‪TYPO3CMS  ‪main
AbstractUserAuthentication.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
17 
18 use Psr\EventDispatcher\EventDispatcherInterface;
19 use Psr\Http\Message\ResponseInterface;
20 use Psr\Http\Message\ServerRequestInterface;
21 use Psr\Log\LoggerAwareInterface;
22 use Psr\Log\LoggerAwareTrait;
50 use ‪TYPO3\CMS\Core\SysLog\Action\Login as SystemLogLoginAction;
51 use ‪TYPO3\CMS\Core\SysLog\Error as SystemLogErrorClassification;
52 use ‪TYPO3\CMS\Core\SysLog\Type as SystemLogType;
55 
63 abstract class ‪AbstractUserAuthentication implements LoggerAwareInterface
64 {
65  use LoggerAwareTrait;
67 
72  public ‪$name = '';
73 
78  public ‪$user_table = '';
79 
84  public ‪$usergroup_table = '';
85 
90  public ‪$username_column = '';
91 
96  public ‪$userident_column = '';
97 
102  public ‪$userid_column = '';
103 
108  public ‪$usergroup_column = '';
109 
115  protected ‪$lastLogin_column = '';
116 
121  public ‪$enablecolumns = [
122  'rootLevel' => '',
123  // Boolean: If TRUE, 'AND pid=0' will be a part of the query...
124  'disabled' => '',
125  'starttime' => '',
126  'endtime' => '',
127  'deleted' => '',
128  ];
129 
135  protected ‪$formfield_uname = '';
136 
142  protected ‪$formfield_uident = '';
143 
149  protected ‪$formfield_status = '';
150 
155  public ‪$writeStdLog = false;
156 
161  public ‪$writeAttemptLog = false;
162 
167  public ‪$checkPid = true;
168 
173  public ‪$checkPid_value = 0;
174 
180  protected ‪$loginSessionStarted = false;
181 
186  public ‪$user;
187 
191  public array ‪$userGroups = [];
192 
198  protected ‪$dontSetCookie = false;
199 
204  public ‪$loginType = '';
205 
209  public array ‪$uc = [];
210 
211  protected ?‪UserSession ‪$userSession = null;
212 
214 
218  protected ‪SetCookieBehavior ‪$setCookie = SetCookieBehavior::None;
219 
225  public function ‪__construct()
226  {
227  // Backend or frontend login - used for auth services
228  if (empty($this->loginType)) {
229  throw new ‪Exception('No loginType defined, must be set explicitly by subclass', 1476045345);
230  }
231  }
232 
240  {
241  $this->userSessionManager = ‪$userSessionManager ?? ‪UserSessionManager::create($this->loginType);
242  $this->userSession = $this->userSessionManager->createAnonymousSession();
243  }
244 
254  public function ‪start(ServerRequestInterface $request)
255  {
256  $this->logger->debug('## Beginning of auth logging.');
257 
258  // Make certain that NO user is set initially
259  $this->user = null;
260 
261  if (!isset($this->userSessionManager)) {
263  }
264  $this->userSession = $this->userSessionManager->createFromRequestOrAnonymous($request, $this->name);
265 
266  // Load user session, check to see if anyone has submitted login-information and if so authenticate
267  // the user with the session. $this->user[uid] may be used to write log...
268  try {
269  $this->‪checkAuthentication($request);
270  } catch (MfaRequiredException $mfaRequiredException) {
271  // Ensure the cookie is still set to keep the user session available
272  if ($this->‪shallSetSessionCookie()) {
273  $this->‪setSessionCookie();
274  }
275  throw $mfaRequiredException;
276  }
277  if ($this->‪shallSetSessionCookie()) {
278  $this->‪setSessionCookie();
279  }
280  // Hook for alternative ways of filling the $this->user array (is used by the "timtaw" extension)
281  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'] ?? [] as $funcName) {
282  $_params = [
283  'pObj' => $this,
284  ];
285  GeneralUtility::callUserFunction($funcName, $_params, $this);
286  }
287  }
288 
295  public function ‪appendCookieToResponse(ResponseInterface $response, ?NormalizedParams $normalizedParams = null): ResponseInterface
296  {
297  if ($this->setCookie === SetCookieBehavior::None) {
298  return $response;
299  }
300  if ($normalizedParams === null) {
301  $normalizedParams = ‪NormalizedParams::createFromRequest(‪$GLOBALS['TYPO3_REQUEST']);
302  }
303  $setCookieService = ‪SetCookieService::create($this->name, $this->loginType);
304  if ($this->setCookie === SetCookieBehavior::Send) {
305  $cookieObject = $setCookieService->setSessionCookie($this->userSession, $normalizedParams);
306  if ($cookieObject) {
307  $response = $response->withAddedHeader('Set-Cookie', $cookieObject->__toString());
308  }
309  }
310  if ($this->setCookie === ‪SetCookieBehavior::Remove) {
311  $cookieObject = $setCookieService->removeCookie($normalizedParams);
312  $response = $response->withAddedHeader('Set-Cookie', $cookieObject->__toString());
313  }
314  return $response;
315  }
316 
322  protected function ‪setSessionCookie()
323  {
324  $this->setCookie = SetCookieBehavior::Send;
325  }
326 
331  protected function ‪shallSetSessionCookie(): bool
332  {
333  return !$this->dontSetCookie
334  || ‪SetCookieService::create($this->name, $this->loginType)->isRefreshTimeBasedCookie($this->userSession);
335  }
336 
343  protected function ‪isSetSessionCookie()
344  {
