BackendModuleController.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Install\Controller;
 
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\UriInterface;
use ‪TYPO3\CMS\Backend\Routing\UriBuilder;
use ‪TYPO3\CMS\Backend\Template\ModuleTemplateFactory;
use ‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;
use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use ‪TYPO3\CMS\Core\Core\Environment;
use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException;
use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use ‪TYPO3\CMS\Core\Http\HtmlResponse;
use ‪TYPO3\CMS\Core\Http\RedirectResponse;
use ‪TYPO3\CMS\Core\Routing\BackendEntryPointResolver;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Service\SessionService;
 
class ‪BackendModuleController
{
    protected const ‪FLAG_CONFIRMATION_REQUEST = 1;
    protected const ‪FLAG_INSTALL_TOOL_PASSWORD = 2;
    protected const ‪ALLOWED_ACTIONS = ['maintenance', 'settings', 'upgrade', 'environment'];
 
    protected ?SessionService ‪$sessionService = null;
 
    public function ‪__construct(
        protected readonly ‪UriBuilder $uriBuilder,
        protected readonly ‪ModuleTemplateFactory $moduleTemplateFactory
    ) {
    }
 
    public function ‪backendUserConfirmationAction(ServerRequestInterface $request): ResponseInterface
    {
        $flags = (int)($request->getQueryParams()['flags'] ?? 0);
        $targetController = (string)($request->getQueryParams()['targetController'] ?? '');
        $targetHash = (string)($request->getQueryParams()['targetHash'] ?? '');
        $expectedTargetHash = ‪GeneralUtility::hmac($targetController, BackendModuleController::class);
        $flagInstallToolPassword = (bool)($flags & self::FLAG_INSTALL_TOOL_PASSWORD);
        $flagInvalidPassword = false;
 
        if (!in_array($targetController, self::ALLOWED_ACTIONS, true)
            || !hash_equals($expectedTargetHash, $targetHash)) {
            return new ‪HtmlResponse('', 403);
        }
        if ($flags & self::FLAG_CONFIRMATION_REQUEST) {
            if ($flagInstallToolPassword && $this->‪verifyInstallToolPassword($request)) {
                return $this->‪setAuthorizedAndRedirect($targetController, $request);
            }
            if (!$flagInstallToolPassword && $this->‪verifyBackendUserPassword($request)) {
                return $this->‪setAuthorizedAndRedirect($targetController, $request);
            }
            $flagInvalidPassword = true;
        }
 
        $view = $this->moduleTemplateFactory->create($request);
        $view->assignMultiple([
            'flagInvalidPassword' => $flagInvalidPassword,
            'flagInstallToolPassword' => $flagInstallToolPassword,
            'passwordModeUri' => $this->‪getBackendUserConfirmationUri([
                'targetController' => $targetController,
                'targetHash' => $targetHash,
                // current flags, unset FLAG_CONFIRMATION_REQUEST, toggle FLAG_INSTALL_TOOL_PASSWORD
                'flags' => $flags & ~self::FLAG_CONFIRMATION_REQUEST ^ self::FLAG_INSTALL_TOOL_PASSWORD,
            ]),
            'verifyUri' => $this->‪getBackendUserConfirmationUri([
                'targetController' => $targetController,
                'targetHash' => $targetHash,
                // current flags, add FLAG_CONFIRMATION_REQUEST
                'flags' => $flags | self::FLAG_CONFIRMATION_REQUEST,
            ]),
        ]);
 
        $view->setModuleName('tools_tools' . $targetController);
        return $view->renderResponse('BackendModule/BackendUserConfirmation');
    }
 
    public function ‪maintenanceAction(ServerRequestInterface $request): ResponseInterface
    {
        return $this->‪getBackendUserConfirmationRedirect('maintenance', $request)
            ?? $this->‪setAuthorizedAndRedirect('maintenance', $request);
    }
 
    public function ‪settingsAction(ServerRequestInterface $request): ResponseInterface
    {
        return $this->‪getBackendUserConfirmationRedirect('settings', $request)
            ?? $this->‪setAuthorizedAndRedirect('settings', $request);
    }
 
    public function ‪upgradeAction(ServerRequestInterface $request): ResponseInterface
    {
        return $this->‪getBackendUserConfirmationRedirect('upgrade', $request)
            ?? $this->‪setAuthorizedAndRedirect('upgrade', $request);
    }
 
