[!!!][TASK] Remove sysext:sv, move files to sysext:core
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / Classes / RsaAuthService.php
1 <?php
2 namespace TYPO3\CMS\Rsaauth;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Authentication\AuthenticationService;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19
20 /**
21 * Service "RSA authentication" for the "rsaauth" extension. This service will
22 * authenticate a user using hos password encoded with one time public key. It
23 * uses the standard TYPO3 service to do all dirty work. Firsts, it will decode
24 * the password and then pass it to the parent service ('core'). This ensures that it
25 * always works, even if other TYPO3 internals change.
26 */
27 class RsaAuthService extends AuthenticationService
28 {
29 /**
30 * @var RsaEncryptionDecoder
31 */
32 protected $rsaEncryptionDecoder = null;
33
34 /**
35 * Standard extension key for the service
36 * The extension key.
37 *
38 * @var string
39 */
40 public $extKey = 'rsaauth';
41
42 /**
43 * Standard prefix id for the service
44 * Same as class name
45 *
46 * @var string
47 */
48 public $prefixId = 'tx_rsaauth_sv1';
49
50 /**
51 * Process the submitted credentials.
52 * In this case decrypt the password if it is RSA encrypted.
53 *
54 * @param array $loginData Credentials that are submitted and potentially modified by other services
55 * @param string $passwordTransmissionStrategy Keyword of how the password has been hashed or encrypted before submission
56 * @return bool
57 */
58 public function processLoginData(array &$loginData, $passwordTransmissionStrategy)
59 {
60 $isProcessed = false;
61 if ($passwordTransmissionStrategy === 'rsa') {
62 $password = $loginData['uident'];
63 if (substr($password, 0, 4) === 'rsa:') {
64 $decryptedPassword = $this->getRsaEncryptionDecoder()->decrypt($password);
65 if ($decryptedPassword !== $password) {
66 $loginData['uident_text'] = $decryptedPassword;
67 $isProcessed = true;
68 } else {
69 if ($this->pObj->writeDevLog) {
70 GeneralUtility::devLog('Process login data: Failed to RSA decrypt password', self::class);
71 }
72 }
73 } else {
74 if ($this->pObj->writeDevLog) {
75 GeneralUtility::devLog('Process login data: passwordTransmissionStrategy has been set to "rsa" but no rsa encrypted password has been found.', self::class);
76 }
77 }
78 }
79 return $isProcessed;
80 }
81
82 /**
83 * Initializes the service.
84 *
85 * @return bool
86 */
87 public function init()
88 {
89 return parent::init() && $this->getRsaEncryptionDecoder()->isAvailable();
90 }
91
92 /**
93 * @return RsaEncryptionDecoder
94 */
95 protected function getRsaEncryptionDecoder()
96 {
97 if ($this->rsaEncryptionDecoder === null) {
98 $this->rsaEncryptionDecoder = GeneralUtility::makeInstance(RsaEncryptionDecoder::class);
99 }
100
101 return $this->rsaEncryptionDecoder;
102 }
103 }