Commit 82166203 authored by Marc Egger's avatar Marc Egger
Browse files

T3v10: beUserLoggedIn, password hashing, Page Language

parent 4525445f
Pipeline #4219 passed with stages
in 4 minutes and 15 seconds
......@@ -35,6 +35,7 @@ class QfqController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionController {
$flagOk = false;
try {
Path::setMainPaths('');
$contentObject = $this->configurationManager->getContentObject();
// By T3 default 'E_NOTICE' is unset. E.g. 'Undefined Index' will throw an exception.
......@@ -42,7 +43,6 @@ class QfqController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionController {
$origErrorReporting = error_reporting();
error_reporting($origErrorReporting | E_NOTICE);
Path::setMainPaths('');
$qfq = new QuickFormQuery($contentObject->data);
$html = $qfq->process();
$flagOk = true;
......
......@@ -485,7 +485,7 @@ EOF;
*/
private static function enforcePathIsSet($path) {
if(is_null($path)) {
Thrower::userFormException('Path accessed before set.', 'Make sure Path::setMainPaths() is called before.');
Thrower::userFormException('Path accessed before set.', 'Make sure Path::setMainPaths(...) is called before this code is executed..');
}
}
......
......@@ -159,7 +159,17 @@ class Variables {
if (isset($GLOBALS["TSFE"])) {
$arr["page_id"] = $GLOBALS["TSFE"]->id;
$arr["page_type"] = $GLOBALS["TSFE"]->type;
$arr["page_language_uid"] = $GLOBALS["TSFE"]->sys_language_uid;
$arr["page_language_uid"] = $GLOBALS["TSFE"]->sys_language_uid; // DEPRECATED
/** ?CR
* TODO: Remove page_language_uid if not used or migrate to new
*
* Deprecation: #85543 - Language-related properties in TypoScriptFrontendController and PageRepository
* Migration:
* $languageAspect = GeneralUtility::makeInstance(Context::class)->getAspect('language');
* (previously known as TSFE->sys_language_uid)
*/
}
return ($arr);
......
......@@ -204,6 +204,7 @@ class Config {
$configT3qfq = $GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS'][EXT_KEY];
$configT3qfq[SYSTEM_DB_NAME_T3] = self::getDbName($GLOBALS['TYPO3_CONF_VARS']['DB']);
$configT3qfq[SYSTEM_PW_HASHING_CLASS] = $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['className'];
// NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
} elseif (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][EXT_KEY])) {
// Typo3 version <=8
......@@ -217,6 +218,7 @@ class Config {
// Typo3 version >=10
$configT3qfq = $configT3['EXTENSIONS'][EXT_KEY];
$configT3qfq[SYSTEM_PW_HASHING_CLASS] = $configT3['BE']['passwordHashing']['className'];
// NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
} else {
// Typo3 version <=8
$configT3qfq = unserialize($configT3['EXT']['extConf'][EXT_KEY]);
......@@ -577,11 +579,12 @@ class Config {
*
* @return bool true: current Browser session is a logged in BE User.
*/
private static function beUserLoggedIn() {
public static function beUserLoggedIn() {
if (isset($GLOBALS["BE_USER"]) && $GLOBALS["BE_USER"]->loginType === "BE") {
if (class_exists('TYPO3\CMS\Core\Context\Context')) {
// Typo3 version >=10
return true;
$context = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\Context\Context::class);
return $context->getPropertyFromAspect('backend.user', 'isLoggedIn');
} elseif (!empty($GLOBALS["TSFE"]->beUserLogin) && $GLOBALS["TSFE"]->beUserLogin === true) {
// Typo3 version <=8
return true;
......
......@@ -710,7 +710,7 @@ class Store {
}
}
$t3varsArray[TYPO3_BE_USER_LOGGED_IN] = (isset($GLOBALS["TSFE"]->beUserLogin) && $GLOBALS["TSFE"]->beUserLogin === true) ? 'yes' : 'no';
$t3varsArray[TYPO3_BE_USER_LOGGED_IN] = Config::beUserLoggedIn() ? 'yes' : 'no';
$t3varsString = KeyValueStringParser::unparse($t3varsArray, '=', '&');
$t3sip = self::$sip->queryStringToSip($t3varsString, RETURN_SIP);
......
......@@ -40,9 +40,17 @@ class T3Info {
$t3vars[TYPO3_PAGE_TYPE] = isset($GLOBALS["TSFE"]->type) ? $GLOBALS["TSFE"]->type : '';
$t3vars[TYPO3_PAGE_LANGUAGE] = isset($GLOBALS["TSFE"]->sys_language_uid) ? $GLOBALS["TSFE"]->sys_language_uid : '';
$t3vars[TYPO3_BE_USER_LOGGED_IN] = (isset($GLOBALS["TSFE"]->beUserLogin) && $GLOBALS["TSFE"]->beUserLogin === true) ? 'yes' : 'no';
$t3vars[TYPO3_PAGE_LANGUAGE] = isset($GLOBALS["TSFE"]->sys_language_uid) ? $GLOBALS["TSFE"]->sys_language_uid : ''; // DEPRECATED
/** ?CR
* TODO: Remove page_language_uid if not used or migrate to new
*
* Deprecation: #85543 - Language-related properties in TypoScriptFrontendController and PageRepository
* Migration:
* $languageAspect = GeneralUtility::makeInstance(Context::class)->getAspect('language');
* (previously known as TSFE->sys_language_uid)
*/
$t3vars[TYPO3_BE_USER_LOGGED_IN] = Config::beUserLoggedIn() ? 'yes' : 'no';
$t3vars[TYPO3_BE_USER] = isset($GLOBALS["BE_USER"]->user["username"]) ? $GLOBALS["BE_USER"]->user["username"] : '';
......
......@@ -41,6 +41,7 @@ class T3Handler {
/**
* Convert a cleartext password to a hash. Respects if 'salted passwords' are enabled.
* NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
* Legacy code (Typo3 version <=8) based on https://docs.typo3.org/typo3cms/extensions/saltedpasswords/8.7/DevelopersGuide/Index.html
*
* @param string $newPassword
......@@ -61,6 +62,7 @@ class T3Handler {
// Typo3 version >=10
$saltedPassword = $t3Hasher->getHashedPassword($newPassword);
// NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
} elseif (class_exists('\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility') && class_exists('\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory')) {
......@@ -87,6 +89,7 @@ class T3Handler {
/**
* Check if the salted password corresponds to the password.
* NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
* Legacy code (Typo3 version <=8) based on https://docs.typo3.org/typo3cms/extensions/saltedpasswords/8.7/DevelopersGuide/Index.html
*
* @param string $saltedPassword
......@@ -108,6 +111,7 @@ class T3Handler {
// Typo3 version >=10
$success = $t3Hasher->checkPassword($password, $saltedPassword);
// NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
} elseif (class_exists('\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility') && class_exists('\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory')) {
......@@ -136,6 +140,7 @@ class T3Handler {
/**
* Return an instance of the Typo3 password hashing class as configured in LocalConfiguration.php
* Returns object which implements interface: TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
* NOTE: This does not use the official API to access Typo3 password hashing. Here is the official API: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/PasswordHashing/
*
* @return mixed|null
* @throws \CodeException
......@@ -171,6 +176,8 @@ class T3Handler {
// run typo3 bootstrap if not yet happened. Necessary if run in unittest.
if (!defined('TYPO3_MODE')) {
// NOTE: Deprecated: Deprecation: #85821 - bootstrap methods
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()
->setRequestType(TYPO3_REQUESTTYPE_AJAX)
->baseSetup(0);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment