cdeee18dce9b71dcfe11f314cef839c369bd6b14
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / Classes / Hook / UserSetupHook.php
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Hook;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2011-2013 Helmut Hummel <helmut.hummel@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26 /**
27 * This class provides a hook to the login form to add extra javascript code
28 * and supply a proper form tag.
29 *
30 * @author Helmut Hummel <helmut.hummel@typo3.org>
31 */
32 class UserSetupHook {
33
34 /**
35 * Decrypt the password fields if they are filled.
36 *
37 * @param array $parameters Parameters to the script
38 * @return void
39 */
40 public function decryptPassword(array $parameters) {
41 if ($this->isRsaAvailable()) {
42 $be_user_data = &$parameters['be_user_data'];
43 if (substr($be_user_data['password'], 0, 4) === 'rsa:' && substr($be_user_data['password2'], 0, 4) === 'rsa:') {
44 $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend();
45 /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */
46 $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage();
47 $key = $storage->get();
48 $password = $backend->decrypt($key, substr($be_user_data['password'], 4));
49 $password2 = $backend->decrypt($key, substr($be_user_data['password2'], 4));
50 $be_user_data['password'] = $password ?: $be_user_data['password'];
51 $be_user_data['password2'] = $password2 ?: $be_user_data['password2'];
52 }
53 }
54 }
55
56 /**
57 * Provides form code and javascript for the user setup.
58 *
59 * @param array $parameters Parameters to the script
60 * @param \TYPO3\CMS\Setup\Controller\SetupModuleController $userSetupObject Calling object: user setup module
61 * @return string The code for the user setup
62 */
63 public function getLoginScripts(array $parameters, \TYPO3\CMS\Setup\Controller\SetupModuleController $userSetupObject) {
64 $content = '';
65 if ($this->isRsaAvailable()) {
66 // If we can get the backend, we can proceed
67 $backend = \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend();
68 $javascriptPath = \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::siteRelPath('rsaauth') . 'resources/';
69 $files = array(
70 'jsbn/jsbn.js',
71 'jsbn/prng4.js',
72 'jsbn/rng.js',
73 'jsbn/rsa.js',
74 'jsbn/base64.js',
75 'rsaauth_min.js'
76 );
77 $content = '';
78 foreach ($files as $file) {
79 $content .= '<script type="text/javascript" src="' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . $javascriptPath . $file . '"></script>';
80 }
81 // Generate a new key pair
82 $keyPair = $backend->createNewKeyPair();
83 // Save private key
84 $storage = \TYPO3\CMS\Rsaauth\Storage\StorageFactory::getStorage();
85 /** @var $storage \TYPO3\CMS\Rsaauth\Storage\AbstractStorage */
86 $storage->put($keyPair->getPrivateKey());
87 // Add form tag
88 $form = '<form action="' . \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('user_setup') . '" method="post" name="usersetup" enctype="application/x-www-form-urlencoded" onsubmit="tx_rsaauth_encryptUserSetup();">';
89 // Add RSA hidden fields
90 $form .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />';
91 $form .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />';
92 $userSetupObject->doc->form = $form;
93 }
94 return $content;
95 }
96
97 /**
98 * Rsa is available if loginSecurityLevel is set and rsa backend is working.
99 *
100 * @return boolean
101 */
102 protected function isRsaAvailable() {
103 return trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa' && \TYPO3\CMS\Rsaauth\Backend\BackendFactory::getBackend() !== NULL;
104 }
105
106 }