[CLEANUP] The correct case must be used for standard PHP types in phpdoc
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / AjaxLoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20
21 /**
22 * This is the ajax handler for backend login after timeout.
23 */
24 class AjaxLoginController
25 {
26 /**
27 * Handles the actual login process, more specifically it defines the response.
28 * The login details were sent in as part of the ajax request and automatically logged in
29 * the user inside the TYPO3 CMS bootstrap part of the ajax call. If that was successful, we have
30 * a BE user and reset the timer and hide the login window.
31 * If it was unsuccessful, we display that and show the login box again.
32 *
33 * @param ServerRequestInterface $request
34 * @param ResponseInterface $response
35 * @return ResponseInterface
36 */
37 public function loginAction(ServerRequestInterface $request, ResponseInterface $response)
38 {
39 if ($this->isAuthorizedBackendSession()) {
40 $result = ['success' => true];
41 if ($this->hasLoginBeenProcessed()) {
42 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
43 $formProtection->setSessionTokenFromRegistry();
44 $formProtection->persistSessionToken();
45 }
46 } else {
47 $result = ['success' => false];
48 }
49
50 $response->getBody()->write(json_encode(['login' => $result]));
51 return $response;
52 }
53
54 /**
55 * Logs out the current BE user
56 *
57 * @param ServerRequestInterface $request
58 * @param ResponseInterface $response
59 * @return ResponseInterface
60 */
61 public function logoutAction(ServerRequestInterface $request, ResponseInterface $response)
62 {
63 $backendUser = $this->getBackendUser();
64 $backendUser->logoff();
65
66 $response->getBody()->write(json_encode([
67 'logout' => [
68 'success' => !isset($backendUser->user['uid'])
69 ]
70 ]));
71 return $response;
72 }
73
74 /**
75 * Refreshes the login without needing login information. We just refresh the session.
76 *
77 * @param ServerRequestInterface $request
78 * @param ResponseInterface $response
79 * @return ResponseInterface
80 */
81 public function refreshAction(ServerRequestInterface $request, ResponseInterface $response)
82 {
83 $this->getBackendUser()->checkAuthentication();
84
85 $response->getBody()->write(json_encode([
86 'refresh' => [
87 'success' => true
88 ]
89 ]));
90 return $response;
91 }
92
93 /**
94 * Checks if the user session is expired yet
95 *
96 * @param ServerRequestInterface $request
97 * @param ResponseInterface $response
98 * @return ResponseInterface
99 */
100 public function isTimedOutAction(ServerRequestInterface $request, ResponseInterface $response)
101 {
102 $session = [
103 'timed_out' => false,
104 'will_time_out' => false,
105 'locked' => false
106 ];
107 $backendUser = $this->getBackendUser();
108 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND')) {
109 $session['locked'] = true;
110 } elseif (!isset($backendUser->user['uid'])) {
111 $session['timed_out'] = true;
112 } else {
113 $backendUser->fetchUserSession(true);
114 $ses_tstamp = $backendUser->user['ses_tstamp'];
115 $timeout = $backendUser->sessionTimeout;
116 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
117 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
118 $session['will_time_out'] = $GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120;
119 }
120 $response->getBody()->write(json_encode(['login' => $session]));
121 return $response;
122 }
123
124 /**
125 * Checks if a user is logged in and the session is active.
126 *
127 * @return bool
128 */
129 protected function isAuthorizedBackendSession()
130 {
131 $backendUser = $this->getBackendUser();
132 return $backendUser !== null && $backendUser instanceof BackendUserAuthentication && isset($backendUser->user['uid']);
133 }
134
135 /**
136 * Check whether the user was already authorized or not
137 *
138 * @return bool
139 */
140 protected function hasLoginBeenProcessed()
141 {
142 $loginFormData = $this->getBackendUser()->getLoginFormData();
143 return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
144 }
145
146 /**
147 * @return BackendUserAuthentication|null
148 */
149 protected function getBackendUser()
150 {
151 return isset($GLOBALS['BE_USER']) ? $GLOBALS['BE_USER'] : null;
152 }
153 }