‪TYPO3CMS  ‪main
CommandLineUserAuthentication.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\Authentication;
17 
18 use Psr\Http\Message\ServerRequestInterface;
19 use ‪TYPO3\CMS\Core\Core\Environment;
20 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
21 use ‪TYPO3\CMS\Core\Crypto\Random;
22 use ‪TYPO3\CMS\Core\Database\ConnectionPool;
23 use ‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 
30 class ‪CommandLineUserAuthentication extends ‪BackendUserAuthentication
31 {
36  protected ‪$username = '_cli_';
37 
43  public function ‪__construct()
44  {
45  if (!‪Environment::isCli()) {
46  throw new \RuntimeException('Creating a CLI-based user object on non-CLI level is not allowed', 1483971165);
47  }
48  if (!$this->‪isUserAllowedToLogin()) {
49  throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
50  }
51  $this->dontSetCookie = true;
52  parent::__construct();
53  }
54 
63  public function ‪start(ServerRequestInterface $request = null)
64  {
65  // do nothing
66  }
67 
73  public function ‪checkAuthentication(ServerRequestInterface $request)
74  {
75  // do nothing
76  }
77 
81  public function ‪getOriginalUserIdWhenInSwitchUserMode(): ?int
82  {
83  return null;
84  }
85 
91  public function ‪authenticate()
92  {
93  // check if a _CLI_ user exists, if not, create one
94  $this->‪setBeUserByName($this->username);
95  if (empty($this->user['uid'])) {
96  // create a new BE user in the database
97  if (!$this->‪checkIfCliUserExists()) {
98  $this->‪createCliUser();
99  } else {
100  throw new \RuntimeException('No backend user named "_cli_" could be authenticated, maybe this user is "hidden"?', 1484050401);
101  }
102  $this->‪setBeUserByName($this->username);
103  }
104  if (empty($this->user['uid'])) {
105  throw new \RuntimeException('No backend user named "_cli_" could be created.', 1476107195);
106  }
107  $this->‪unpack_uc();
108  // The groups are fetched and ready for permission checking in this initialization.
109  $this->‪fetchGroupData();
110  $this->‪backendSetUC();
111  }
112 
116  public function ‪backendCheckLogin(ServerRequestInterface $request = null)
117  {
118  $this->‪authenticate();
119  }
120 
128  public function ‪isUserAllowedToLogin()
129  {
130  return in_array((int)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
131  }
132 
139  protected function ‪checkIfCliUserExists()
140  {
141  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
142  $queryBuilder->getRestrictions()
143  ->removeAll()
144  ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
145  $count = $queryBuilder
146  ->count('*')
147  ->from('be_users')
148  ->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_cli_')))
149  ->executeQuery()
150  ->fetchOne();
151  return (bool)$count;
152  }
153 
157  protected function ‪createCliUser()
158  {
159  $userFields = [
160  'username' => ‪$this->username,
161  'password' => $this->‪generateHashedPassword(),
162  'admin' => 1,
163  'tstamp' => ‪$GLOBALS['EXEC_TIME'] ?? time(),
164  'crdate' => ‪$GLOBALS['EXEC_TIME'] ?? time(),
165  ];
166 
167  $databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
168  ->getConnectionForTable('be_users');
169  $databaseConnection->insert('be_users', $userFields);
170  }
171 
177  protected function ‪generateHashedPassword()
178  {
179  $cryptoService = GeneralUtility::makeInstance(Random::class);
180  $password = $cryptoService->generateRandomBytes(20);
181  $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
182  return $hashInstance->getHashedPassword($password);
183  }
184 }
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory
Definition: PasswordHashFactory.php:27
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\generateHashedPassword
‪string generateHashedPassword()
Definition: CommandLineUserAuthentication.php:176
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\getOriginalUserIdWhenInSwitchUserMode
‪getOriginalUserIdWhenInSwitchUserMode()
Definition: CommandLineUserAuthentication.php:80
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate
‪authenticate()
Definition: CommandLineUserAuthentication.php:90
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData
‪fetchGroupData()
Definition: BackendUserAuthentication.php:956
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\createCliUser
‪createCliUser()
Definition: CommandLineUserAuthentication.php:156
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\checkAuthentication
‪checkAuthentication(ServerRequestInterface $request)
Definition: CommandLineUserAuthentication.php:72
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\isUserAllowedToLogin
‪bool isUserAllowedToLogin()
Definition: CommandLineUserAuthentication.php:127
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\start
‪start(ServerRequestInterface $request=null)
Definition: CommandLineUserAuthentication.php:62
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\unpack_uc
‪unpack_uc()
Definition: AbstractUserAuthentication.php:943
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC
‪backendSetUC()
Definition: BackendUserAuthentication.php:1875
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\backendCheckLogin
‪backendCheckLogin(ServerRequestInterface $request=null)
Definition: CommandLineUserAuthentication.php:115
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\Core\Environment\isCli
‪static isCli()
Definition: Environment.php:145
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
Definition: DeletedRestriction.php:28
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\__construct
‪__construct()
Definition: CommandLineUserAuthentication.php:42
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:41
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\checkIfCliUserExists
‪bool checkIfCliUserExists()
Definition: CommandLineUserAuthentication.php:138
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:27
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:46
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName
‪setBeUserByName($name)
Definition: AbstractUserAuthentication.php:1195
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\$username
‪string $username
Definition: CommandLineUserAuthentication.php:35
‪TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication
Definition: CommandLineUserAuthentication.php:31