
        $this->‪checkRedirect($request);
 
        // Extension Configuration
        ‪$extConf = GeneralUtility::makeInstance(ExtensionConfiguration::class)->get('backend');
 
        // Background Image
        if (!empty(‪$extConf['loginBackgroundImage'])) {
            $backgroundImage = $this->‪getUriForFileName(‪$extConf['loginBackgroundImage']);
            if ($backgroundImage === '') {
                $this->logger->warning(
                    'The configured TYPO3 backend login background image "' . htmlspecialchars(‪$extConf['loginBackgroundImage']) .
                    '" can\'t be resolved. Please check if the file exists and the extension is activated.'
                );
            }
            $this->‪getDocumentTemplate()->inDocStylesArray[] = '
                .typo3-login-carousel-control.right,
                .typo3-login-carousel-control.left,
                .panel-login { border: 0; }
                .typo3-login { background-image: url("' . $backgroundImage . '"); }
                .typo3-login-footnote { background-color: #000000; color: #ffffff; opacity: 0.5; }
            ';
        }
 
        // Login Footnote
        if (!empty(‪$extConf['loginFootnote'])) {
            $this->view->assign('loginFootnote', strip_tags(trim(‪$extConf['loginFootnote'])));
        }
 
        // Add additional css to use the highlight color in the login screen
        if (!empty(‪$extConf['loginHighlightColor'])) {
            $this->‪getDocumentTemplate()->inDocStylesArray[] = '
                .btn-login.disabled, .btn-login[disabled], fieldset[disabled] .btn-login,
                .btn-login.disabled:hover, .btn-login[disabled]:hover, fieldset[disabled] .btn-login:hover,
                .btn-login.disabled:focus, .btn-login[disabled]:focus, fieldset[disabled] .btn-login:focus,
                .btn-login.disabled.focus, .btn-login[disabled].focus, fieldset[disabled] .btn-login.focus,
                .btn-login.disabled:active, .btn-login[disabled]:active, fieldset[disabled] .btn-login:active,
                .btn-login.disabled.active, .btn-login[disabled].active, fieldset[disabled] .btn-login.active,
                .btn-login:hover, .btn-login:focus, .btn-login:active,
                .btn-login:active:hover, .btn-login:active:focus,
                .btn-login { background-color: ' . ‪$extConf['loginHighlightColor'] . '; }
                .panel-login .panel-body { border-color: ' . ‪$extConf['loginHighlightColor'] . '; }
            ';
        }
 
        // Logo
        if (!empty(‪$extConf['loginLogo'])) {
            if ($this->‪getUriForFileName(‪$extConf['loginLogo']) === '') {
                $this->logger->warning(
                    'The configured TYPO3 backend login logo "' . htmlspecialchars(‪$extConf['loginLogo']) .
                    '" can\'t be resolved. Please check if the file exists and the extension is activated.'
                );
            }
            $logo = ‪$extConf['loginLogo'];
        } else {
            // Use TYPO3 logo depending on highlight color
            if (!empty(‪$extConf['loginHighlightColor'])) {
                $logo = 'EXT:backend/Resources/Public/Images/typo3_black.svg';
            } else {
                $logo = 'EXT:backend/Resources/Public/Images/typo3_orange.svg';
            }
            $this->‪getDocumentTemplate()->inDocStylesArray[] = '
                .typo3-login-logo .typo3-login-image { max-width: 150px; height:100%;}
            ';
        }
        $logo = $this->‪getUriForFileName($logo);
 
        // Start form
        $formType = empty($this->‪getBackendUserAuthentication()->user['uid']) ? 'LoginForm' : 'LogoutForm';
        $this->view->assignMultiple([
            'backendUser' => $this->‪getBackendUserAuthentication()->user,
            'hasLoginError' => $this->‪isLoginInProgress($request),
            'formType' => $formType,
            'logo' => $logo,
            'images' => [
                'capslock' => $this->‪getUriForFileName('EXT:backend/Resources/Public/Images/icon_capslock.svg'),
                'typo3' => $this->‪getUriForFileName('EXT:backend/Resources/Public/Images/typo3_orange.svg'),
            ],
            'copyright' => ‪BackendUtility::TYPO3_copyRightNotice(),
            'redirectUrl' => $this->redirectUrl,
            'loginRefresh' => $this->loginRefresh,
            'loginNewsItems' => $this->‪getSystemNews(),
            'referrerCheckEnabled' => GeneralUtility::makeInstance(Features::class)->isFeatureEnabled('security.backend.enforceReferrer'),
            'loginUrl' => (string)$request->getUri(),
            'loginProviderIdentifier' => $this->loginProviderIdentifier,
            'loginProviders' => $this->loginProviders
        ]);
 
        // Initialize interface selectors:
        $this->‪makeInterfaceSelector($request);
 
        $loginProvider = GeneralUtility::makeInstance($this->loginProviders[$this->loginProviderIdentifier]['provider']);
        $loginProvider->render($this->view, $pageRenderer, $this);
 
