‪TYPO3CMS  ‪main
IpLocker.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Authentication;
19 
20 use ‪TYPO3\CMS\Core\Utility\MathUtility;
21 
25 class ‪IpLocker
26 {
27  public const ‪DISABLED_LOCK_VALUE = '[DISABLED]';
28 
35  protected ‪$lockIPv4PartCount = 4;
36 
42  protected ‪$lockIPv6PartCount = 8;
43 
44  public function ‪__construct(int ‪$lockIPv4PartCount, int ‪$lockIPv6PartCount)
45  {
46  $this->lockIPv4PartCount = ‪$lockIPv4PartCount;
47  $this->lockIPv6PartCount = ‪$lockIPv6PartCount;
48  }
49 
50  public function ‪getSessionIpLock(string $ipAddress): string
51  {
52  if ($this->lockIPv4PartCount === 0 && $this->lockIPv6PartCount === 0) {
53  return static::DISABLED_LOCK_VALUE;
54  }
55 
56  if ($this->‪isIpv6Address($ipAddress)) {
57  return $this->‪getIpLockPartForIpv6Address($ipAddress);
58  }
59  return $this->‪getIpLockPartForIpv4Address($ipAddress);
60  }
61 
62  public function ‪validateRemoteAddressAgainstSessionIpLock(string $ipAddress, string $sessionIpLock): bool
63  {
64  if ($sessionIpLock === static::DISABLED_LOCK_VALUE) {
65  return true;
66  }
67 
68  $ipToCompare = $this->‪isIpv6Address($ipAddress)
69  ? $this->‪getIpLockPartForIpv6Address($ipAddress)
70  : $this->‪getIpLockPartForIpv4Address($ipAddress);
71  return $ipToCompare === $sessionIpLock;
72  }
73 
74  protected function ‪getIpLockPart(string $ipAddress, int $numberOfParts, int $maxParts, string $delimiter): string
75  {
76  if ($numberOfParts >= $maxParts) {
77  return $ipAddress;
78  }
79 
80  $numberOfParts = ‪MathUtility::forceIntegerInRange($numberOfParts, 1, $maxParts);
81  $ipParts = explode($delimiter, $ipAddress);
82 
83  for ($a = $maxParts; $a > $numberOfParts; $a--) {
84  $ipPartValue = $delimiter === '.' ? '0' : str_pad('', strlen($ipParts[$a - 1]), '0');
85  $ipParts[$a - 1] = $ipPartValue;
86  }
87 
88  return implode($delimiter, $ipParts);
89  }
90 
91  protected function ‪getIpLockPartForIpv4Address(string $ipAddress): string
92  {
93  if ($this->lockIPv4PartCount === 0) {
94  return static::DISABLED_LOCK_VALUE;
95  }
96 
97  return $this->‪getIpLockPart($ipAddress, $this->lockIPv4PartCount, 4, '.');
98  }
99 
100  protected function ‪getIpLockPartForIpv6Address(string $ipAddress): string
101  {
102  if ($this->lockIPv6PartCount === 0) {
103  return static::DISABLED_LOCK_VALUE;
104  }
105 
106  // inet_pton also takes care of IPv4-mapped addresses (see https://en.wikipedia.org/wiki/IPv6_address#Representation)
107  $unpacked = unpack('H*hex', (string)inet_pton($ipAddress)) ?: [];
108  $expandedAddress = rtrim(chunk_split($unpacked['hex'] ?? '', 4, ':'), ':');
109  return $this->‪getIpLockPart($expandedAddress, $this->lockIPv6PartCount, 8, ':');
110  }
111 
112  protected function ‪isIpv6Address(string $ipAddress): bool
113  {
114  return str_contains($ipAddress, ':');
115  }
116 }
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPart
‪getIpLockPart(string $ipAddress, int $numberOfParts, int $maxParts, string $delimiter)
Definition: IpLocker.php:72
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\IpLocker\__construct
‪__construct(int $lockIPv4PartCount, int $lockIPv6PartCount)
Definition: IpLocker.php:42
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPartForIpv4Address
‪getIpLockPartForIpv4Address(string $ipAddress)
Definition: IpLocker.php:89
‪TYPO3\CMS\Core\Authentication\IpLocker\validateRemoteAddressAgainstSessionIpLock
‪validateRemoteAddressAgainstSessionIpLock(string $ipAddress, string $sessionIpLock)
Definition: IpLocker.php:60
‪TYPO3\CMS\Core\Authentication\IpLocker\getSessionIpLock
‪getSessionIpLock(string $ipAddress)
Definition: IpLocker.php:48
‪TYPO3\CMS\Core\Utility\MathUtility
Definition: MathUtility.php:24
‪TYPO3\CMS\Core\Authentication\IpLocker\$lockIPv4PartCount
‪int $lockIPv4PartCount
Definition: IpLocker.php:34
‪TYPO3\CMS\Core\Authentication\IpLocker\isIpv6Address
‪isIpv6Address(string $ipAddress)
Definition: IpLocker.php:110
‪TYPO3\CMS\Core\Authentication\IpLocker
Definition: IpLocker.php:26
‪TYPO3\CMS\Core\Authentication\IpLocker\DISABLED_LOCK_VALUE
‪const DISABLED_LOCK_VALUE
Definition: IpLocker.php:27
‪TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange
‪static int forceIntegerInRange(mixed $theInt, int $min, int $max=2000000000, int $defaultValue=0)
Definition: MathUtility.php:34
‪TYPO3\CMS\Core\Authentication\IpLocker\$lockIPv6PartCount
‪int $lockIPv6PartCount
Definition: IpLocker.php:40
‪TYPO3\CMS\Core\Authentication\IpLocker\getIpLockPartForIpv6Address
‪getIpLockPartForIpv6Address(string $ipAddress)
Definition: IpLocker.php:98