‪TYPO3CMS  ‪main
AbstractMfaController.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
27 
34 {
36  protected array ‪$mfaTsConfig;
37  protected bool ‪$mfaRequired;
38  protected array ‪$allowedProviders;
39  protected array ‪$allowedActions = [];
40 
42  {
43  $this->mfaProviderRegistry = ‪$mfaProviderRegistry;
44  }
45 
49  abstract public function ‪handleRequest(ServerRequestInterface $request): ResponseInterface;
50 
51  protected function ‪isActionAllowed(string $action): bool
52  {
53  return in_array($action, $this->allowedActions, true);
54  }
55 
56  protected function ‪isProviderAllowed(string ‪$identifier): bool
57  {
58  return isset($this->allowedProviders[‪$identifier]);
59  }
60 
61  protected function ‪isValidIdentifier(string ‪$identifier): bool
62  {
63  return ‪$identifier !== ''
64  && $this->‪isProviderAllowed($identifier)
65  && $this->mfaProviderRegistry->hasProvider(‪$identifier);
66  }
67 
71  protected function ‪initializeMfaConfiguration(): void
72  {
73  $backendUser = $this->‪getBackendUser();
74  $this->mfaTsConfig = $backendUser->getTSConfig()['auth.']['mfa.'] ?? [];
75  $this->mfaRequired = $backendUser->isMfaSetupRequired();
76 
77  // Set up allowed providers based on user TSconfig and user groupData
78  $this->allowedProviders = array_filter($this->mfaProviderRegistry->getProviders(), ‪function (string ‪$identifier) use ($backendUser): bool {
79  return $backendUser->check('mfa_providers', ‪$identifier)
80  && !‪GeneralUtility::inList(($this->mfaTsConfig['disableProviders'] ?? ''), ‪$identifier);
81  }, ARRAY_FILTER_USE_KEY);
82  }
83 
88  {
89  $recommendedProviderIdentifier = (string)($this->mfaTsConfig['recommendedProvider'] ?? '');
90  // Check if valid and allowed to be default provider, which is obviously a prerequisite
91  if (!$this->‪isValidIdentifier($recommendedProviderIdentifier)
92  || !$this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier)->isDefaultProviderAllowed()
93  ) {
94  // If the provider, defined in user TSconfig is not valid or is not set, check the globally defined
95  $recommendedProviderIdentifier = (string)(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['recommendedMfaProvider'] ?? '');
96  if (!$this->‪isValidIdentifier($recommendedProviderIdentifier)
97  || !$this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier)->isDefaultProviderAllowed()
98  ) {
99  // If also not valid or not set, return
100  return null;
101  }
102  }
103  return $this->mfaProviderRegistry->getProvider($recommendedProviderIdentifier);
104  }
105 
107  {
108  return ‪$GLOBALS['BE_USER'];
109  }
110 
112  {
113  return ‪$GLOBALS['LANG'];
114  }
115 }
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isValidIdentifier
‪isValidIdentifier(string $identifier)
Definition: AbstractMfaController.php:61
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getBackendUser
‪getBackendUser()
Definition: AbstractMfaController.php:106
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getLanguageService
‪getLanguageService()
Definition: AbstractMfaController.php:111
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderManifestInterface
Definition: MfaProviderManifestInterface.php:26
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaTsConfig
‪array $mfaTsConfig
Definition: AbstractMfaController.php:36
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\injectMfaProviderRegistry
‪injectMfaProviderRegistry(MfaProviderRegistry $mfaProviderRegistry)
Definition: AbstractMfaController.php:41
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaProviderRegistry
‪MfaProviderRegistry $mfaProviderRegistry
Definition: AbstractMfaController.php:35
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$allowedActions
‪array $allowedActions
Definition: AbstractMfaController.php:39
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\handleRequest
‪handleRequest(ServerRequestInterface $request)
‪TYPO3\CMS\Backend\function
‪static return function(ContainerConfigurator $container, ContainerBuilder $containerBuilder)
Definition: Services.php:19
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$mfaRequired
‪bool $mfaRequired
Definition: AbstractMfaController.php:37
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\getRecommendedProvider
‪getRecommendedProvider()
Definition: AbstractMfaController.php:87
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\$allowedProviders
‪array $allowedProviders
Definition: AbstractMfaController.php:38
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isActionAllowed
‪isActionAllowed(string $action)
Definition: AbstractMfaController.php:51
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\initializeMfaConfiguration
‪initializeMfaConfiguration()
Definition: AbstractMfaController.php:71
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Utility\GeneralUtility\inList
‪static bool inList($list, $item)
Definition: GeneralUtility.php:422
‪TYPO3\CMS\Core\Localization\LanguageService
Definition: LanguageService.php:46
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Backend\Controller\AbstractMfaController\isProviderAllowed
‪isProviderAllowed(string $identifier)
Definition: AbstractMfaController.php:56
‪TYPO3\CMS\Backend\Controller
Definition: AboutController.php:18
‪TYPO3\CMS\Webhooks\Message\$identifier
‪identifier readonly string $identifier
Definition: FileAddedMessage.php:37
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderRegistry
Definition: MfaProviderRegistry.php:28
‪TYPO3\CMS\Backend\Controller\AbstractMfaController
Definition: AbstractMfaController.php:34