2a0996b4fa65f4424873d1d83a5a8f1aaa1ca902
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / AjaxLoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
21 use TYPO3\CMS\Core\Http\JsonResponse;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23
24 /**
25 * This is the ajax handler for backend login after timeout.
26 */
27 class AjaxLoginController
28 {
29 /**
30 * Handles the actual login process, more specifically it defines the response.
31 * The login details were sent in as part of the ajax request and automatically logged in
32 * the user inside the TYPO3 CMS bootstrap part of the ajax call. If that was successful, we have
33 * a BE user and reset the timer and hide the login window.
34 * If it was unsuccessful, we display that and show the login box again.
35 *
36 * @param ServerRequestInterface $request
37 * @return ResponseInterface
38 */
39 public function loginAction(ServerRequestInterface $request): ResponseInterface
40 {
41 if ($this->isAuthorizedBackendSession()) {
42 $result = ['success' => true];
43 if ($this->hasLoginBeenProcessed()) {
44 /** @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection $formProtection */
45 $formProtection = FormProtectionFactory::get();
46 $formProtection->setSessionTokenFromRegistry();
47 $formProtection->persistSessionToken();
48 }
49 } else {
50 $result = ['success' => false];
51 }
52 return GeneralUtility::makeInstance(JsonResponse::class, ['login' => $result]);
53 }
54
55 /**
56 * Logs out the current BE user
57 *
58 * @param ServerRequestInterface $request
59 * @return ResponseInterface
60 */
61 public function logoutAction(ServerRequestInterface $request): ResponseInterface
62 {
63 $backendUser = $this->getBackendUser();
64 $backendUser->logoff();
65 return GeneralUtility::makeInstance(JsonResponse::class, [
66 'logout' => [
67 'success' => !isset($backendUser->user['uid'])
68 ]
69 ]);
70 }
71
72 /**
73 * Refreshes the login without needing login information. We just refresh the session.
74 *
75 * @param ServerRequestInterface $request
76 * @return ResponseInterface
77 */
78 public function refreshAction(ServerRequestInterface $request): ResponseInterface
79 {
80 $this->getBackendUser()->checkAuthentication();
81 return GeneralUtility::makeInstance(JsonResponse::class, [
82 'refresh' => [
83 'success' => true
84 ]
85 ]);
86 }
87
88 /**
89 * Checks if the user session is expired yet
90 *
91 * @param ServerRequestInterface $request
92 * @return ResponseInterface
93 */
94 public function isTimedOutAction(ServerRequestInterface $request): ResponseInterface
95 {
96 $session = [
97 'timed_out' => false,
98 'will_time_out' => false,
99 'locked' => false
100 ];
101 $backendUser = $this->getBackendUser();
102 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND')) {
103 $session['locked'] = true;
104 } elseif (!isset($backendUser->user['uid'])) {
105 $session['timed_out'] = true;
106 } else {
107 $backendUser->fetchUserSession(true);
108 $ses_tstamp = $backendUser->user['ses_tstamp'];
109 $timeout = $backendUser->sessionTimeout;
110 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
111 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
112 $session['will_time_out'] = $GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120;
113 }
114 return GeneralUtility::makeInstance(JsonResponse::class, ['login' => $session]);
115 }
116
117 /**
118 * Checks if a user is logged in and the session is active.
119 *
120 * @return bool
121 */
122 protected function isAuthorizedBackendSession()
123 {
124 $backendUser = $this->getBackendUser();
125 return $backendUser !== null && $backendUser instanceof BackendUserAuthentication && isset($backendUser->user['uid']);
126 }
127
128 /**
129 * Check whether the user was already authorized or not
130 *
131 * @return bool
132 */
133 protected function hasLoginBeenProcessed()
134 {
135 $loginFormData = $this->getBackendUser()->getLoginFormData();
136 return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
137 }
138
139 /**
140 * @return BackendUserAuthentication|null
141 */
142 protected function getBackendUser()
143 {
144 return $GLOBALS['BE_USER'] ?? null;
145 }
146 }