345  return ‪SetCookieService::create($this->name, $this->loginType)->isSetSessionCookie($this->userSession);
346  }
347 
354  protected function ‪isRefreshTimeBasedCookie()
355  {
356  return ‪SetCookieService::create($this->name, $this->loginType)->isRefreshTimeBasedCookie($this->userSession);
357  }
358 
362  protected function ‪getAuthServiceConfiguration(): array
363  {
364  if (is_array(‪$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']['setup'] ?? null)) {
365  return ‪$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']['setup'];
366  }
367  return [];
368  }
369 
376  public function ‪checkAuthentication(ServerRequestInterface $request)
377  {
378  $authConfiguration = $this->‪getAuthServiceConfiguration();
379  if (!empty($authConfiguration)) {
380  $this->logger->debug('Authentication Service Configuration found.', ['auth_configuration' => $authConfiguration]);
381  }
382  $userRecordCandidate = false;
383  // User is not authenticated by default
384  $authenticated = false;
385  // User want to login with passed login data (name/password)
386  $activeLogin = false;
387  $this->logger->debug('Login type: {type}', ['type' => $this->loginType]);
388  // Get Login/Logout data submitted by a form or params
389  ‪$loginData = $this->‪getLoginFormData($request);
390  $this->logger->debug('Login data', $this->‪removeSensitiveLoginDataForLoggingInfo(‪$loginData));
391  $type = LoginType::tryFrom(‪$loginData['status'] ?? '');
392  // Active logout (eg. with "logout" button)
393  if ($type === ‪LoginType::LOGOUT) {
394  if ($this->writeStdLog) {
395  // $type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid
396  $this->‪writelog(SystemLogType::LOGIN, ‪SystemLogLoginAction::LOGOUT, SystemLogErrorClassification::MESSAGE, 2, 'User %s logged out', [$this->user['username']], '', 0, 0);
397  }
398  $this->logger->info('User logged out. Id: {session}', ['session' => sha1($this->userSession->getIdentifier())]);
399  $this->‪logoff();
400  }
401  // Determine whether we need to skip session update.
402  // This is used mainly for checking session timeout in advance without refreshing the current session's timeout.
403  $skipSessionUpdate = (bool)($request->getQueryParams()['skipSessionUpdate'] ?? false);
404  $isExistingSession = false;
405  $anonymousSession = false;
406  $authenticatedUserFromSession = null;
407  if (!$this->userSession->isNew()) {
408  // Read user data if this is bound to a user
409  // However, if the user data is not valid, or the session has timed out we'll recreate a new anonymous session
410  if ($this->userSession->getUserId() > 0) {
411  $authenticatedUserFromSession = $this->‪fetchValidUserFromSessionOrDestroySession($skipSessionUpdate);
412  }
413  $isExistingSession = !$this->userSession->isNew();
414  $anonymousSession = $isExistingSession && $this->userSession->isAnonymous();
415  }
416 
417  // Active login (eg. with login form).
418  if ($type === LoginType::LOGIN) {
419  if (!$isExistingSession) {
420  $activeLogin = true;
421  $this->logger->debug('Active login (eg. with login form)');
422  // check referrer for submitted login values
423  if ($this->formfield_status && ‪$loginData['uident'] && ‪$loginData['uname']) {
424  // Delete old user session if any
425  $this->‪logoff();
426  }
427  // Refuse login for _CLI users, if not processing a CLI request type
428  // (although we shouldn't be here in case of a CLI request type)
429  if (stripos(‪$loginData['uname'], '_CLI_') === 0 && !‪Environment::isCli()) {
430  throw new \RuntimeException('TYPO3 Fatal Error: You have tried to login using a CLI user. Access prohibited!', 1270853931);
431  }
432  }
433  // Cause elevation of privilege, make sure regenerateSessionId is called later on
434  // Note for further research: $anonymousSession actually implies having $isExistingSession = true
435  // allowing to further simplify this concern.
436  if ($anonymousSession) {
437  $activeLogin = true;
438  }
439  }
440 
441  if ($isExistingSession && $authenticatedUserFromSession !== null) {
442  $this->logger->debug('User found in session', [
443  $this->userid_column => $authenticatedUserFromSession[$this->userid_column] ?? null,
444  $this->username_column => $authenticatedUserFromSession[$this->username_column] ?? null,
445  ]);
446  } else {
447  $this->logger->debug('No user session found');
448  }
449 
450  if ($activeLogin) {
451  $context = GeneralUtility::makeInstance(Context::class);
452  $securityAspect = ‪SecurityAspect::provideIn($context);
453  $requestToken = $securityAspect->getReceivedRequestToken();
454 
455  $event = new BeforeRequestTokenProcessedEvent($this, $request, $requestToken);
456  GeneralUtility::makeInstance(EventDispatcherInterface::class)->dispatch($event);
457  $requestToken = $event->getRequestToken();
458 
459  $requestTokenScopeMatches = ($requestToken->scope ?? null) === 'core/user-auth/' . strtolower($this->loginType);
