[BUGFIX] Set BackendUserAspect earlier to make it usable in TSConfig
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Middleware / BackendUserAuthenticator.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Backend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Core\Bootstrap;
27 use TYPO3\CMS\Core\Utility\GeneralUtility;
28
29 /**
30 * Initializes the backend user authentication object (BE_USER) and the global LANG object.
31 *
32 * @internal
33 */
34 class BackendUserAuthenticator implements MiddlewareInterface
35 {
36 /**
37 * List of requests that don't need a valid BE user
38 *
39 * @var array
40 */
41 protected $publicRoutes = [
42 '/login',
43 '/login/frame',
44 '/ajax/login',
45 '/ajax/logout',
46 '/ajax/login/refresh',
47 '/ajax/login/timedout',
48 '/ajax/rsa/publickey'
49 ];
50
51 /**
52 * Calls the bootstrap process to set up $GLOBALS['BE_USER'] AND $GLOBALS['LANG']
53 *
54 * @param ServerRequestInterface $request
55 * @param RequestHandlerInterface $handler
56 * @return ResponseInterface
57 */
58 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
59 {
60 $pathToRoute = $request->getAttribute('routePath', '/login');
61
62 Bootstrap::initializeBackendUser();
63 // Register the backend user as aspect
64 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), $GLOBALS['BE_USER']);
65 // @todo: once this logic is in this method, the redirect URL should be handled as response here
66 Bootstrap::initializeBackendAuthentication($this->isLoggedInBackendUserRequired($pathToRoute));
67 Bootstrap::initializeLanguageObject();
68
69 return $handler->handle($request);
70 }
71
72 /**
73 * Check if the user is required for the request
74 * If we're trying to do a login or an ajax login, don't require a user
75 *
76 * @param string $routePath the Route path to check against, something like '
77 * @return bool whether the request can proceed without a login required
78 */
79 protected function isLoggedInBackendUserRequired(string $routePath): bool
80 {
81 return in_array($routePath, $this->publicRoutes, true);
82 }
83
84 /**
85 * Register the backend user as aspect
86 *
87 * @param Context $context
88 * @param BackendUserAuthentication $user
89 */
90 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user)
91 {
92 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
93 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user->workspace));
94 }
95 }