SHOW:
|
|
- or go back to the newest paste.
1 | use \TYPO3\CMS\Core\Utility\GeneralUtility; | |
2 | ||
3 | /** | |
4 | * A service that verifies credentials for a frontend user. | |
5 | * | |
6 | * @author Jost Baron <jost.baron at gmx.de> | |
7 | */ | |
8 | class FrontendUserAuthenticationService implements \TYPO3\CMS\Core\SingletonInterface { | |
9 | ||
10 | /** | |
11 | * Checks if the given credentials correct for the user with the given name. | |
12 | * Only searches users on the given storage pages. | |
13 | * @param string $username | |
14 | * @param string $password | |
15 | * @param string $storageIds Comma separated list of storage ids too look | |
16 | * on for user data. | |
17 | * @returns boolean true if the credentials are correct, false otherwise. | |
18 | */ | |
19 | public function isValidLogin($username, $password, $storageIds) { | |
20 | ||
21 | $loginData = array( | |
22 | 'status' => 'login', | |
23 | 'uname' => $username, | |
24 | 'uident' => $password, | |
25 | 'uident_text' => $password, | |
26 | ); | |
27 | ||
28 | $findUserServiceObjects = $this->getAuthenticationServices('getUserFE', $loginData, $storageIds); | |
29 | $user = $this->getFirstUser($findUserServiceObjects); | |
30 | if (FALSE === $user) { | |
31 | return FALSE; | |
32 | } | |
33 | ||
34 | $authUserServiceObjects = $this->getAuthenticationServices('authUserFE', $loginData, $storageIds); | |
35 | return $this->checkUserAuthentication($user, $authUserServiceObjects); | |
36 | } | |
37 | ||
38 | /** | |
39 | * Returns the authentication service chain to use (configured using TYPO3). | |
40 | * @param string $subType The subtype of authentication services, either | |
41 | * getUserFE, getUserBE, authUserFE or authUserBE | |
42 | * @param array $loginData | |
43 | * @return array | |
44 | */ | |
45 | protected function getAuthenticationServices($subType, $loginData, $storageIds) { | |
46 | $serviceChain = ''; | |
47 | $serviceObjects = array(); | |
48 | $authInfo = $this->getAuthInfoArray($storageIds); | |
49 | ||
50 | while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) { | |
51 | ||
52 | $serviceChain .= ',' . $serviceObj->getServiceKey(); | |
53 | ||
54 | $serviceObj->initAuth($subType, $loginData, $authInfo, $this->getParentObject()); | |
55 | array_push($serviceObjects, $serviceObj); | |
56 | } | |
57 | ||
58 | return $serviceObjects; | |
59 | } | |
60 | ||
61 | /** | |
62 | * Returns the first user that matches the login data given to the services. | |
63 | * @param array $serviceObjects The authentication service chain. | |
64 | * @return array|boolean The database row of the user, or FALSE if none is | |
65 | * found. | |
66 | */ | |
67 | protected function getFirstUser($serviceObjects) { | |
68 | $user = FALSE; | |
69 | ||
70 | foreach ($serviceObjects as $serviceObject) { | |
71 | $user = $serviceObject->getUser(); | |
72 | ||
73 | if (FALSE !== $user) { | |
74 | break; | |
75 | } | |
76 | } | |
77 | ||
78 | return $user; | |
79 | } | |
80 | ||
81 | /** | |
82 | * Checks if the user is correctly authenticated with the given data. | |
83 | * @param array $user The user to authenticate, as fetched by the | |
84 | * fetchUserFE subtype of the services. | |
85 | * @param array $serviceObjects The authentication service chain. | |
86 | * @return boolean TRUE, if the credentials are correct, FALSE otherwise. | |
87 | */ | |
88 | protected function checkUserAuthentication($user, $serviceObjects) { | |
89 | ||
90 | $authenticationSuccessful = FALSE; | |
91 | ||
92 | foreach ($serviceObjects as $serviceObject) { | |
93 | $serviceReturnValue = intval($serviceObject->authUser($user)); | |
94 | ||
95 | if ($serviceReturnValue <= 0) { | |
96 | $authenticationSuccessful = FALSE; | |
97 | break; | |
98 | } | |
99 | if ($serviceReturnValue >= 200) { | |
100 | $authenticationSuccessful = TRUE; | |
101 | break; | |
102 | } | |
103 | else if ($serviceReturnValue < 100) { | |
104 | $authenticationSuccessful = TRUE; | |
105 | } | |
106 | else { | |
107 | $authenticationSuccessful = FALSE; | |
108 | } | |
109 | } | |
110 | ||
111 | return $authenticationSuccessful; | |
112 | } | |
113 | ||
114 | /** | |
115 | * Returns the "authInfo", a collection of settings and values influencing | |
116 | * authentication. | |
117 | * @param string $pidlist Comma separated list of page ids to search. | |
118 | * @return array The authInfo array. | |
119 | */ | |
120 | protected function getAuthInfoArray($pidlist) { | |
121 | $authInfo = array( | |
122 | 'loginType' => 'FE', | |
123 | 'refInfo' => parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER')), | |
124 | 'HTTP_HOST' => GeneralUtility::getIndpEnv('HTTP_HOST'), | |
125 | 'REMOTE_ADDR' => GeneralUtility::getIndpEnv('REMOTE_ADDR'), | |
126 | 'REMOTE_HOST' => GeneralUtility::getIndpEnv('REMOTE_HOST'), | |
127 | 'showHiddenRecords' => FALSE, | |
128 | 'db_user' => array( | |
129 | 'table' => 'fe_users', | |
130 | 'userid_column' => 'uid', | |
131 | 'username_column' => 'username', | |
132 | 'userident_column' => 'password', | |
133 | 'usergroup_column' => 'usergroup', | |
134 | ||
135 | 'enable_clause' => $this->getEnabledFieldsClauseForFeUsers(), | |
136 | 'checkPidList' => TRUE, | |
137 | 'check_pid_clause' => ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($pidlist) . ')', | |
138 | ), | |
139 | 'db_groups' => array( | |
140 | 'table' => 'fe_groups', | |
141 | ), | |
142 | ); | |
143 | ||
144 | return $authInfo; | |
145 | } | |
146 | ||
147 | /** | |
148 | * Returns a part of a WHERE clause for the table fe_users, which excludes | |
149 | * all currently disabled records. | |
150 | * @return string | |
151 | */ | |
152 | protected function getEnabledFieldsClauseForFeUsers() { | |
153 | $pageRepository = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository'); | |
154 | return $pageRepository->enableFields('fe_users'); | |
155 | } | |
156 | ||
157 | /** | |
158 | * Returns a "parent" object for the services. Not pretty. | |
159 | * @returns object | |
160 | */ | |
161 | protected function getParentObject() { | |
162 | $parentObject = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Authentication\\FrontendUserAuthentication'); | |
163 | return $parentObject; | |
164 | } | |
165 | } |