        $content = $this->‪getDocumentTemplate()->‪startPage('TYPO3 CMS Login: ' . ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']);
        $content .= $this->view->render();
        $content .= $this->‪getDocumentTemplate()->‪endPage();
 
        return $content;
    }
 
    protected function ‪checkRedirect(ServerRequestInterface $request): void
    {
        $backendUser = $this->‪getBackendUserAuthentication();
        if (empty($backendUser->user['uid'])) {
            return;
        }
 
        /*
         * If no cookie has been set previously, we tell people that this is a problem.
         * This assumes that a cookie-setting script (like this one) has been hit at
         * least once prior to this instance.
         */
        if (!isset($_COOKIE[‪BackendUserAuthentication::getCookieName()])) {
            if ($this->submitValue === 'setCookie') {
                /*
                 * we tried it a second time but still no cookie
                 * 26/4 2005: This does not work anymore, because the saving of challenge values
                 * in $_SESSION means the system will act as if the password was wrong.
                 */
                throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3. ' .
                    'Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
            }
            // try it once again - that might be needed for auto login
            $this->redirectToURL = 'index.php?commandLI=setCookie';
        }
        $redirectToUrl = (string)($backendUser->getTSConfig()['auth.']['BE.']['redirectToURL'] ?? '');
        if (empty($redirectToUrl)) {
            // Based on the interface we set the redirect script
            $parsedBody = $request->getParsedBody();
            $queryParams = $request->getQueryParams();
            $interface = $parsedBody['interface'] ?? $queryParams['interface'] ?? '';
            switch ($interface) {
                case 'frontend':
                    $this->redirectToURL = '../';
                    break;
                case 'backend':
                    // (consolidate RouteDispatcher::evaluateReferrer() when changing 'main' to something different)
                    $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
                    $this->redirectToURL = (string)$uriBuilder->buildUriFromRoute('main');
                    break;
            }
        } else {
            $this->redirectToURL = $redirectToUrl;
            $interface = '';
        }
        // store interface
        $backendUser->uc['interfaceSetup'] = $interface;
        $backendUser->writeUC();
 
        $formProtection = ‪FormProtectionFactory::get();
        if (!$formProtection instanceof BackendFormProtection) {
            throw new \RuntimeException('The Form Protection retrieved does not match the expected one.', 1432080411);
        }
        if ($this->loginRefresh) {
            $formProtection->setSessionTokenFromRegistry();
            $formProtection->persistSessionToken();
            $this->‪getDocumentTemplate()->JScode .= GeneralUtility::wrapJS('
                if (window.opener && window.opener.TYPO3 && window.opener.TYPO3.LoginRefresh) {
                    window.opener.TYPO3.LoginRefresh.startTask();
                    window.close();
                }
            ');
        } else {
            $formProtection->storeSessionTokenInRegistry();
            $this->‪redirectToUrl();
        }
    }
 
    public function ‪makeInterfaceSelectorBox(): void
    {
        trigger_error('LoginController->makeInterfaceSelectorBox() will be replaced by protected method makeInterfaceSelector() in TYPO3 v10.0. Do not call from other extension.', E_USER_DEPRECATED);
        $this->‪makeInterfaceSelector(‪$GLOBALS['TYPO3_REQUEST']);
    }
 
    protected function ‪makeInterfaceSelector(ServerRequestInterface $request): void
    {
        // If interfaces are defined AND no input redirect URL in GET vars:
        if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] && ($this->‪isLoginInProgress($request) || !$this->redirectUrl)) {
            $parts = GeneralUtility::trimExplode(',', ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']);
            if (count($parts) > 1) {
                // Only if more than one interface is defined we will show the selector
                $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
                $interfaces = [
                    'backend' => [
                        'label' => $this->‪getLanguageService()->‪getLL('interface.backend'),
                        'jumpScript' => (string)$uriBuilder->buildUriFromRoute('main'),
                        'interface' => 'backend'
                    ],
                    'frontend' => [
                        'label' => $this->‪getLanguageService()->‪getLL('interface.frontend'),
                        'jumpScript' => '../',
                        'interface' => 'frontend'
                    ]
                ];
 
                $this->view->assign('showInterfaceSelector', true);
                $this->view->assign('interfaces', $interfaces);
            } elseif (!$this->redirectUrl) {
                // If there is only ONE interface value set and no redirect_url is present
                $this->view->assign('showInterfaceSelector', false);
                $this->view->assign('interface', $parts[0]);
            }
        }
    }
 
    protected function ‪getSystemNews(): array
    {
        $systemNewsTable = 'sys_news';
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
            ->getQueryBuilderForTable($systemNewsTable);
        $systemNews = [];
        $systemNewsRecords = $queryBuilder
            ->select('title', 'content', 'crdate')
            ->from($systemNewsTable)
            ->orderBy('crdate', 'DESC')
            ->execute()
            ->fetchAll();
        foreach ($systemNewsRecords as $systemNewsRecord) {
            $systemNews[] = [
                'date' => date(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'], (int)$systemNewsRecord['crdate']),
                'header' => $systemNewsRecord['title'],
                'content' => $systemNewsRecord['content']
            ];
        }
        return $systemNews;
    }
 
