TYPO3 checking frontend user credentials

use \TYPO3\CMS\Core\Utility\GeneralUtility;

/**
 * A service that verifies credentials for a frontend user.
 *
 * @author Jost Baron <jost.baron at gmx.de>
 */
class FrontendUserAuthenticationService implements \TYPO3\CMS\Core\SingletonInterface {

    /**
     * Checks if the given credentials correct for the user with the given name.
     * Only searches users on the given storage pages.
     * @param string $username
     * @param string $password
     * @param string $storageIds Comma separated list of storage ids too look
     * on for user data.
     * @returns boolean true if the credentials are correct, false otherwise.
     */
    public function isValidLogin($username, $password, $storageIds) {

        $loginData = array(
            'status'        => 'login',
            'uname'         => $username,
            'uident'        => $password,
            'uident_text'   => $password,
        );

        $findUserServiceObjects = $this->getAuthenticationServices('getUserFE', $loginData, $storageIds);
        $user = $this->getFirstUser($findUserServiceObjects);
        if (FALSE === $user) {
            return FALSE;
        }

        $authUserServiceObjects = $this->getAuthenticationServices('authUserFE', $loginData, $storageIds);
        return $this->checkUserAuthentication($user, $authUserServiceObjects);
    }

    /**
     * Returns the authentication service chain to use (configured using TYPO3).
     * @param string $subType The subtype of authentication services, either
     * getUserFE, getUserBE, authUserFE or authUserBE
     * @param array $loginData
     * @return array
     */
    protected function getAuthenticationServices($subType, $loginData, $storageIds) {
        $serviceChain = '';
        $serviceObjects = array();
        $authInfo = $this->getAuthInfoArray($storageIds);

        while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {

            $serviceChain .= ',' . $serviceObj->getServiceKey();

            $serviceObj->initAuth($subType, $loginData, $authInfo, $this->getParentObject());
            array_push($serviceObjects, $serviceObj);
        }

        return $serviceObjects;
    }

    /**
     * Returns the first user that matches the login data given to the services.
     * @param array $serviceObjects The authentication service chain.
     * @return array|boolean The database row of the user, or FALSE if none is
     * found.
     */
    protected function getFirstUser($serviceObjects) {
        $user = FALSE;

        foreach ($serviceObjects as $serviceObject) {
            $user = $serviceObject->getUser();

            if (FALSE !== $user) {
                break;
            }
        }

        return $user;
    }

    /**
     * Checks if the user is correctly authenticated with the given data.
     * @param array $user The user to authenticate, as fetched by the
     * fetchUserFE subtype of the services.
     * @param array $serviceObjects The authentication service chain.
     * @return boolean TRUE, if the credentials are correct, FALSE otherwise.
     */
    protected function checkUserAuthentication($user, $serviceObjects) {

        $authenticationSuccessful = FALSE;

        foreach ($serviceObjects as $serviceObject) {
            $serviceReturnValue = intval($serviceObject->authUser($user));

            if ($serviceReturnValue <= 0) {
                $authenticationSuccessful = FALSE;
                break;
            }
            if ($serviceReturnValue >= 200) {
                $authenticationSuccessful = TRUE;
                break;
            }
            else if ($serviceReturnValue < 100) {
                $authenticationSuccessful = TRUE;
            }
            else {
                $authenticationSuccessful = FALSE;
            }
        }

        return $authenticationSuccessful;
    }

    /**
     * Returns the "authInfo", a collection of settings and values influencing
     * authentication.
     * @param string $pidlist Comma separated list of page ids to search.
     * @return array The authInfo array.
     */
    protected function getAuthInfoArray($pidlist) {
        $authInfo = array(
            'loginType'             => 'FE',
            'refInfo'               => parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER')),
            'HTTP_HOST'             => GeneralUtility::getIndpEnv('HTTP_HOST'),
            'REMOTE_ADDR'           => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
            'REMOTE_HOST'           => GeneralUtility::getIndpEnv('REMOTE_HOST'),
            'showHiddenRecords'     => FALSE,
            'db_user'               => array(
                'table'                 => 'fe_users',
                'userid_column'         => 'uid',
                'username_column'       => 'username',
                'userident_column'      => 'password',
                'usergroup_column'      => 'usergroup',

                'enable_clause'         => $this->getEnabledFieldsClauseForFeUsers(),
                'checkPidList'          => TRUE,
                'check_pid_clause'      => ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($pidlist) . ')',
            ),
            'db_groups'             => array(
                'table'                 => 'fe_groups',
            ),
        );

        return $authInfo;
    }

    /**
     * Returns a part of a WHERE clause for the table fe_users, which excludes
     * all currently disabled records.
     * @return string
     */
    protected function getEnabledFieldsClauseForFeUsers() {
        $pageRepository = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
        return $pageRepository->enableFields('fe_users');
    }

    /**
     * Returns a "parent" object for the services. Not pretty.
     * @returns object
     */
    protected function getParentObject() {
        $parentObject = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Authentication\\FrontendUserAuthentication');
        return $parentObject;
    }
}