‪TYPO3CMS  ‪main
FrontendUserAuthenticator.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use Psr\EventDispatcher\EventDispatcherInterface;
21 use Psr\Http\Message\ResponseInterface;
22 use Psr\Http\Message\ServerRequestInterface;
23 use Psr\Http\Server\MiddlewareInterface;
24 use Psr\Http\Server\RequestHandlerInterface;
25 use Psr\Log\LoggerAwareInterface;
26 use Psr\Log\LoggerAwareTrait;
27 use Symfony\Component\RateLimiter\LimiterInterface;
36 
40 class ‪FrontendUserAuthenticator implements MiddlewareInterface, LoggerAwareInterface
41 {
42  use LoggerAwareTrait;
43 
44  public function ‪__construct(
45  protected readonly ‪Context $context,
46  protected readonly ‪RateLimiterFactory $rateLimiterFactory,
47  protected readonly EventDispatcherInterface $eventDispatcher
48  ) {}
49 
54  public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
55  {
56  $frontendUser = GeneralUtility::makeInstance(FrontendUserAuthentication::class);
57 
58  // Rate Limiting
59  $rateLimiter = $this->‪ensureLoginRateLimit($frontendUser, $request);
60 
61  // Authenticate now
62  $frontendUser->start($request);
63  // no matter if we have an active user we try to fetch matching groups which can
64  // be set without an user (simulation for instance!)
65  $frontendUser->fetchGroupData($request);
66 
67  // Register the frontend user as aspect and within the request
68  $this->context->setAspect('frontend.user', $frontendUser->createUserAspect());
69  $request = $request->withAttribute('frontend.user', $frontendUser);
70 
71  if ($this->context->getAspect('frontend.user')->isLoggedIn() && $rateLimiter) {
72  $rateLimiter->reset();
73  $this->eventDispatcher->dispatch(new ‪AfterUserLoggedInEvent($frontendUser, $request));
74  }
75 
76  $response = $handler->handle($request);
77 
78  // Store session data for fe_users if it still exists
79  if ($frontendUser instanceof ‪FrontendUserAuthentication) {
80  $frontendUser->storeSessionData();
81  $response = $frontendUser->appendCookieToResponse($response, $request->getAttribute('normalizedParams'));
82  // Collect garbage in Frontend requests, which aren't fully cacheable (e.g. with cookies)
83  if ($response->hasHeader('Set-Cookie')) {
85  }
86  }
87 
88  return $response;
89  }
90 
94  protected function ‪sessionGarbageCollection(): void
95  {
96  ‪UserSessionManager::create('FE')->collectGarbage();
97  }
98 
99  protected function ‪ensureLoginRateLimit(‪FrontendUserAuthentication $user, ServerRequestInterface $request): ?LimiterInterface
100  {
101  if (!$user->‪isActiveLogin($request)) {
102  return null;
103  }
104  $loginRateLimiter = $this->rateLimiterFactory->createLoginRateLimiter($user, $request);
105  $limit = $loginRateLimiter->consume();
106  if (!$limit->isAccepted()) {
107  $this->logger->debug('Login request has been rate limited for IP address {ipAddress}', ['ipAddress' => $request->getAttribute('normalizedParams')->getRemoteAddress()]);
108  $dateformat = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'] . ' ' . ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['hhmm'];
109  $lockedUntil = $limit->getRetryAfter()->getTimestamp() > 0 ?
110  ' until ' . date($dateformat, $limit->getRetryAfter()->getTimestamp()) : '';
113  'The login is locked' . $lockedUntil . ' due to too many failed login attempts from your IP address.',
114  'Login Request Rate Limited',
115  1616175847
116  );
117  }
118  return $loginRateLimiter;
119  }
120 }
‪TYPO3\CMS\Core\RateLimiter\RequestRateLimitedException
Definition: RequestRateLimitedException.php:25
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:54
‪TYPO3\CMS\Frontend\Middleware\FrontendUserAuthenticator\ensureLoginRateLimit
‪ensureLoginRateLimit(FrontendUserAuthentication $user, ServerRequestInterface $request)
Definition: FrontendUserAuthenticator.php:99
‪TYPO3\CMS\Frontend\Middleware
Definition: BackendUserAuthenticator.php:18
‪TYPO3\CMS\Frontend\Middleware\FrontendUserAuthenticator\__construct
‪__construct(protected readonly Context $context, protected readonly RateLimiterFactory $rateLimiterFactory, protected readonly EventDispatcherInterface $eventDispatcher)
Definition: FrontendUserAuthenticator.php:44
‪TYPO3\CMS\Core\Session\UserSessionManager\create
‪static static create(string $loginType, ?int $sessionLifetime=null, ?SessionManager $sessionManager=null, ?IpLocker $ipLocker=null)
Definition: UserSessionManager.php:345
‪TYPO3\CMS\Frontend\Middleware\FrontendUserAuthenticator\process
‪process(ServerRequestInterface $request, RequestHandlerInterface $handler)
Definition: FrontendUserAuthenticator.php:54
‪TYPO3\CMS\Core\Utility\HttpUtility\HTTP_STATUS_403
‪const HTTP_STATUS_403
Definition: HttpUtility.php:56
‪TYPO3\CMS\Core\RateLimiter\RateLimiterFactory
Definition: RateLimiterFactory.php:35
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isActiveLogin
‪isActiveLogin(ServerRequestInterface $request)
Definition: AbstractUserAuthentication.php:1063
‪TYPO3\CMS\Core\Utility\HttpUtility
Definition: HttpUtility.php:24
‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication
Definition: FrontendUserAuthentication.php:33
‪TYPO3\CMS\Frontend\Middleware\FrontendUserAuthenticator
Definition: FrontendUserAuthenticator.php:41
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Authentication\Event\AfterUserLoggedInEvent
Definition: AfterUserLoggedInEvent.php:27
‪TYPO3\CMS\Frontend\Middleware\FrontendUserAuthenticator\sessionGarbageCollection
‪sessionGarbageCollection()
Definition: FrontendUserAuthenticator.php:94
‪TYPO3\CMS\Core\Session\UserSessionManager
Definition: UserSessionManager.php:46