2 declare(strict_types
= 1);
4 namespace TYPO3\CMS\Frontend\Middleware
;
7 * This file is part of the TYPO3 CMS project.
9 * It is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License, either version 2
11 * of the License, or any later version.
13 * For the full copyright and license information, please read the
14 * LICENSE.txt file that was distributed with this source code.
16 * The TYPO3 project - inspiring people to share!
19 use Psr\Http\Message\ResponseInterface
;
20 use Psr\Http\Message\ServerRequestInterface
;
21 use Psr\Http\Server\MiddlewareInterface
;
22 use Psr\Http\Server\RequestHandlerInterface
;
23 use TYPO3\CMS\Backend\FrontendBackendUserAuthentication
;
24 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication
;
25 use TYPO3\CMS\Core\Context\Context
;
26 use TYPO3\CMS\Core\Context\UserAspect
;
27 use TYPO3\CMS\Core\Context\WorkspaceAspect
;
28 use TYPO3\CMS\Core\Core\Bootstrap
;
29 use TYPO3\CMS\Core\Http\NormalizedParams
;
30 use TYPO3\CMS\Core\Utility\GeneralUtility
;
33 * This middleware authenticates a Backend User (be_user) (pre)-viewing a frontend page.
35 * This middleware also ensures that $GLOBALS['LANG'] is available, however it is possible that
36 * a different middleware later-on might unset the BE_USER as he/she is not allowed to preview a certain
37 * page due to rights management. As this can only happen once the page ID is resolved, this will happen
38 * after the routing middleware.
40 * Currently, this middleware depends on the availability of $GLOBALS['TSFE'], however, this is solely
41 * due to backwards-compatibility and will be disabled in the future.
43 class BackendUserAuthenticator
implements MiddlewareInterface
46 * Creates a frontend user authentication object, tries to authenticate a user
47 * and stores the object in $GLOBALS['TSFE']->fe_user.
49 * @param ServerRequestInterface $request
50 * @param RequestHandlerInterface $handler
51 * @return ResponseInterface
53 public function process(ServerRequestInterface
$request, RequestHandlerInterface
$handler): ResponseInterface
55 // Initializing a possible logged-in Backend User
56 // If the backend cookie is set,
57 // we proceed and check if a backend user is logged in.
58 $backendUserObject = null;
59 if (isset($request->getCookieParams()[BackendUserAuthentication
::getCookieName()])) {
60 $backendUserObject = $this->initializeBackendUser($request);
63 $GLOBALS['BE_USER'] = $backendUserObject;
66 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) {
68 'BE_USER' => &$GLOBALS['BE_USER']
70 trigger_error('The "postBeUser" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED
);
71 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) {
72 GeneralUtility
::callUserFunction($_funcRef, $_params, $GLOBALS['TSFE']);
76 // Load specific dependencies which are necessary for a valid Backend User
77 // like $GLOBALS['LANG'] for labels in the language of the BE User, the router, and ext_tables.php for all modules
78 // So things like Frontend Editing and Admin Panel can use this for generating links to the TYPO3 Backend.
79 if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication
) {
80 Bootstrap
::initializeLanguageObject();
81 Bootstrap
::initializeBackendRouter();
82 Bootstrap
::loadExtTables();
83 $this->setBackendUserAspect(GeneralUtility
::makeInstance(Context
::class), $GLOBALS['BE_USER']);
86 return $handler->handle($request);
90 * Creates the backend user object and returns it.
92 * @param ServerRequestInterface $request
93 * @return FrontendBackendUserAuthentication|null the backend user object or null if there was no valid user found
94 * @throws \TYPO3\CMS\Core\Exception
96 protected function initializeBackendUser(ServerRequestInterface
$request)
98 // New backend user object
99 $backendUserObject = GeneralUtility
::makeInstance(FrontendBackendUserAuthentication
::class);
100 $backendUserObject->start();
101 $backendUserObject->unpack_uc();
102 if (!empty($backendUserObject->user
['uid'])) {
103 $backendUserObject->fetchGroupData();
105 // Unset the user initialization if any setting / restriction applies
106 if (!$this->isAuthenticated($backendUserObject, $request->getAttribute('normalizedParams'))) {
107 $backendUserObject = null;
109 return $backendUserObject;
113 * Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
115 * @param FrontendBackendUserAuthentication $user
116 * @param NormalizedParams $normalizedParams
117 * @return bool Returns TRUE if access is OK
119 protected function isAuthenticated(FrontendBackendUserAuthentication
$user, NormalizedParams
$normalizedParams)
122 $ipMask = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'] ??
'');
123 if ($ipMask && !GeneralUtility
::cmpIP($normalizedParams->getRemoteAddress(), $ipMask)) {
127 if ((bool)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !$normalizedParams->isHttps()) {
130 return $user->backendCheckLogin();
134 * Register the backend user as aspect
136 * @param Context $context
137 * @param BackendUserAuthentication|null $user
139 protected function setBackendUserAspect(Context
$context, BackendUserAuthentication
$user)
141 $context->setAspect('backend.user', GeneralUtility
::makeInstance(UserAspect
::class, $user));
142 $context->setAspect('workspace', GeneralUtility
::makeInstance(WorkspaceAspect
::class, $user->workspace
));