‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Authentication\AuthenticationService Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\AuthenticationService:
TYPO3\CMS\Core\Authentication\AbstractAuthenticationService TYPO3\CMS\Core\Authentication\MimicServiceInterface

Public Member Functions

bool processLoginData (array &$loginData, $passwordTransmissionStrategy)
array< string, getUser() { if(LoginType::tryFrom( $this->login[ 'status'] ?? '') !==LoginType::LOGIN) { return false;} if((string) $this->login[ 'uident_text']==='') { $this-> writelog (SystemLogType::LOGIN, SystemLogLoginAction::ATTEMPT, SystemLogErrorClassification::SECURITY_NOTICE, 2, 'Login-attempt from ###IP### for username \'%s\' with an empty password!', [ $this->login['uname'],])
int authUser (array $user)
 mimicAuthUser ()
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService
 initAuth ($mode, $loginData, $authInfo, $pObj)
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='')
 init ()
 reset ()
string getServiceKey ()
string getServiceTitle ()
mixed getServiceOption ($optionName, $defaultValue='', $includeDefaultConfig=true)
 getLastErrorArray ()

Public Attributes

return false
 $user = $this->fetchUserRecord($this->login['uname'])
if(!is_array($user)) else
return $user
- ‪Public Attributes inherited from ‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService
AbstractUserAuthentication $pObj
string $mode
array $login = array( )
array $authInfo = array( )
array $db_user = array( )
bool $writeAttemptLog = false
array $info = array( )
array< string, function fetchUserRecord( $username, $extraWhere='', $dbUserSetup='') { $dbUser=is_array( $dbUserSetup) ? $dbUserSetup :$this-> db_user
 $user = false
if($username|| $extraWhere) return $user

Protected Member Functions

 updatePasswordHashInDatabase (string $table, int $uid, string $newPassword)
 writeLogMessage (string $message,... $params)

Detailed Description

Authentication services class

Definition at line 31 of file AuthenticationService.php.

Member Function Documentation

◆ authUser()

int TYPO3\CMS\Core\Authentication\AuthenticationService::authUser ( array  $user)

Authenticate a user: Check submitted user credentials against stored hashed password.

Returns one of the following status codes: >= 200: User authenticated successfully. No more checking is needed by other auth services. >= 100: User not authenticated; this service is not responsible. Other auth services will be asked.

0: User authenticated successfully. Other auth services will still be asked.

<= 0: Authentication failed, no more checking needed by other auth services.

array<string,mixed>‪$user User data
‪int Authentication status code, one of 0, 100, 200

Definition at line 103 of file AuthenticationService.php.

References TYPO3\CMS\Core\Authentication\AuthenticationService\$user, TYPO3\CMS\Core\Authentication\AbstractAuthenticationService\db_user, TYPO3\CMS\Core\Authentication\AuthenticationService\updatePasswordHashInDatabase(), TYPO3\CMS\Core\Authentication\AuthenticationService\writelog(), and TYPO3\CMS\Core\Authentication\AuthenticationService\writeLogMessage().

◆ mimicAuthUser()

TYPO3\CMS\Core\Authentication\AuthenticationService::mimicAuthUser ( )

Mimics password hashing for invalid authentication requests to mitigate CWE-208: Observable Timing Discrepancy

Implements TYPO3\CMS\Core\Authentication\MimicServiceInterface.

Definition at line 181 of file AuthenticationService.php.

◆ processLoginData()

bool TYPO3\CMS\Core\Authentication\AuthenticationService::processLoginData ( array &  $loginData,

Process the submitted credentials. In this case hash the clear text password if it has been submitted.

array$loginData‪Credentials that are submitted and potentially modified by other services
string$passwordTransmissionStrategy‪Keyword of how the password has been hashed or encrypted before submission

Definition at line 41 of file AuthenticationService.php.

References TYPO3\CMS\Webhooks\Message\$loginData.

◆ updatePasswordHashInDatabase()

TYPO3\CMS\Core\Authentication\AuthenticationService::updatePasswordHashInDatabase ( string  $table,
int  $uid,
string  $newPassword 

Method updates a FE/BE user record - in this case a new password string will be set.

string$tableDatabase table of this user, usually 'be_users' or 'fe_users'
int$uid‪uid of user record that will be updated
string$newPassword‪Field values as key=>value pairs to be updated in database

Definition at line 200 of file AuthenticationService.php.

References TYPO3\CMS\Webhooks\Message\$uid.

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

◆ writelog()

array<string, getUser() { if (LoginType::tryFrom($this->login['status'] ?? '') !== LoginType::LOGIN) { return false; } if ((string)$this->login['uident_text'] === '') { $this-> TYPO3\CMS\Core\Authentication\AuthenticationService::writelog ( SystemLogType::LOGIN  ,
SystemLogLoginAction::ATTEMPT  ,
SystemLogErrorClassification::SECURITY_NOTICE  ,
'Login-attempt from ###IP### for username \'%s\' with an empty password!'  ,

Find a user (eg. look up the user record in database when a login is sent)

‪array<string, mixed>|false User array or FALSE

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

◆ writeLogMessage()

TYPO3\CMS\Core\Authentication\AuthenticationService::writeLogMessage ( string  $message,

Writes log message. Destination log depends on the current system mode.

This function accepts variable number of arguments and can format parameters. The syntax is the same as for sprintf() If a marker ###IP### is present in the message, it is automatically replaced with the REMOTE_ADDR

string$message‪Message to output

Definition at line 224 of file AuthenticationService.php.

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

Member Data Documentation

◆ $user [1/2]

TYPO3\CMS\Core\Authentication\AuthenticationService::$user = $this->fetchUserRecord($this->login['uname'])

◆ $user [2/2]

return TYPO3\CMS\Core\Authentication\AuthenticationService::$user

Definition at line 88 of file AuthenticationService.php.

◆ else

if (!is_array( $user)) TYPO3\CMS\Core\Authentication\AuthenticationService::else
Initial value:
$this->logger->debug('User found', [
$this->‪db_user['userid_column'] => ‪$user[$this->‪db_user['userid_column']],
$this->db_user['username_column'] => ‪$user[$this->db_user['username_column']],

Definition at line 82 of file AuthenticationService.php.

◆ false

return TYPO3\CMS\Core\Authentication\AuthenticationService::false

Definition at line 71 of file AuthenticationService.php.

‪array< string, function fetchUserRecord( $username, $extraWhere='', $dbUserSetup='') { $dbUser=is_array( $dbUserSetup) ? $dbUserSetup :$this-> db_user
Definition: AbstractAuthenticationService.php:121
Definition: AuthenticationService.php:74