[TASK] Streamline hooks and middlewares related to PSR-15
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / BackendUserAuthenticator.php
1 <?php
2 declare(strict_types = 1);
3
4 namespace TYPO3\CMS\Frontend\Middleware;
5
6 /*
7 * This file is part of the TYPO3 CMS project.
8 *
9 * It is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License, either version 2
11 * of the License, or any later version.
12 *
13 * For the full copyright and license information, please read the
14 * LICENSE.txt file that was distributed with this source code.
15 *
16 * The TYPO3 project - inspiring people to share!
17 */
18
19 use Psr\Http\Message\ResponseInterface;
20 use Psr\Http\Message\ServerRequestInterface;
21 use Psr\Http\Server\MiddlewareInterface;
22 use Psr\Http\Server\RequestHandlerInterface;
23 use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
24 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
25 use TYPO3\CMS\Core\Context\Context;
26 use TYPO3\CMS\Core\Context\UserAspect;
27 use TYPO3\CMS\Core\Context\WorkspaceAspect;
28 use TYPO3\CMS\Core\Core\Bootstrap;
29 use TYPO3\CMS\Core\Utility\GeneralUtility;
30
31 /**
32 * This middleware authenticates a Backend User (be_user) (pre)-viewing a frontend page.
33 *
34 * This middleware also ensures that $GLOBALS['LANG'] is available, however it is possible that
35 * a different middleware later-on might unset the BE_USER as he/she is not allowed to preview a certain
36 * page due to rights management. As this can only happen once the page ID is resolved, this will happen
37 * after the routing middleware.
38 *
39 * Currently, this middleware depends on the availability of $GLOBALS['TSFE'], however, this is solely
40 * due to backwards-compatibility and will be disabled in the future.
41 */
42 class BackendUserAuthenticator implements MiddlewareInterface
43 {
44 /**
45 * Creates a frontend user authentication object, tries to authenticate a user
46 * and stores the object in $GLOBALS['TSFE']->fe_user.
47 *
48 * @param ServerRequestInterface $request
49 * @param RequestHandlerInterface $handler
50 * @return ResponseInterface
51 */
52 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
53 {
54 // PRE BE_USER HOOK
55 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) {
56 trigger_error('The "preBeUser" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
57 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) {
58 $_params = [];
59 GeneralUtility::callUserFunction($_funcRef, $_params, $GLOBALS['TSFE']);
60 }
61 }
62
63 // Initializing a possible logged-in Backend User
64 // If the backend cookie is set,
65 // we proceed and check if a backend user is logged in.
66 $backendUserObject = null;
67 if (isset($request->getCookieParams()[BackendUserAuthentication::getCookieName()])) {
68 $backendUserObject = $this->initializeBackendUser();
69 }
70
71 $GLOBALS['BE_USER'] = $backendUserObject;
72
73 // POST BE_USER HOOK
74 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) {
75 $_params = [
76 'BE_USER' => &$GLOBALS['BE_USER']
77 ];
78 trigger_error('The "postBeUser" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
79 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) {
80 GeneralUtility::callUserFunction($_funcRef, $_params, $GLOBALS['TSFE']);
81 }
82 }
83
84 // Load specific dependencies which are necessary for a valid Backend User
85 // like $GLOBALS['LANG'] for labels in the language of the BE User, the router, and ext_tables.php for all modules
86 // So things like Frontend Editing and Admin Panel can use this for generating links to the TYPO3 Backend.
87 if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
88 Bootstrap::initializeLanguageObject();
89 Bootstrap::initializeBackendRouter();
90 Bootstrap::loadExtTables();
91 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), $GLOBALS['BE_USER']);
92 }
93
94 return $handler->handle($request);
95 }
96
97 /**
98 * Creates the backend user object and returns it.
99 *
100 * @return FrontendBackendUserAuthentication|null the backend user object or null if there was no valid user found
101 */
102 protected function initializeBackendUser()
103 {
104 // New backend user object
105 $backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
106 $backendUserObject->start();
107 $backendUserObject->unpack_uc();
108 if (!empty($backendUserObject->user['uid'])) {
109 $backendUserObject->fetchGroupData();
110 }
111 // Unset the user initialization if any setting / restriction applies
112 if (!$backendUserObject->checkBackendAccessSettingsFromInitPhp() || empty($backendUserObject->user['uid'])) {
113 $backendUserObject = null;
114 }
115 return $backendUserObject;
116 }
117
118 /**
119 * Register the backend user as aspect
120 *
121 * @param Context $context
122 * @param BackendUserAuthentication|null $user
123 */
124 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user)
125 {
126 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
127 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user->workspace));
128 }
129 }