460  if (!$requestTokenScopeMatches) {
461  $this->logger->debug('Missing or invalid request token during login', ['requestToken' => $requestToken]);
462  // important: disable `$activeLogin` state
463  $activeLogin = false;
464  } elseif ($requestToken instanceof RequestToken && $requestToken->getSigningSecretIdentifier() !== null) {
465  $securityAspect->getSigningSecretResolver()->revokeIdentifier(
466  $requestToken->getSigningSecretIdentifier()
467  );
468  }
469  }
470 
471  // Fetch users from the database (or somewhere else)
472  $possibleUsers = $this->‪fetchPossibleUsers(‪$loginData, $activeLogin, $isExistingSession, $authenticatedUserFromSession, $request);
473 
474  // If no new user was set we use the already found user session
475  if (empty($possibleUsers) && $isExistingSession && !$anonymousSession) {
476  // Check if the previous services returned a proper user
477  if (is_array($authenticatedUserFromSession)) {
478  $possibleUsers[] = $authenticatedUserFromSession;
479  $userRecordCandidate = $authenticatedUserFromSession;
480  // User is authenticated because we found a user session
481  $authenticated = true;
482  $this->logger->debug('User session used', [
483  $this->userid_column => $authenticatedUserFromSession[$this->userid_column] ?? '',
484  $this->username_column => $authenticatedUserFromSession[$this->username_column] ?? '',
485  ]);
486  }
487  }
488 
489  // Re-auth user when 'auth'-service option is set
490  if (!empty($authConfiguration[$this->loginType . '_alwaysAuthUser'])) {
491  $authenticated = false;
492  $this->logger->debug('alwaysAuthUser option is enabled');
493  }
494  // Authenticate the user if needed
495  if (!empty($possibleUsers) && !$authenticated) {
496  foreach ($possibleUsers as $userRecordCandidate) {
497  // Use 'auth' service to authenticate the user
498  // If one service returns FALSE then authentication failed
499  // a service might return 100 which means there's no reason to stop but the user can't be authenticated by that service
500  $this->logger->debug('Auth user', $this->‪removeSensitiveLoginDataForLoggingInfo($userRecordCandidate, true));
501  $subType = 'authUser' . ‪$this->loginType;
502 
504  foreach ($this->‪getAuthServices($subType, ‪$loginData, $authenticatedUserFromSession, $request) as $serviceObj) {
505  if (($ret = (int)$serviceObj->authUser($userRecordCandidate)) > 0) {
506  // If the service returns >=200 then no more checking is needed - useful for IP checking without password
507  if ($ret >= 200) {
508  $authenticated = true;
509  break;
510  }
511  if ($ret < 100) {
512  $authenticated = true;
513  }
514  // $ret is between 100 and 199 which means "I'm not responsible, ask others"
515  } else {
516  // $ret is < 0
517  $authenticated = false;
518  break;
519  }
520  }
521 
522  if ($authenticated) {
523  // Leave foreach() because a user is authenticated
524  break;
525  }
526  }
527  // mimic user authentication to mitigate observable timing discrepancies
528  // @link https://cwe.mitre.org/data/definitions/208.html
529  } elseif ($activeLogin) {
530  $subType = 'authUser' . ‪$this->loginType;
531  foreach ($this->‪getAuthServices($subType, ‪$loginData, $authenticatedUserFromSession, $request) as $serviceObj) {
532  if ($serviceObj instanceof MimicServiceInterface && $serviceObj->mimicAuthUser() === false) {
533  break;
534  }
535  }
536  }
537 
538  // If user is authenticated, then a valid user is found in $userRecordCandidate
539  if ($authenticated) {
540  // Insert session record if needed
541  if (!$isExistingSession
542  || $anonymousSession
543  || (int)($userRecordCandidate[$this->userid_column] ?? 0) !== $this->userSession->getUserId()
544  ) {
545  $sessionData = $this->userSession->getData();
546  // Create a new session with a fixated user
547  $this->userSession = $this->‪createUserSession($userRecordCandidate);
548 
549  // Preserve session data on login
550  if ($anonymousSession || $isExistingSession) {
551  $this->userSession->overrideData($sessionData);
552  }
553 
554  $this->user = array_merge($userRecordCandidate, $this->user ?? []);
555 
556  // The login session is started.
557  $this->loginSessionStarted = true;
558  $this->logger->debug('User session finally read', [
559  $this->userid_column => $this->user[$this->userid_column],
560  $this->username_column => $this->user[$this->username_column],
561  ]);
562  } else {
563  // if we come here the current session is for sure not anonymous as this is a pre-condition for $authenticated = true
564  $this->user = $authenticatedUserFromSession;
565  }
566 
567  if ($activeLogin && !$this->userSession->isNew()) {
568  $this->‪regenerateSessionId();
569  }
570 
571  // Since the user is not fully authenticated we need to unpack UC here to be
572  // able to retrieve a possible defined default (preferred) MFA provider.
573  $this->‪unpack_uc();
574 
575  if ($activeLogin) {
576  // User logged in - write that to the log!