    private function ‪getUriForFileName($filename): string
    {
        // Check if it's already a URL
        if (preg_match('/^(https?:)?\/\//', $filename)) {
            return $filename;
        }
        $absoluteFilename = GeneralUtility::getFileAbsFileName(ltrim($filename, '/'));
        $filename = '';
        if ($absoluteFilename !== '' && @is_file($absoluteFilename)) {
            $filename = ‪PathUtility::getAbsoluteWebPath($absoluteFilename);
        }
        return $filename;
    }
 
    protected function ‪isLoginInProgress(ServerRequestInterface $request): bool
    {
        $parsedBody = $request->getParsedBody();
        $queryParams = $request->getQueryParams();
        $username = $parsedBody['username'] ?? $queryParams['username'] ?? null;
        return !empty($username) || !empty($this->submitValue);
    }
 
    protected function ‪getFluidTemplateObject()
    {
        ‪$view = GeneralUtility::makeInstance(StandaloneView::class);
        ‪$view->‪setLayoutRootPaths([GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Layouts')]);
        ‪$view->‪setPartialRootPaths([GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Partials')]);
        ‪$view->‪setTemplateRootPaths([GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates')]);
 
        ‪$view->‪getRequest()->setControllerExtensionName('Backend');
        return ‪$view;
    }
 
    protected function ‪redirectToUrl(): void
    {
        ‪HttpUtility::redirect($this->redirectToURL);
    }
 
    protected function ‪validateAndSortLoginProviders()
    {
        $providers = ‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['backend']['loginProviders'] ?? [];
        if (empty($providers) || !is_array($providers)) {
            throw new \RuntimeException('No login providers are registered in $GLOBALS[\'TYPO3_CONF_VARS\'][\'EXTCONF\'][\'backend\'][\'loginProviders\'].', 1433417281);
        }
        foreach ($providers as $identifier => $configuration) {
            if (empty($configuration) || !is_array($configuration)) {
                throw new \RuntimeException('Missing configuration for login provider "' . $identifier . '".', 1433416043);
            }
            if (!is_string($configuration['provider']) || empty($configuration['provider']) || !class_exists($configuration['provider']) || !is_subclass_of($configuration['provider'], LoginProviderInterface::class)) {
                throw new \RuntimeException('The login provider "' . $identifier . '" defines an invalid provider. Ensure the class exists and implements the "' . LoginProviderInterface::class . '".', 1460977275);
            }
            if (empty($configuration['label'])) {
                throw new \RuntimeException('Missing label definition for login provider "' . $identifier . '".', 1433416044);
            }
            if (empty($configuration['icon-class'])) {
                throw new \RuntimeException('Missing icon definition for login provider "' . $identifier . '".', 1433416045);
            }
            if (!isset($configuration['sorting'])) {
                throw new \RuntimeException('Missing sorting definition for login provider "' . $identifier . '".', 1433416046);
            }
        }
        // sort providers
        uasort($providers, function ($a, $b) {
            return $b['sorting'] - $a['sorting'];
        });
        $this->loginProviders = $providers;
    }
 
    protected function ‪detectLoginProvider(ServerRequestInterface $request): string
    {
        $parsedBody = $request->getParsedBody();
        $queryParams = $request->getQueryParams();
        $loginProvider = $parsedBody['loginProvider'] ?? $queryParams['loginProvider'] ?? '';
        if ((empty($loginProvider) || !isset($this->loginProviders[$loginProvider])) && !empty($_COOKIE['be_lastLoginProvider'])) {
            $loginProvider = $_COOKIE['be_lastLoginProvider'];
        }
        if (empty($loginProvider) || !isset($this->loginProviders[$loginProvider])) {
            reset($this->loginProviders);
            $loginProvider = key($this->loginProviders);
        }
        // Use the secure option when the current request is served by a secure connection
        $normalizedParams = $request->getAttribute('normalizedParams');
        $isHttps = $normalizedParams->isHttps();
        $cookieSecure = (bool)‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieSecure'] && $isHttps;
        $cookie = new Cookie(
            'be_lastLoginProvider',
            (string)$loginProvider,
            ‪$GLOBALS['EXEC_TIME'] + 7776000, // 90 days
            $normalizedParams->getSitePath() . TYPO3_mainDir,
            '',
            $cookieSecure,
            true,
            false,
            Cookie::SAMESITE_STRICT
        );
        header('Set-Cookie: ' . $cookie->__toString(), false);
 
        return (string)$loginProvider;
    }
 
    public function ‪getLoginProviderIdentifier()
    {
        return ‪$this->loginProviderIdentifier;
    }
 
    protected function ‪getLanguageService(): ‪LanguageService
    {
        return ‪$GLOBALS['LANG'];
    }
 
    protected function ‪getBackendUserAuthentication(): ‪BackendUserAuthentication
    {
        return ‪$GLOBALS['BE_USER'];
    }
 
    protected function ‪getDocumentTemplate(): ‪DocumentTemplate
    {
        return ‪$GLOBALS['TBE_TEMPLATE'];
    }
}