[TASK] Get rid of ObjectManager in install tool
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / AjaxController.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18
19 /**
20 * Install tool ajax controller, handles ajax requests
21 *
22 */
23 class AjaxController extends AbstractController
24 {
25 /**
26 * @var string
27 */
28 protected $unauthorized = 'unauthorized';
29
30 /**
31 * @var array List of valid action names that need authentication
32 */
33 protected $authenticationActions = array(
34 'extensionCompatibilityTester',
35 'uninstallExtension',
36 'clearCache',
37 'coreUpdateUpdateVersionMatrix',
38 'coreUpdateIsUpdateAvailable',
39 'coreUpdateCheckPreConditions',
40 'coreUpdateDownload',
41 'coreUpdateVerifyChecksum',
42 'coreUpdateUnpack',
43 'coreUpdateMove',
44 'coreUpdateActivate',
45 'folderStatus',
46 'environmentStatus'
47 );
48
49 /**
50 * Main entry point
51 *
52 * @return void
53 */
54 public function execute()
55 {
56 $this->loadBaseExtensions();
57 // Warning: Order of these methods is security relevant and interferes with different access
58 // conditions (new/existing installation). See the single method comments for details.
59 $this->outputInstallToolNotEnabledMessageIfNeeded();
60 $this->checkInstallToolPasswordNotSet();
61 $this->initializeSession();
62 $this->checkSessionToken();
63 $this->checkSessionLifetime();
64 $this->checkLogin();
65 $this->dispatchAuthenticationActions();
66 }
67
68 /**
69 * Check whether the install tool is enabled
70 *
71 * @return void
72 */
73 protected function outputInstallToolNotEnabledMessageIfNeeded()
74 {
75 if (!$this->isInstallToolAvailable()) {
76 $this->output($this->unauthorized);
77 }
78 }
79
80 /**
81 * Check if the install tool password is set
82 *
83 * @return void
84 */
85 protected function checkInstallToolPasswordNotSet()
86 {
87 if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
88 $this->output($this->unauthorized);
89 }
90 }
91
92 /**
93 * Check login status
94 *
95 * @return void
96 */
97 protected function checkLogin()
98 {
99 if (!$this->session->isAuthorized()) {
100 $this->output($this->unauthorized);
101 } else {
102 $this->session->refreshSession();
103 }
104 }
105
106 /**
107 * Overwrites abstract method
108 * In contrast to abstract method, a response "you are not authorized is outputted"
109 *
110 * @param bool $tokenOk
111 * @return void
112 */
113 protected function handleSessionTokenCheck($tokenOk)
114 {
115 if (!$tokenOk) {
116 $this->output($this->unauthorized);
117 }
118 }
119
120 /**
121 * Overwrites abstract method
122 * In contrast to abstract method, a response "you are not authorized is outputted"
123 *
124 * @return void
125 */
126 protected function handleSessionLifeTimeExpired()
127 {
128 $this->output($this->unauthorized);
129 }
130
131 /**
132 * Call an action that needs authentication
133 *
134 * @throws Exception
135 * @return string Rendered content
136 */
137 protected function dispatchAuthenticationActions()
138 {
139 $action = $this->getAction();
140 if ($action === '') {
141 $this->output('noAction');
142 }
143 $this->validateAuthenticationAction($action);
144 $actionClass = ucfirst($action);
145 /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */
146 $toolAction = GeneralUtility::makeInstance('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
147 if (!($toolAction instanceof Action\ActionInterface)) {
148 throw new Exception(
149 $action . ' does not implement ActionInterface',
150 1369474308
151 );
152 }
153 $toolAction->setController('ajax');
154 $toolAction->setAction($action);
155 $toolAction->setToken($this->generateTokenForAction($action));
156 $toolAction->setPostValues($this->getPostValues());
157 $this->output($toolAction->handle());
158 }
159
160 /**
161 * Output content.
162 * WARNING: This exits the script execution!
163 *
164 * @param string $content JSON encoded content to output
165 */
166 protected function output($content = '')
167 {
168 ob_clean();
169 header('Content-Type: application/json; charset=utf-8');
170 header('Cache-Control: no-cache, must-revalidate');
171 header('Pragma: no-cache');
172 echo $content;
173 die;
174 }
175 }