‪TYPO3CMS  ‪main
Public Member Functions | Public Attributes | Protected Member Functions | List of all members
TYPO3\CMS\Core\Authentication\AuthenticationService Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\AuthenticationService:
TYPO3\CMS\Core\Authentication\AbstractAuthenticationService TYPO3\CMS\Core\Authentication\MimicServiceInterface

Public Member Functions

bool processLoginData (array &$loginData, $passwordTransmissionStrategy)
 
array< string, getUser() { if(LoginType::tryFrom( $this->login[ 'status'] ?? '') !==LoginType::LOGIN) { return false;} if((string) $this->login[ 'uident_text']==='') { $this-> writelog (SystemLogType::LOGIN, SystemLogLoginAction::ATTEMPT, SystemLogErrorClassification::SECURITY_NOTICE, 2, 'Login-attempt from ###IP### for username \'%s\' with an empty password!', [ $this->login['uname'],])
 
int authUser (array $user)
 
 mimicAuthUser ()
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService
 initAuth ($mode, $loginData, $authInfo, $pObj)
 
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='')
 
 init ()
 
 reset ()
 
string getServiceKey ()
 
string getServiceTitle ()
 
mixed getServiceOption ($optionName, $defaultValue='', $includeDefaultConfig=true)
 
 getLastErrorArray ()
 

Public Attributes

return false
 
 $user = $this->fetchUserRecord($this->login['uname'])
 
if(!is_array($user)) else
 
return $user
 
- ‪Public Attributes inherited from ‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService
AbstractUserAuthentication $pObj
 
string $mode
 
array $login = array( )
 
array $authInfo = array( )
 
array $db_user = array( )
 
bool $writeAttemptLog = false
 
array $info = array( )
 
array< string, function fetchUserRecord( $username, $extraWhere='', $dbUserSetup='') { $dbUser=is_array( $dbUserSetup) ? $dbUserSetup :$this-> db_user
 
 $user = false
 
if($username|| $extraWhere) return $user
 

Protected Member Functions

 updatePasswordHashInDatabase (string $table, int $uid, string $newPassword)
 
 writeLogMessage (string $message,... $params)
 

Detailed Description

Authentication services class

Definition at line 31 of file AuthenticationService.php.

Member Function Documentation

◆ authUser()

int TYPO3\CMS\Core\Authentication\AuthenticationService::authUser ( array  $user)

Authenticate a user: Check submitted user credentials against stored hashed password.

Returns one of the following status codes: >= 200: User authenticated successfully. No more checking is needed by other auth services. >= 100: User not authenticated; this service is not responsible. Other auth services will be asked.

0: User authenticated successfully. Other auth services will still be asked.

<= 0: Authentication failed, no more checking needed by other auth services.

Parameters
array<string,mixed>‪$user User data
Returns
‪int Authentication status code, one of 0, 100, 200

Definition at line 103 of file AuthenticationService.php.

References TYPO3\CMS\Core\Authentication\AuthenticationService\$user, TYPO3\CMS\Core\Authentication\AbstractAuthenticationService\db_user, TYPO3\CMS\Core\Authentication\AuthenticationService\updatePasswordHashInDatabase(), TYPO3\CMS\Core\Authentication\AuthenticationService\writelog(), and TYPO3\CMS\Core\Authentication\AuthenticationService\writeLogMessage().

◆ mimicAuthUser()

TYPO3\CMS\Core\Authentication\AuthenticationService::mimicAuthUser ( )

Mimics password hashing for invalid authentication requests to mitigate CWE-208: Observable Timing Discrepancy

Implements TYPO3\CMS\Core\Authentication\MimicServiceInterface.

Definition at line 181 of file AuthenticationService.php.

◆ processLoginData()

bool TYPO3\CMS\Core\Authentication\AuthenticationService::processLoginData ( array &  $loginData,
  $passwordTransmissionStrategy 
)

Process the submitted credentials. In this case hash the clear text password if it has been submitted.

Parameters
array$loginData‪Credentials that are submitted and potentially modified by other services
string$passwordTransmissionStrategy‪Keyword of how the password has been hashed or encrypted before submission
Returns
‪bool

Definition at line 41 of file AuthenticationService.php.

References TYPO3\CMS\Webhooks\Message\$loginData.

◆ updatePasswordHashInDatabase()

TYPO3\CMS\Core\Authentication\AuthenticationService::updatePasswordHashInDatabase ( string  $table,
int  $uid,
string  $newPassword 
)
protected

Method updates a FE/BE user record - in this case a new password string will be set.

Parameters
string$tableDatabase table of this user, usually 'be_users' or 'fe_users'
int$uid‪uid of user record that will be updated
string$newPassword‪Field values as key=>value pairs to be updated in database

Definition at line 200 of file AuthenticationService.php.

References TYPO3\CMS\Webhooks\Message\$uid.

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

◆ writelog()

array<string, getUser() { if (LoginType::tryFrom($this->login['status'] ?? '') !== LoginType::LOGIN) { return false; } if ((string)$this->login['uident_text'] === '') { $this-> TYPO3\CMS\Core\Authentication\AuthenticationService::writelog ( SystemLogType::LOGIN  ,
SystemLogLoginAction::ATTEMPT  ,
SystemLogErrorClassification::SECURITY_NOTICE  ,
,
'Login-attempt from ###IP### for username \'%s\' with an empty password!'  ,
 
)

Find a user (eg. look up the user record in database when a login is sent)

Returns
‪array<string, mixed>|false User array or FALSE

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

◆ writeLogMessage()

TYPO3\CMS\Core\Authentication\AuthenticationService::writeLogMessage ( string  $message,
  $params 
)
protected

Writes log message. Destination log depends on the current system mode.

This function accepts variable number of arguments and can format parameters. The syntax is the same as for sprintf() If a marker ###IP### is present in the message, it is automatically replaced with the REMOTE_ADDR

Parameters
string$message‪Message to output
array<int,mixed>‪$params

Definition at line 224 of file AuthenticationService.php.

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

Member Data Documentation

◆ $user [1/2]

TYPO3\CMS\Core\Authentication\AuthenticationService::$user = $this->fetchUserRecord($this->login['uname'])

Definition at line 74 of file AuthenticationService.php.

Referenced by TYPO3\CMS\Core\Authentication\AuthenticationService\authUser().

◆ $user [2/2]

return TYPO3\CMS\Core\Authentication\AuthenticationService::$user

Definition at line 88 of file AuthenticationService.php.

◆ else

if (!is_array( $user)) TYPO3\CMS\Core\Authentication\AuthenticationService::else
Initial value:
{
$this->logger->debug('User found', [
$this->‪db_user['userid_column'] => ‪$user[$this->‪db_user['userid_column']],
$this->db_user['username_column'] => ‪$user[$this->db_user['username_column']],
])

Definition at line 82 of file AuthenticationService.php.

◆ false

return TYPO3\CMS\Core\Authentication\AuthenticationService::false

Definition at line 71 of file AuthenticationService.php.

‪TYPO3\CMS\Core\Authentication\AbstractAuthenticationService\db_user
‪array< string, function fetchUserRecord( $username, $extraWhere='', $dbUserSetup='') { $dbUser=is_array( $dbUserSetup) ? $dbUserSetup :$this-> db_user
Definition: AbstractAuthenticationService.php:121
‪TYPO3\CMS\Core\Authentication\AuthenticationService\$user
‪$user
Definition: AuthenticationService.php:74