577  if ($this->writeStdLog) {
578  $this->‪writelog(SystemLogType::LOGIN, SystemLogLoginAction::LOGIN, SystemLogErrorClassification::MESSAGE, 1, 'User %s logged in from ###IP###', [$userRecordCandidate[$this->username_column]], '', '', '');
579  }
580  $this->logger->info('User {username} logged in from {ip}', [
581  'username' => $userRecordCandidate[$this->username_column],
582  'ip' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
583  ]);
584  } else {
585  $this->logger->debug('User {username} authenticated from {ip}', [
586  'username' => $userRecordCandidate[$this->username_column],
587  'ip' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
588  ]);
589  }
590  // Check if multi-factor authentication is required
592  } else {
593  // Mark the current login attempt as failed
594  if (empty($possibleUsers) && $activeLogin) {
595  $this->logger->debug('Login failed', [
597  ]);
598  } elseif (!empty($possibleUsers)) {
599  $this->logger->debug('Login failed', [
600  $this->userid_column => $userRecordCandidate[$this->userid_column],
601  $this->username_column => $userRecordCandidate[$this->username_column],
602  ]);
603  }
604 
605  // If there were a login failure, check to see if a warning email should be sent
606  if ($activeLogin) {
607  GeneralUtility::makeInstance(EventDispatcherInterface::class)->dispatch(
609  );
610  }
611  }
612  }
613 
619  protected function ‪fetchPossibleUsers(array ‪$loginData, bool $activeLogin, bool $isExistingSession, ?array $authenticatedUserFromSession, ServerRequestInterface $request): array
620  {
621  $possibleUsers = [];
622  $authConfiguration = $this->‪getAuthServiceConfiguration();
623  $alwaysFetchUsers = !empty($authConfiguration[$this->loginType . '_alwaysFetchUser']);
624  $fetchUsersIfNoSessionIsGiven = !empty($authConfiguration[$this->loginType . '_fetchUserIfNoSession']);
625  if (
626  $activeLogin
627  || $alwaysFetchUsers
628  || (!$isExistingSession && $fetchUsersIfNoSessionIsGiven)
629  ) {
630  // Use 'auth' service to find the user
631  // First found user will be used
632  $subType = 'getUser' . ‪$this->loginType;
634  foreach ($this->‪getAuthServices($subType, ‪$loginData, $authenticatedUserFromSession, $request) as $serviceObj) {
635  $row = $serviceObj->getUser();
636  if (is_array($row)) {
637  $possibleUsers[] = $row;
638  $this->logger->debug('User found', [
639  $this->userid_column => $row[$this->userid_column],
640  $this->username_column => $row[$this->username_column],
641  ]);
642  // User found, just stop to search for more if not configured to go on
643  if (empty($authConfiguration[$this->loginType . '_fetchAllUsers'])) {
644  break;
645  }
646  }
647  }
648 
649  if ($alwaysFetchUsers) {
650  $this->logger->debug($this->loginType . '_alwaysFetchUser option is enabled');
651  }
652  if (empty($possibleUsers)) {
653  $this->logger->debug('No user found by services');
654  } else {
655  $this->logger->debug('{count} user records found by services', ['count' => count($possibleUsers)]);
656  }
657  }
658  return $possibleUsers;
659  }
660 
670  protected function ‪evaluateMfaRequirements(): void
671  {
672  // MFA has been validated already, nothing to do
673  if ($this->‪getSessionData('mfa')) {
674  return;
675  }
676  // If the user session does not contain the 'mfa' key - indicating that MFA is already
677  // passed - get the first provider for authentication, which is either the default provider
678  // or the first active provider (based on the providers configured ordering).
679  $provider = GeneralUtility::makeInstance(MfaProviderRegistry::class)->getFirstAuthenticationAwareProvider($this);
680  // Throw an exception (hopefully caught in a middleware) when an active provider for the user exists
681  if ($provider !== null) {
682  throw new ‪MfaRequiredException($provider, 1613687097);
683  }
684  }
685 
691  public function ‪isMfaSetupRequired(): bool
692  {
693  return false;
694  }
695 
703  protected function ‪getAuthServices(string $subType, array ‪$loginData, ?array $authenticatedUserFromSession, ServerRequestInterface $request): \Traversable
704  {
705  $serviceChain = [];
706  // The info array provide additional information for auth services
707  $authInfo = $this->‪getAuthInfoArray($request);
708  if ($authenticatedUserFromSession !== null) {
709  $authInfo['user'] = $authenticatedUserFromSession;
710  }
711  while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
712  $serviceChain[] = $serviceObj->getServiceKey();
713  $serviceObj->initAuth($subType, ‪$loginData, $authInfo, $this);
714  yield $serviceObj;
715  }
716  if (!empty($serviceChain)) {
717  $this->logger->debug('{subtype} auth services called: {chain}', [
718  'subtype' => $subType,
719  'chain' => implode(',', $serviceChain),
720  ]);
721  }
722  }
723 
729  protected function ‪regenerateSessionId()
730  {
731  $this->userSession = $this->userSessionManager->regenerateSession($this->userSession->getIdentifier());
732  }
733 
734  /*************************
735  *
736  * User Sessions
737  *
738  *************************/
739 
746  public function ‪createUserSession(array $userRecordCandidate): UserSession
747  {
748  // Needed for testing framework
749  if (!isset($this->userSessionManager)) {
751  }
752  $userRecordCandidateId = (int)($userRecordCandidate[$this->userid_column] ?? 0);
753  $session = $this->userSessionManager->elevateToFixatedUserSession($this->userSession, $userRecordCandidateId);
754  // Updating lastLogin_column carrying information about last login.
755  $this->‪updateLoginTimestamp($userRecordCandidateId);
756  return $session;
757  }
758 
762  protected function ‪updateLoginTimestamp(int $userId)
763  {
764  if ($this->lastLogin_column) {
765  $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table);
766  $connection->update(
767  $this->user_table,
768  [$this->lastLogin_column => ‪$GLOBALS['EXEC_TIME']],
769  [$this->userid_column => $userId]
770  );
771  $this->user[‪$this->lastLogin_column] = ‪$GLOBALS['EXEC_TIME'];
772  }
773  }
774 
784  protected function ‪fetchValidUserFromSessionOrDestroySession(bool $skipSessionUpdate = false): ?array
785  {
786  if ($this->userSession->isAnonymous()) {
787  return null;
788  }
789  // Fetch the user from the DB
790  $userRecord = $this->‪getRawUserByUid($this->userSession->getUserId() ?? 0);
791  if ($userRecord) {
792  // A user was found
793  $userRecord['is_online'] = $this->userSession->getLastUpdated();
794  if (!$this->userSessionManager->hasExpired($this->userSession)) {
795  if (!$skipSessionUpdate) {
796  $this->userSession = $this->userSessionManager->updateSessionTimestamp($this->userSession);
797  }
798  } else {
799  // Delete any user set...
