‪TYPO3CMS  ‪main
AjaxLoginController.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Controller;
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
22 use ‪TYPO3\CMS\Backend\Attribute\AsController;
23 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use ‪TYPO3\CMS\Core\Authentication\LoginType;
25 use ‪TYPO3\CMS\Core\Core\Environment;
26 use ‪TYPO3\CMS\Core\FormProtection\BackendFormProtection;
27 use ‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
28 use ‪TYPO3\CMS\Core\Http\JsonResponse;
29 use ‪TYPO3\CMS\Core\Session\UserSessionManager;
30 
35 #[AsController]
36 class ‪AjaxLoginController
37 {
38  public function ‪__construct(
39  protected readonly ‪FormProtectionFactory $formProtectionFactory
40  ) {}
41 
49  public function ‪loginAction(ServerRequestInterface $request): ResponseInterface
50  {
51  if ($this->‪isAuthorizedBackendSession()) {
52  $result = ['success' => true];
53  if ($this->‪hasLoginBeenProcessed($request)) {
55  $formProtection = $this->formProtectionFactory->createFromRequest($request);
56  $formProtection->setSessionTokenFromRegistry();
57  $formProtection->persistSessionToken();
58  }
59  } else {
60  $result = ['success' => false];
61  }
62  return new ‪JsonResponse(['login' => $result]);
63  }
64 
68  public function ‪logoutAction(ServerRequestInterface $request): ResponseInterface
69  {
70  $backendUser = $this->‪getBackendUser();
71  $backendUser->logoff();
72  return new ‪JsonResponse([
73  'logout' => [
74  'success' => !isset($backendUser->user['uid']),
75  ],
76  ]);
77  }
78 
79  public function ‪preflightAction(ServerRequestInterface $request): ResponseInterface
80  {
81  $headers = $request->getHeaders();
82  return new ‪JsonResponse([
83  'capabilities' => [
84  'cookie' => !empty($request->getCookieParams()),
85  // using legacy `Referer` (sic!) header name
86  'referrer' => array_filter($headers['referer'] ?? []) !== [],
87  ],
88  ]);
89  }
90 
96  public function ‪refreshAction(ServerRequestInterface $request): ResponseInterface
97  {
98  $backendUser = $this->‪getBackendUser();
99  return new ‪JsonResponse([
100  'refresh' => [
101  'success' => isset($backendUser->user['uid']),
102  ],
103  ]);
104  }
105 
109  public function ‪isTimedOutAction(ServerRequestInterface $request): ResponseInterface
110  {
111  $session = [
112  'timed_out' => false,
113  'will_time_out' => false,
114  'locked' => false,
115  ];
116  $backendUser = $this->‪getBackendUser();
117  if (@is_file(‪Environment::getLegacyConfigPath() . '/LOCK_BACKEND')) {
118  $session['locked'] = true;
119  } elseif (!isset($backendUser->user['uid'])) {
120  $session['timed_out'] = true;
121  } else {
122  $sessionManager = ‪UserSessionManager::create('BE');
123  // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
124  // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
125  $session['will_time_out'] = $sessionManager->willExpire($backendUser->getSession(), 120);
126  }
127  return new ‪JsonResponse(['login' => $session]);
128  }
129 
135  protected function ‪isAuthorizedBackendSession()
136  {
137  $backendUser = $this->‪getBackendUser();
138  if ($backendUser === null) {
139  return false;
140  }
141  return isset($backendUser->user['uid']);
142  }
143 
147  protected function ‪hasLoginBeenProcessed(ServerRequestInterface $request): bool
148  {
149  $loginFormData = $this->‪getBackendUser()->getLoginFormData($request);
150  return LoginType::tryFrom($loginFormData['status'] ?? '') === LoginType::LOGIN && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
151  }
152 
153  protected function ‪getBackendUser(): ?‪BackendUserAuthentication
154  {
155  return ‪$GLOBALS['BE_USER'] ?? null;
156  }
157 }
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\isTimedOutAction
‪isTimedOutAction(ServerRequestInterface $request)
Definition: AjaxLoginController.php:109
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\isAuthorizedBackendSession
‪bool isAuthorizedBackendSession()
Definition: AjaxLoginController.php:135
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\refreshAction
‪refreshAction(ServerRequestInterface $request)
Definition: AjaxLoginController.php:96
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:75
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\loginAction
‪loginAction(ServerRequestInterface $request)
Definition: AjaxLoginController.php:49
‪TYPO3\CMS\Core\Core\Environment\getLegacyConfigPath
‪static getLegacyConfigPath()
Definition: Environment.php:268
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\__construct
‪__construct(protected readonly FormProtectionFactory $formProtectionFactory)
Definition: AjaxLoginController.php:38
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\hasLoginBeenProcessed
‪hasLoginBeenProcessed(ServerRequestInterface $request)
Definition: AjaxLoginController.php:147
‪TYPO3\CMS\Core\Authentication\LoginType
‪LoginType
Definition: LoginType.php:24
‪TYPO3\CMS\Core\Session\UserSessionManager\create
‪static static create(string $loginType, int $sessionLifetime=null, SessionManager $sessionManager=null, IpLocker $ipLocker=null)
Definition: UserSessionManager.php:345
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\preflightAction
‪preflightAction(ServerRequestInterface $request)
Definition: AjaxLoginController.php:79
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory
Definition: FormProtectionFactory.php:43
‪TYPO3\CMS\Core\Http\JsonResponse
Definition: JsonResponse.php:28
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\logoutAction
‪logoutAction(ServerRequestInterface $request)
Definition: AjaxLoginController.php:68
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:41
‪TYPO3\CMS\Backend\Attribute\AsController
Definition: AsController.php:25
‪TYPO3\CMS\Backend\Controller\AjaxLoginController\getBackendUser
‪getBackendUser()
Definition: AjaxLoginController.php:153
‪TYPO3\CMS\Backend\Controller
Definition: AboutController.php:18
‪TYPO3\CMS\Backend\Controller\AjaxLoginController
Definition: AjaxLoginController.php:37
‪TYPO3\CMS\Core\Session\UserSessionManager
Definition: UserSessionManager.php:46