442a37e366ce2af0b2462bfa7242efcb6a756ca3
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Authentication / CommandLineUserAuthentication.php
1 <?php
2 namespace TYPO3\CMS\Core\Authentication;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Core\Environment;
18 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
19 use TYPO3\CMS\Core\Crypto\Random;
20 use TYPO3\CMS\Core\Database\ConnectionPool;
21 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23
24 /**
25 * TYPO3 backend user authentication on a CLI level
26 * Auto-logs in, only allowed on CLI
27 */
28 class CommandLineUserAuthentication extends BackendUserAuthentication
29 {
30
31 /**
32 * The username of the CLI user (there is only one)
33 * @var string
34 */
35 protected $username = '_cli_';
36
37 /**
38 * Constructor, only allowed in CLI mode
39 *
40 * @throws \RuntimeException
41 */
42 public function __construct()
43 {
44 if (!Environment::isCli()) {
45 throw new \RuntimeException('Creating a CLI-based user object on non-CLI level is not allowed', 1483971165);
46 }
47 if (!$this->isUserAllowedToLogin()) {
48 throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
49 }
50 $this->dontSetCookie = true;
51 parent::__construct();
52 }
53
54 /**
55 * Logs-in the _CLI_ user. It does not need to check for credentials.
56 *
57 * @throws \RuntimeException when the user could not log in or it is an admin
58 */
59 public function authenticate()
60 {
61 // check if a _CLI_ user exists, if not, create one
62 $this->setBeUserByName($this->username);
63 if (!$this->user['uid']) {
64 // create a new BE user in the database
65 if (!$this->checkIfCliUserExists()) {
66 $this->createCliUser();
67 } else {
68 throw new \RuntimeException('No backend user named "_cli_" could be authenticated, maybe this user is "hidden"?', 1484050401);
69 }
70 $this->setBeUserByName($this->username);
71 }
72 if (!$this->user['uid']) {
73 throw new \RuntimeException('No backend user named "_cli_" could be created.', 1476107195);
74 }
75 // The groups are fetched and ready for permission checking in this initialization.
76 $this->fetchGroupData();
77 $this->backendSetUC();
78 // activate this functionality for DataHandler
79 $this->uc['recursiveDelete'] = true;
80 }
81
82 /**
83 * Logs in the TYPO3 Backend user "_cli_"
84 *
85 * @param bool $proceedIfNoUserIsLoggedIn if this option is set, then there won't be a redirect to the login screen of the Backend - used for areas in the backend which do not need user rights like the login page.
86 */
87 public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
88 {
89 $this->authenticate();
90 }
91
92 /**
93 * Determines whether a CLI backend user is allowed to access TYPO3.
94 * Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
95 *
96 * @return bool Whether the CLI user is allowed to access TYPO3
97 */
98 protected function isUserAllowedToLogin()
99 {
100 return in_array((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
101 }
102
103 /**
104 * Check if a user with username "_cli_" exists. Deleted users are left out
105 * but hidden and start / endtime restricted users are considered.
106 *
107 * @return bool true if the user exists
108 */
109 protected function checkIfCliUserExists()
110 {
111 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
112 $queryBuilder->getRestrictions()
113 ->removeAll()
114 ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
115 $count = $queryBuilder
116 ->count('*')
117 ->from('be_users')
118 ->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_cli_')))
119 ->execute()
120 ->fetchColumn(0);
121 return (bool)$count;
122 }
123
124 /**
125 * Create a record in the DB table be_users called "_cli_" with no other information
126 */
127 protected function createCliUser()
128 {
129 $userFields = [
130 'username' => $this->username,
131 'password' => $this->generateHashedPassword(),
132 'admin' => 1,
133 'tstamp' => $GLOBALS['EXEC_TIME'],
134 'crdate' => $GLOBALS['EXEC_TIME']
135 ];
136
137 $databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
138 ->getConnectionForTable('be_users');
139 $databaseConnection->insert('be_users', $userFields);
140 }
141
142 /**
143 * This function returns a salted hashed key.
144 *
145 * @return string a random password
146 */
147 protected function generateHashedPassword()
148 {
149 $cryptoService = GeneralUtility::makeInstance(Random::class);
150 $password = $cryptoService->generateRandomBytes(20);
151 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
152 return $hashInstance->getHashedPassword($password);
153 }
154 }