[TASK] Fix CGL issues
[Packages/TYPO3.CMS.git] / typo3 / sysext / form / Classes / Domain / Configuration / FormDefinitionConversionService.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
19 use TYPO3\CMS\Core\Crypto\Random;
20 use TYPO3\CMS\Core\SingletonInterface;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing;
23 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor;
24 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\AddHmacDataConverter;
25 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\ConverterDto;
26 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\RemoveHmacDataConverter;
27
28 /**
29 * @internal
30 */
31 class FormDefinitionConversionService implements SingletonInterface
32 {
33
34 /**
35 * Add a new value "_orig_<propertyName>" for each scalar property value
36 * within the form definition as a sibling of the property key.
37 * "_orig_<propertyName>" is an array which contains the property value
38 * and a hmac hash for the property value.
39 * "_orig_<propertyName>" will be used to validate the form definition on saving.
40 * @see \TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService::validateFormDefinitionProperties()
41 *
42 * @param array $formDefinition
43 * @return array
44 */
45 public function addHmacData(array $formDefinition): array
46 {
47 // Extend the hmac hashing key with a "per form editor session" unique key.
48 $sessionToken = $this->generateSessionToken();
49 $this->persistSessionToken($sessionToken);
50
51 $converterDto = GeneralUtility::makeInstance(ConverterDto::class, $formDefinition);
52
53 GeneralUtility::makeInstance(ArrayProcessor::class, $formDefinition)->forEach(
54 GeneralUtility::makeInstance(
55 ArrayProcessing::class,
56 'addHmacData',
57 '(^identifier$|renderables\.([\d]+).\identifier$)',
58 GeneralUtility::makeInstance(
59 AddHmacDataConverter::class,
60 $converterDto,
61 $sessionToken
62 )
63 )
64 );
65
66 return $converterDto->getFormDefinition();
67 }
68
69 /**
70 * Remove the "_orig_<propertyName>" values from the form definition.
71 *
72 * @param array $formDefinition
73 * @return array
74 */
75 public function removeHmacData(array $formDefinition): array
76 {
77 $converterDto = GeneralUtility::makeInstance(ConverterDto::class, $formDefinition);
78
79 GeneralUtility::makeInstance(ArrayProcessor::class, $formDefinition)->forEach(
80 GeneralUtility::makeInstance(
81 ArrayProcessing::class,
82 'removeHmacData',
83 '(_orig_.*|.*\._orig_.*)\.hmac',
84 GeneralUtility::makeInstance(
85 RemoveHmacDataConverter::class,
86 $converterDto
87 )
88 )
89 );
90
91 return $converterDto->getFormDefinition();
92 }
93
94 /**
95 */
96 protected function persistSessionToken(string $sessionToken)
97 {
98 $this->getBackendUser()->setAndSaveSessionData('extFormProtectionSessionToken', $sessionToken);
99 }
100
101 /**
102 * Generates the random token which is used in the hash for the form tokens.
103 *
104 * @return string
105 */
106 protected function generateSessionToken()
107 {
108 return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(64);
109 }
110
111 /**
112 * @return BackendUserAuthentication
113 */
114 protected function getBackendUser(): BackendUserAuthentication
115 {
116 return $GLOBALS['BE_USER'];
117 }
118 }