Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use \TYPO3\CMS\Core\Utility\GeneralUtility;
- /**
- * A service that verifies credentials for a frontend user.
- *
- * @author Jost Baron <jost.baron at gmx.de>
- */
- class FrontendUserAuthenticationService implements \TYPO3\CMS\Core\SingletonInterface {
- /**
- * Checks if the given credentials correct for the user with the given name.
- * Only searches users on the given storage pages.
- * @param string $username
- * @param string $password
- * @param string $storageIds Comma separated list of storage ids too look
- * on for user data.
- * @returns boolean true if the credentials are correct, false otherwise.
- */
- public function isValidLogin($username, $password, $storageIds) {
- $loginData = array(
- 'status' => 'login',
- 'uname' => $username,
- 'uident' => $password,
- 'uident_text' => $password,
- );
- $findUserServiceObjects = $this->getAuthenticationServices('getUserFE', $loginData, $storageIds);
- $user = $this->getFirstUser($findUserServiceObjects);
- if (FALSE === $user) {
- return FALSE;
- }
- $authUserServiceObjects = $this->getAuthenticationServices('authUserFE', $loginData, $storageIds);
- return $this->checkUserAuthentication($user, $authUserServiceObjects);
- }
- /**
- * Returns the authentication service chain to use (configured using TYPO3).
- * @param string $subType The subtype of authentication services, either
- * getUserFE, getUserBE, authUserFE or authUserBE
- * @param array $loginData
- * @return array
- */
- protected function getAuthenticationServices($subType, $loginData, $storageIds) {
- $serviceChain = '';
- $serviceObjects = array();
- $authInfo = $this->getAuthInfoArray($storageIds);
- while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
- $serviceChain .= ',' . $serviceObj->getServiceKey();
- $serviceObj->initAuth($subType, $loginData, $authInfo, $this->getParentObject());
- array_push($serviceObjects, $serviceObj);
- }
- return $serviceObjects;
- }
- /**
- * Returns the first user that matches the login data given to the services.
- * @param array $serviceObjects The authentication service chain.
- * @return array|boolean The database row of the user, or FALSE if none is
- * found.
- */
- protected function getFirstUser($serviceObjects) {
- $user = FALSE;
- foreach ($serviceObjects as $serviceObject) {
- $user = $serviceObject->getUser();
- if (FALSE !== $user) {
- break;
- }
- }
- return $user;
- }
- /**
- * Checks if the user is correctly authenticated with the given data.
- * @param array $user The user to authenticate, as fetched by the
- * fetchUserFE subtype of the services.
- * @param array $serviceObjects The authentication service chain.
- * @return boolean TRUE, if the credentials are correct, FALSE otherwise.
- */
- protected function checkUserAuthentication($user, $serviceObjects) {
- $authenticationSuccessful = FALSE;
- foreach ($serviceObjects as $serviceObject) {
- $serviceReturnValue = intval($serviceObject->authUser($user));
- if ($serviceReturnValue <= 0) {
- $authenticationSuccessful = FALSE;
- break;
- }
- if ($serviceReturnValue >= 200) {
- $authenticationSuccessful = TRUE;
- break;
- }
- else if ($serviceReturnValue < 100) {
- $authenticationSuccessful = TRUE;
- }
- else {
- $authenticationSuccessful = FALSE;
- }
- }
- return $authenticationSuccessful;
- }
- /**
- * Returns the "authInfo", a collection of settings and values influencing
- * authentication.
- * @param string $pidlist Comma separated list of page ids to search.
- * @return array The authInfo array.
- */
- protected function getAuthInfoArray($pidlist) {
- $authInfo = array(
- 'loginType' => 'FE',
- 'refInfo' => parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER')),
- 'HTTP_HOST' => GeneralUtility::getIndpEnv('HTTP_HOST'),
- 'REMOTE_ADDR' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
- 'REMOTE_HOST' => GeneralUtility::getIndpEnv('REMOTE_HOST'),
- 'showHiddenRecords' => FALSE,
- 'db_user' => array(
- 'table' => 'fe_users',
- 'userid_column' => 'uid',
- 'username_column' => 'username',
- 'userident_column' => 'password',
- 'usergroup_column' => 'usergroup',
- 'enable_clause' => $this->getEnabledFieldsClauseForFeUsers(),
- 'checkPidList' => TRUE,
- 'check_pid_clause' => ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($pidlist) . ')',
- ),
- 'db_groups' => array(
- 'table' => 'fe_groups',
- ),
- );
- return $authInfo;
- }
- /**
- * Returns a part of a WHERE clause for the table fe_users, which excludes
- * all currently disabled records.
- * @return string
- */
- protected function getEnabledFieldsClauseForFeUsers() {
- $pageRepository = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
- return $pageRepository->enableFields('fe_users');
- }
- /**
- * Returns a "parent" object for the services. Not pretty.
- * @returns object
- */
- protected function getParentObject() {
- $parentObject = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Authentication\\FrontendUserAuthentication');
- return $parentObject;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement