[TASK] Move BE-related bootstrap code to PSR-15 middleware
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Middleware / BackendUserAuthenticator.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Backend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Core\Bootstrap;
23
24 /**
25 * Initializes the backend user authentication object (BE_USER) and the global LANG object.
26 *
27 * @internal
28 */
29 class BackendUserAuthenticator implements MiddlewareInterface
30 {
31 /**
32 * List of requests that don't need a valid BE user
33 *
34 * @var array
35 */
36 protected $publicRoutes = [
37 '/login',
38 '/ajax/login',
39 '/ajax/logout',
40 '/ajax/login/refresh',
41 '/ajax/login/timedout',
42 '/ajax/rsa/publickey'
43 ];
44
45 /**
46 * Calls the bootstrap process to set up $GLOBALS['BE_USER'] AND $GLOBALS['LANG']
47 *
48 * @param ServerRequestInterface $request
49 * @param RequestHandlerInterface $handler
50 * @return ResponseInterface
51 */
52 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
53 {
54 $pathToRoute = $request->getAttribute('routePath', '/login');
55
56 Bootstrap::getInstance()
57 ->initializeBackendUser()
58 // @todo: once this logic is in this method, the redirect URL should be handled as response here
59 ->initializeBackendAuthentication($this->isLoggedInBackendUserRequired($pathToRoute))
60 ->initializeLanguageObject();
61
62 return $handler->handle($request);
63 }
64
65 /**
66 * Check if the user is required for the request
67 * If we're trying to do a login or an ajax login, don't require a user
68 *
69 * @param string $routePath the Route path to check against, something like '
70 * @return bool whether the request can proceed without a login required
71 */
72 protected function isLoggedInBackendUserRequired(string $routePath): bool
73 {
74 return in_array($routePath, $this->publicRoutes, true);
75 }
76 }