    public function ‪environmentAction(ServerRequestInterface $request): ResponseInterface
    {
        return $this->‪getBackendUserConfirmationRedirect('environment', $request)
            ?? $this->‪setAuthorizedAndRedirect('environment', $request);
    }
 
    protected function ‪getBackendUserConfirmationRedirect(string $targetController, ServerRequestInterface $request): ?ResponseInterface
    {
        if ($this->‪getSessionService()->isAuthorizedBackendUserSession($request)) {
            return null;
        }
        if (‪Environment::getContext()->isDevelopment()) {
            return null;
        }
        $redirectUri = $this->‪getBackendUserConfirmationUri([
            'targetController' => $targetController,
            'targetHash' => ‪GeneralUtility::hmac($targetController, BackendModuleController::class),
        ]);
        return new ‪RedirectResponse((string)$redirectUri, 403);
    }
 
    protected function ‪getBackendUserConfirmationUri(array $parameters): UriInterface
    {
        return $this->uriBuilder->buildUriFromRoute(
            'install.backend-user-confirmation',
            $parameters
        );
    }
 
    protected function ‪setAuthorizedAndRedirect(string $controller, ServerRequestInterface $request): ResponseInterface
    {
        $userSession = $this->‪getBackendUser()->getSession();
        $this->‪getSessionService()->setAuthorizedBackendSession($userSession);
        $entryPointResolver = GeneralUtility::makeInstance(BackendEntryPointResolver::class);
        $redirectLocation = $entryPointResolver->getUriFromRequest($request, 'install.php')->withQuery('?install[controller]=' . $controller . '&install[context]=backend');
        return new ‪RedirectResponse($redirectLocation, 303);
    }
 
    protected function ‪verifyInstallToolPassword(ServerRequestInterface $request): bool
    {
        $parsedBody = $request->getParsedBody();
        $password = $parsedBody['confirmationPassword'] ?? null;
        $installToolPassword = ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] ?? null;
        if (!is_string($password) || empty($installToolPassword)) {
            return false;
        }
 
        try {
            $hashFactory = GeneralUtility::makeInstance(PasswordHashFactory::class);
            $hashInstance = $hashFactory->get($installToolPassword, 'BE');
            return $hashInstance->checkPassword($password, $installToolPassword);
        } catch (‪InvalidPasswordHashException $exception) {
            return false;
        }
    }
 
    protected function ‪verifyBackendUserPassword(ServerRequestInterface $request): bool
    {
        $parsedBody = $request->getParsedBody();
        $password = $parsedBody['confirmationPassword'] ?? null;
        if (!is_string($password)) {
            return false;
        }
 
        // clone current backend user object to avoid
        // possible side effects for the real instance
        $backendUser = clone $this->‪getBackendUser();
        $loginData = [
            'status' => 'sudo-mode',
            'origin' => BackendModuleController::class,
            'uname'  => $backendUser->user['username'],
            'uident' => $password,
        ];
        // currently there is no dedicated API to perform authentication
        // that's why this process partially has to be simulated here
        ‪$loginData = $backendUser->‪processLoginData(‪$loginData, $request);
        $authInfo = $backendUser->‪getAuthInfoArray($request);
 
        $authenticated = false;
        foreach ($this->getAuthServices($backendUser, ‪$loginData, $authInfo) as ‪$service) {
            $ret = (int)‪$service->authUser($backendUser->user);
            if ($ret <= 0) {
                return false;
            }
            if ($ret >= 200) {
                return true;
            }
            if ($ret < 100) {
                $authenticated = true;
                continue;
            }
        }
        return $authenticated;
    }
 
    protected function getAuthServices(‪BackendUserAuthentication $backendUser, array ‪$loginData, array $authInfo): \Generator
    {
        $serviceChain = [];
        $subType = 'authUserBE';
        while (‪$service = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain)) {
            $serviceChain[] = ‪$service->getServiceKey();
            if (!is_object(‪$service)) {
                break;
            }
            ‪$service->initAuth($subType, ‪$loginData, $authInfo, $backendUser);
            yield ‪$service;
        }
    }
 
    protected function ‪getBackendUser(): ‪BackendUserAuthentication
    {
        return ‪$GLOBALS['BE_USER'];
    }
 
    protected function ‪getSessionService(): SessionService
    {
        if ($this->sessionService === null) {
            $this->sessionService = new SessionService();
            $this->sessionService->startSession();
        }
        return ‪$this->sessionService;
    }
}