800  $this->‪logoff();
801  $userRecord = false;
802  $this->userSession = $this->userSessionManager->createAnonymousSession();
803  }
804  }
805  return is_array($userRecord) ? $userRecord : null;
806  }
807 
813  public function ‪enforceNewSessionId()
814  {
815  $this->‪regenerateSessionId();
816  $this->‪setSessionCookie();
817  }
818 
824  public function ‪logoff()
825  {
826  $this->logger->debug('logoff: ses_id = {session}', ['session' => sha1($this->userSession->getIdentifier())]);
827 
828  $dispatcher = GeneralUtility::makeInstance(EventDispatcherInterface::class);
829 
830  $event = new ‪BeforeUserLogoutEvent($this, $this->userSession);
831  $event = $dispatcher->dispatch($event);
832 
833  if ($event->shouldLogout()) {
834  $this->‪performLogoff();
835  }
836 
837  $dispatcher->dispatch(new ‪AfterUserLoggedOutEvent($this));
838  }
839 
845  protected function ‪performLogoff()
846  {
847  if ($this->userSession) {
848  $this->userSessionManager->removeSession($this->userSession);
849  }
850  $this->userSession = $this->userSessionManager->createAnonymousSession();
851  $this->user = null;
852  if ($this->‪isCookieSet()) {
853  $this->‪removeCookie();
854  }
855  }
856 
863  public function ‪removeCookie($cookieName = null)
864  {
865  $this->setCookie = ‪SetCookieBehavior::Remove;
866  }
867 
875  protected function ‪isCookieSet()
876  {
877  return ‪SetCookieService::create($this->name, $this->loginType)->isCookieSet(
878  ‪$GLOBALS['TYPO3_REQUEST'] ?? null,
879  $this->userSession
880  );
881  }
882 
883  /*************************
884  *
885  * SQL Functions
886  *
887  *************************/
896  {
897  $restrictionContainer = GeneralUtility::makeInstance(DefaultRestrictionContainer::class);
898 
899  if (empty($this->enablecolumns['disabled'])) {
900  $restrictionContainer->removeByType(HiddenRestriction::class);
901  }
902 
903  if (empty($this->enablecolumns['deleted'])) {
904  $restrictionContainer->removeByType(DeletedRestriction::class);
905  }
906 
907  if (empty($this->enablecolumns['starttime'])) {
908  $restrictionContainer->removeByType(StartTimeRestriction::class);
909  }
910 
911  if (empty($this->enablecolumns['endtime'])) {
912  $restrictionContainer->removeByType(EndTimeRestriction::class);
913  }
914 
915  if (!empty($this->enablecolumns['rootLevel'])) {
916  $restrictionContainer->add(GeneralUtility::makeInstance(RootLevelRestriction::class, [$this->user_table]));
917  }
918 
919  if ($this->checkPid && $this->checkPid_value !== null) {
920  $restrictionContainer->add(
921  GeneralUtility::makeInstance(
922  PageIdListRestriction::class,
923  [$this->user_table],
924  GeneralUtility::intExplode(',', (string)$this->checkPid_value, true)
925  )
926  );
927  }
928 
929  return $restrictionContainer;
930  }
931 
932  /*************************
933  *
934  * Session and Configuration Handling
935  *
936  *************************/
941  public function ‪writeUC()
942  {
943  if (is_array($this->user) && $this->user[$this->userid_column]) {
944  $this->logger->debug('writeUC: {userid_column}={value}', [
945  'userid_column' => $this->userid_column,
946  'value' => $this->user[$this->userid_column],
947  ]);
948  GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table)->update(
949  $this->user_table,
950  ['uc' => serialize($this->uc)],
951  [$this->userid_column => (int)$this->user[$this->userid_column]],
952  ['uc' => ‪Connection::PARAM_LOB]
953  );
954  }
955  }
956 
961  protected function ‪unpack_uc()
962  {
963  if (isset($this->user['uc'])) {
964  $theUC = unserialize($this->user['uc'], ['allowed_classes' => false]);
965  if (is_array($theUC)) {
966  $this->uc = $theUC;
967  }
968  }
969  }
970 
980  public function ‪pushModuleData(string $module, mixed $data, bool $dontPersistImmediately = false): void
981  {
982  $sessionHash = ‪GeneralUtility::hmac(
983  $this->userSession->getIdentifier(),
984  'core-session-hash'
985  );
986  $this->uc['moduleData'][$module] = $data;
987  $this->uc['moduleSessionID'][$module] = $sessionHash;
988  if ($dontPersistImmediately === false) {
989  $this->‪writeUC();
990  }
991  }
992 
1000  public function ‪getModuleData(string $module, string $type = ''): mixed
1001  {
1002  $sessionHash = ‪GeneralUtility::hmac(
1003  $this->userSession->getIdentifier(),
1004  'core-session-hash'
1005  );
1006  $sessionData = $this->uc['moduleData'][$module] ?? null;
1007  $moduleSessionIdHash = $this->uc['moduleSessionID'][$module] ?? null;
1008  if ($type !== 'ses' || ($sessionData !== null && $moduleSessionIdHash === $sessionHash)) {
1009  return $sessionData;
1010  }
1011  return null;
1012  }
1021  public function ‪getSessionData($key)
1022  {
1023  return $this->userSession ? $this->userSession->get($key) : '';
1024  }
1033  public function ‪setSessionData($key, $data)
1034  {
1035  $this->userSession->set($key, $data);
1036  }
1037 
1045  public function ‪setAndSaveSessionData($key, $data)
1046  {
1047  $this->userSession->set($key, $data);
1048  $this->logger->debug('setAndSaveSessionData: ses_id = {session}', ['session' => sha1($this->userSession->getIdentifier())]);
1049  $this->userSession = $this->userSessionManager->updateSession($this->userSession);
1050  }
1051 
1052  /*************************
1053  *
1054  * Misc
1055  *
1056  *************************/
1063  public function ‪getLoginFormData(ServerRequestInterface $request)
1064  {
1065  $parsedBody = $request->getParsedBody();
1066  $queryParams = $request->getQueryParams();
1067  ‪$loginData = [
1068  'status' => ‪StringUtility::filter($parsedBody[$this->formfield_status] ?? $queryParams[$this->formfield_status] ?? null),
1069  'uname' => ‪StringUtility::filter($parsedBody[$this->formfield_uname] ?? '', ''),
1070  'uident' => ‪StringUtility::filter($parsedBody[$this->formfield_uident] ?? '', ''),
1071  ];
1072  // Only process the login data if a login is requested
1073  if (LoginType::tryFrom(‪$loginData['status'] ?? '') === LoginType::LOGIN) {
1074  ‪$loginData = $this->‪processLoginData($loginData, $request);
1075  }
1076  return ‪$loginData;
1077  }
1078 
1079  public function ‪isActiveLogin(ServerRequestInterface $request): bool
1080  {
1081  $status = $request->getParsedBody()[‪$this->formfield_status] ?? $request->getQueryParams()[‪$this->formfield_status] ?? '';
1082  return LoginType::tryFrom($status) === LoginType::LOGIN;
1083  }
1084 
1092  public function ‪processLoginData(array ‪$loginData, ServerRequestInterface $request): array
1093  {
1094  $this->logger->debug('Login data before processing', $this->‪removeSensitiveLoginDataForLoggingInfo($loginData));
1095  $subType = 'processLoginData' . ‪$this->loginType;
1096  $isLoginDataProcessed = false;
1097  $processedLoginData = ‪$loginData;
1099  foreach ($this->‪getAuthServices($subType, ‪$loginData, null, $request) as $serviceObject) {
1100  $serviceResult = $serviceObject->processLoginData($processedLoginData, 'normal');
1101  if (!empty($serviceResult)) {
1102  $isLoginDataProcessed = true;
1103  // If the service returns >=200 then no more processing is needed
1104  if ((int)$serviceResult >= 200) {
1105  break;
1106  }
1107  }
1108  }
1109  if ($isLoginDataProcessed) {
1110  ‪$loginData = $processedLoginData;
1111  $this->logger->debug('Processed login data', $this->‪removeSensitiveLoginDataForLoggingInfo($processedLoginData));
1112  }
1113  return ‪$loginData;
1114  }
1115 
1126  protected function ‪removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord = false)
1127  {
1128  if ($isUserRecord && is_array($data)) {
1129  $fieldNames = ['uid', 'pid', 'tstamp', 'crdate', 'deleted', 'disabled', 'starttime', 'endtime', 'username', 'admin', 'usergroup', 'db_mountpoints', 'file_mountpoints', 'file_permissions', 'workspace_perms', 'lastlogin', 'workspace_id', 'category_perms'];
1130  $data = array_intersect_key($data, array_combine($fieldNames, $fieldNames));
1131  }
1132  if (isset($data['uident'])) {
1133  $data['uident'] = '********';
1134  }
1135  if (isset($data['uident_text'])) {
1136  $data['uident_text'] = '********';
1137  }
1138  if (isset($data['password'])) {
1139  $data['password'] = '********';
1140  }
1141  return $data;
1142  }
1143 
1150  public function ‪getAuthInfoArray(ServerRequestInterface $request)
1151  {
1152  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1153  $expressionBuilder = $queryBuilder->expr();
1154  $authInfo = [];
1155  $authInfo['loginType'] = ‪$this->loginType;
1156  $authInfo['request'] = $request;
1157  $authInfo['refInfo'] = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));
1158  $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
1159  $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
1160  $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
1161  // Can be overridden in localconf by SVCONF:
1162  $authInfo['db_user']['table'] = ‪$this->user_table;
1163  $authInfo['db_user']['userid_column'] = ‪$this->userid_column;
1164  $authInfo['db_user']['username_column'] = ‪$this->username_column;
1165  $authInfo['db_user']['userident_column'] = ‪$this->userident_column;
1166  $authInfo['db_user']['enable_clause'] = $this->‪userConstraints()->buildExpression(
1167  [$this->user_table => $this->user_table],
1168  $expressionBuilder
1169  );
1170  return $authInfo;
1171  }
1172 
1186  public function ‪writelog($type, $action, $error, $details_nr, ‪$details, $data, $tablename, $recuid, $recpid)
1187  {
1188  }
1189 
1201  public function ‪setBeUserByUid(‪$uid)
1202  {
1203  $this->user = $this->‪getRawUserByUid(‪$uid);
1204  }
1213  public function ‪setBeUserByName(‪$name)
1214  {
1215  $this->user = $this->‪getRawUserByName(‪$name) ?: null;
1216  }
1217 
1225  public function ‪getRawUserByUid(‪$uid)
1226  {
1227  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1228  $query->setRestrictions($this->‪userConstraints());
1229  $query->select('*')
1230  ->from($this->user_table)
1231  ->where($query->expr()->eq($this->userid_column, $query->createNamedParameter(‪$uid, ‪Connection::PARAM_INT)));
1232 
1233  return $query->executeQuery()->fetchAssociative();
1234  }
1244  public function ‪getRawUserByName(‪$name)
1245  {
1246  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1247  $query->setRestrictions($this->‪userConstraints());
1248  $query->select('*')
1249  ->from($this->user_table)
1250  ->where($query->expr()->eq($this->username_column, $query->createNamedParameter(‪$name)));
1251 
1252  return $query->executeQuery()->fetchAssociative();
1253  }
1254 
1255  public function ‪getSession(): ‪UserSession
1256  {
1257  return ‪$this->userSession;
1258  }
1259 }
‪TYPO3\CMS\Core\Context\SecurityAspect\provideIn
‪static provideIn(Context $context)
Definition: SecurityAspect.php:41
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\initializeUserSessionManager
‪initializeUserSessionManager(?UserSessionManager $userSessionManager=null)
Definition: AbstractUserAuthentication.php:219
‪TYPO3\CMS\Core\Database\Query\Restriction\PageIdListRestriction
Definition: PageIdListRestriction.php:27
‪TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction
Definition: HiddenRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid
‪bool $checkPid
Definition: AbstractUserAuthentication.php:152
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchPossibleUsers
‪fetchPossibleUsers(array $loginData, bool $activeLogin, bool $isExistingSession, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:599
‪TYPO3\CMS\Core\Authentication\Event\AfterUserLoggedOutEvent
Definition: AfterUserLoggedOutEvent.php:26
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff
‪logoff()
Definition: AbstractUserAuthentication.php:804
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo
‪mixed removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord=false)
Definition: AbstractUserAuthentication.php:1106
‪TYPO3\CMS\Core\Database\Connection\PARAM_INT
‪const PARAM_INT
Definition: Connection.php:46
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType
‪string $loginType
Definition: AbstractUserAuthentication.php:184
‪TYPO3\CMS\Core\Http\Remove
‪@ Remove
Definition: SetCookieBehavior.php:27
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface
Definition: MimicServiceInterface.php:21
‪TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent
Definition: LoginAttemptFailedEvent.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession
‪UserSession createUserSession(array $userRecordCandidate)
Definition: AbstractUserAuthentication.php:726
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp
‪updateLoginTimestamp(int $userId)
Definition: AbstractUserAuthentication.php:742
‪TYPO3\CMS\Core\Http\SetCookieBehavior
‪SetCookieBehavior
Definition: SetCookieBehavior.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\appendCookieToResponse
‪appendCookieToResponse(ResponseInterface $response, ?NormalizedParams $normalizedParams=null)
Definition: AbstractUserAuthentication.php:275
‪TYPO3\CMS\Core\Database\Query\Restriction\EndTimeRestriction
Definition: EndTimeRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchValidUserFromSessionOrDestroySession
‪fetchValidUserFromSessionOrDestroySession(bool $skipSessionUpdate=false)
Definition: AbstractUserAuthentication.php:764
‪TYPO3\CMS\Webhooks\Message\$details
‪identifier readonly UriInterface readonly array $details
Definition: MfaVerificationErrorOccurredMessage.php:37
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid
‪array getRawUserByUid($uid)
Definition: AbstractUserAuthentication.php:1205
‪TYPO3\CMS\Core\Exception
Definition: Exception.php:22
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid_value
‪int string null $checkPid_value
Definition: AbstractUserAuthentication.php:157
‪TYPO3\CMS\Core\Database\Query\Restriction\StartTimeRestriction
Definition: StartTimeRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getModuleData
‪mixed getModuleData(string $module, string $type='')
Definition: AbstractUserAuthentication.php:980
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userGroups
‪array $userGroups
Definition: AbstractUserAuthentication.php:173
‪TYPO3\CMS\Core\Session\UserSession
Definition: UserSession.php:42
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column
‪string $username_column
Definition: AbstractUserAuthentication.php:86
‪TYPO3\CMS\Core\Exception
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData
‪pushModuleData(string $module, mixed $data, bool $dontPersistImmediately=false)
Definition: AbstractUserAuthentication.php:960
‪TYPO3\CMS\Core\Authentication\LOGOUT
‪@ LOGOUT
Definition: LoginType.php:26
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__construct
‪__construct()
Definition: AbstractUserAuthentication.php:205
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication
‪checkAuthentication(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:356
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog
‪writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
Definition: AbstractUserAuthentication.php:1166
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionContainerInterface
Definition: QueryRestrictionContainerInterface.php:25
‪TYPO3\CMS\Core\SysLog\Action\Login
Definition: Login.php:24
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:55
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServiceConfiguration
‪getAuthServiceConfiguration()
Definition: AbstractUserAuthentication.php:342
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uident
‪string $formfield_uident
Definition: AbstractUserAuthentication.php:131
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$enablecolumns
‪array $enablecolumns
Definition: AbstractUserAuthentication.php:112
‪TYPO3\CMS\Core\Authentication\Event\BeforeRequestTokenProcessedEvent
Definition: BeforeRequestTokenProcessedEvent.php:28
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userSessionManager
‪UserSessionManager $userSessionManager
Definition: AbstractUserAuthentication.php:193
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_status
‪string $formfield_status
Definition: AbstractUserAuthentication.php:137
‪TYPO3\CMS\Core\Security\RequestToken
Definition: RequestToken.php:26
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData
‪array getLoginFormData(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1043
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff
‪performLogoff()
Definition: AbstractUserAuthentication.php:825
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isMfaSetupRequired
‪isMfaSetupRequired()
Definition: AbstractUserAuthentication.php:671
‪TYPO3\CMS\Core\Context\SecurityAspect
Definition: SecurityAspect.php:30
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionData
‪setSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1013
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_table
‪string $usergroup_table
Definition: AbstractUserAuthentication.php:81
‪TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction
Definition: RootLevelRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\unpack_uc
‪unpack_uc()
Definition: AbstractUserAuthentication.php:941
‪TYPO3\CMS\Webhooks\Message\$loginData
‪identifier readonly UriInterface readonly array $loginData
Definition: LoginErrorOccurredMessage.php:37
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userSession
‪UserSession $userSession
Definition: AbstractUserAuthentication.php:191
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isSetSessionCookie
‪bool isSetSessionCookie()
Definition: AbstractUserAuthentication.php:323
‪TYPO3\CMS\Core\Authentication\Mfa\MfaRequiredException
Definition: MfaRequiredException.php:29
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start
‪start(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:234
‪TYPO3\CMS\Core\Utility\GeneralUtility\hmac
‪static string hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:475
‪TYPO3\CMS\Core\SysLog\Error
Definition: Error.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_column
‪string $usergroup_column
Definition: AbstractUserAuthentication.php:101
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData
‪mixed getSessionData($key)
Definition: AbstractUserAuthentication.php:1001
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSession
‪getSession()
Definition: AbstractUserAuthentication.php:1235
‪TYPO3\CMS\Core\Session\UserSessionManager\create
‪static static create(string $loginType, int $sessionLifetime=null, SessionManager $sessionManager=null, IpLocker $ipLocker=null)
Definition: UserSessionManager.php:339
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$setCookie
‪SetCookieBehavior $setCookie
Definition: AbstractUserAuthentication.php:198
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setAndSaveSessionData
‪setAndSaveSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1025
‪TYPO3\CMS\Core\Core\Environment\isCli
‪static isCli()
Definition: Environment.php:145
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name
‪string $name
Definition: AbstractUserAuthentication.php:71
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\shallSetSessionCookie
‪shallSetSessionCookie()
Definition: AbstractUserAuthentication.php:311
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeAttemptLog
‪bool $writeAttemptLog
Definition: AbstractUserAuthentication.php:147
‪TYPO3\CMS\Core\Security\RequestToken\getSigningSecretIdentifier
‪getSigningSecretIdentifier()
Definition: RequestToken.php:115
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId
‪enforceNewSessionId()
Definition: AbstractUserAuthentication.php:793
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user
‪array null $user
Definition: AbstractUserAuthentication.php:168
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\evaluateMfaRequirements
‪evaluateMfaRequirements()
Definition: AbstractUserAuthentication.php:650
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices
‪Traversable getAuthServices(string $subType, array $loginData, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:683
‪TYPO3\CMS\Core\Database\Connection
Definition: Connection.php:35
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginSessionStarted
‪bool $loginSessionStarted
Definition: AbstractUserAuthentication.php:163
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$lastLogin_column
‪string $lastLogin_column
Definition: AbstractUserAuthentication.php:107
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column
‪string $userident_column
Definition: AbstractUserAuthentication.php:91
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isRefreshTimeBasedCookie
‪bool isRefreshTimeBasedCookie()
Definition: AbstractUserAuthentication.php:334
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId
‪regenerateSessionId()
Definition: AbstractUserAuthentication.php:709
‪TYPO3\CMS\Webhooks\Message\$uid
‪identifier readonly int $uid
Definition: PageModificationMessage.php:35
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints
‪userConstraints()
Definition: AbstractUserAuthentication.php:875
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
Definition: DeletedRestriction.php:28
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:41
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isActiveLogin
‪isActiveLogin(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1059
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column
‪string $userid_column
Definition: AbstractUserAuthentication.php:96
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie
‪removeCookie($cookieName=null)
Definition: AbstractUserAuthentication.php:843
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet
‪bool isCookieSet()
Definition: AbstractUserAuthentication.php:855
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$dontSetCookie
‪bool $dontSetCookie
Definition: AbstractUserAuthentication.php:179
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray
‪array getAuthInfoArray(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1130
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie
‪setSessionCookie()
Definition: AbstractUserAuthentication.php:302
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData
‪array processLoginData(array $loginData, ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1072
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByUid
‪setBeUserByUid($uid)
Definition: AbstractUserAuthentication.php:1181
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:51
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName
‪setBeUserByName($name)
Definition: AbstractUserAuthentication.php:1193
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:51
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$uc
‪array $uc
Definition: AbstractUserAuthentication.php:189
‪TYPO3\CMS\Core\Utility\StringUtility
Definition: StringUtility.php:24
‪TYPO3\CMS\Core\Utility\StringUtility\filter
‪static filter(mixed $value, ?string $default=null)
Definition: StringUtility.php:48
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface\mimicAuthUser
‪bool mimicAuthUser()
‪TYPO3\CMS\Core\Http\NormalizedParams\createFromRequest
‪static static createFromRequest(ServerRequestInterface $request, array $systemConfiguration=null)
Definition: NormalizedParams.php:840
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeStdLog
‪bool $writeStdLog
Definition: AbstractUserAuthentication.php:142
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uname
‪string $formfield_uname
Definition: AbstractUserAuthentication.php:125
‪TYPO3\CMS\Core\Authentication\Event\BeforeUserLogoutEvent
Definition: BeforeUserLogoutEvent.php:29
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user_table
‪string $user_table
Definition: AbstractUserAuthentication.php:76
‪TYPO3\CMS\Core\Session\UserSessionManager
Definition: UserSessionManager.php:44
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName
‪array getRawUserByName($name)
Definition: AbstractUserAuthentication.php:1224
‪TYPO3\CMS\Core\Http\NormalizedParams
Definition: NormalizedParams.php:38
‪TYPO3\CMS\Core\SysLog\Type
Definition: Type.php:28
‪TYPO3\CMS\Core\Database\Query\Restriction\DefaultRestrictionContainer
Definition: DefaultRestrictionContainer.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
Definition: AbstractUserAuthentication.php:64
‪TYPO3\CMS\Core\Authentication\Mfa\MfaProviderRegistry
Definition: MfaProviderRegistry.php:28
‪TYPO3\CMS\Core\Database\Connection\PARAM_LOB
‪const PARAM_LOB
Definition: Connection.php:56
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC
‪writeUC()
Definition: AbstractUserAuthentication.php:921