2866fe7ef61b0d0b77bd643d0b796431d61e18c4
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / AjaxLoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\Http\JsonResponse;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22
23 /**
24 * This is the ajax handler for backend login after timeout.
25 */
26 class AjaxLoginController
27 {
28 /**
29 * Handles the actual login process, more specifically it defines the response.
30 * The login details were sent in as part of the ajax request and automatically logged in
31 * the user inside the TYPO3 CMS bootstrap part of the ajax call. If that was successful, we have
32 * a BE user and reset the timer and hide the login window.
33 * If it was unsuccessful, we display that and show the login box again.
34 *
35 * @param ServerRequestInterface $request
36 * @return ResponseInterface
37 */
38 public function loginAction(ServerRequestInterface $request): ResponseInterface
39 {
40 if ($this->isAuthorizedBackendSession()) {
41 $result = ['success' => true];
42 if ($this->hasLoginBeenProcessed()) {
43 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
44 $formProtection->setSessionTokenFromRegistry();
45 $formProtection->persistSessionToken();
46 }
47 } else {
48 $result = ['success' => false];
49 }
50 return GeneralUtility::makeInstance(JsonResponse::class, ['login' => $result]);
51 }
52
53 /**
54 * Logs out the current BE user
55 *
56 * @param ServerRequestInterface $request
57 * @return ResponseInterface
58 */
59 public function logoutAction(ServerRequestInterface $request): ResponseInterface
60 {
61 $backendUser = $this->getBackendUser();
62 $backendUser->logoff();
63 return GeneralUtility::makeInstance(JsonResponse::class, [
64 'logout' => [
65 'success' => !isset($backendUser->user['uid'])
66 ]
67 ]);
68 }
69
70 /**
71 * Refreshes the login without needing login information. We just refresh the session.
72 *
73 * @param ServerRequestInterface $request
74 * @return ResponseInterface
75 */
76 public function refreshAction(ServerRequestInterface $request): ResponseInterface
77 {
78 $this->getBackendUser()->checkAuthentication();
79 return GeneralUtility::makeInstance(JsonResponse::class, [
80 'refresh' => [
81 'success' => true
82 ]
83 ]);
84 }
85
86 /**
87 * Checks if the user session is expired yet
88 *
89 * @param ServerRequestInterface $request
90 * @return ResponseInterface
91 */
92 public function isTimedOutAction(ServerRequestInterface $request): ResponseInterface
93 {
94 $session = [
95 'timed_out' => false,
96 'will_time_out' => false,
97 'locked' => false
98 ];
99 $backendUser = $this->getBackendUser();
100 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND')) {
101 $session['locked'] = true;
102 } elseif (!isset($backendUser->user['uid'])) {
103 $session['timed_out'] = true;
104 } else {
105 $backendUser->fetchUserSession(true);
106 $ses_tstamp = $backendUser->user['ses_tstamp'];
107 $timeout = $backendUser->sessionTimeout;
108 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
109 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
110 $session['will_time_out'] = $GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120;
111 }
112 return GeneralUtility::makeInstance(JsonResponse::class, ['login' => $session]);
113 }
114
115 /**
116 * Checks if a user is logged in and the session is active.
117 *
118 * @return bool
119 */
120 protected function isAuthorizedBackendSession()
121 {
122 $backendUser = $this->getBackendUser();
123 return $backendUser !== null && $backendUser instanceof BackendUserAuthentication && isset($backendUser->user['uid']);
124 }
125
126 /**
127 * Check whether the user was already authorized or not
128 *
129 * @return bool
130 */
131 protected function hasLoginBeenProcessed()
132 {
133 $loginFormData = $this->getBackendUser()->getLoginFormData();
134 return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
135 }
136
137 /**
138 * @return BackendUserAuthentication|null
139 */
140 protected function getBackendUser()
141 {
142 return isset($GLOBALS['BE_USER']) ? $GLOBALS['BE_USER'] : null;
143 }
144 }