[BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / Classes / AuthenticationService.php
1 <?php
2 namespace TYPO3\CMS\Sv;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2004-2013 René Fritz <r.fritz@colorcube.de>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the text file GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 /**
31 * Authentication services class
32 *
33 * @author René Fritz <r.fritz@colorcube.de>
34 */
35 class AuthenticationService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {
36
37 /**
38 * Process the submitted credentials.
39 * In this case hash the clear text password if it has been submitted.
40 *
41 * @param array $loginData Credentials that are submitted and potentially modified by other services
42 * @param string $passwordTransmissionStrategy Keyword of how the password has been hashed or encrypted before submission
43 * @return boolean
44 */
45 public function processLoginData(array &$loginData, $passwordTransmissionStrategy) {
46 $isProcessed = TRUE;
47 // Processing data according to the state it was submitted in.
48 switch ($passwordTransmissionStrategy) {
49 case 'normal':
50 $loginData['uident_text'] = $loginData['uident'];
51 break;
52 case 'challenged':
53 $loginData['uident_text'] = '';
54 $loginData['uident_challenged'] = $loginData['uident'];
55 $loginData['uident_superchallenged'] = '';
56 break;
57 case 'superchallenged':
58 $loginData['uident_text'] = '';
59 $loginData['uident_challenged'] = '';
60 $loginData['uident_superchallenged'] = $loginData['uident'];
61 break;
62 default:
63 $isProcessed = FALSE;
64 }
65 if (!empty($loginData['uident_text'])) {
66 $loginData['uident_challenged'] = (string) md5(($loginData['uname'] . ':' . $loginData['uident_text'] . ':' . $loginData['chalvalue']));
67 $loginData['uident_superchallenged'] = (string) md5(($loginData['uname'] . ':' . md5($loginData['uident_text']) . ':' . $loginData['chalvalue']));
68 $isProcessed = TRUE;
69 }
70 return $isProcessed;
71 }
72
73 /**
74 * Find a user (eg. look up the user record in database when a login is sent)
75 *
76 * @return mixed User array or FALSE
77 * @todo Define visibility
78 */
79 public function getUser() {
80 $user = FALSE;
81 if ($this->login['status'] == 'login') {
82 if ($this->login['uident']) {
83 $user = $this->fetchUserRecord($this->login['uname']);
84 if (!is_array($user)) {
85 // Failed login attempt (no username found)
86 $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s), username \'%s\' not found!!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
87 // Logout written to log
88 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\' not found!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
89 } else {
90 if ($this->writeDevLog) {
91 \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('User found: ' . \TYPO3\CMS\Core\Utility\GeneralUtility::arrayToLogString($user, array($this->db_user['userid_column'], $this->db_user['username_column'])), 'TYPO3\\CMS\\Sv\\AuthenticationService');
92 }
93 }
94 } else {
95 // Failed Login attempt (no password given)
96 $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s) for username \'%s\' with an empty password!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
97 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), for username \'%s\' with an empty password!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
98 }
99 }
100 return $user;
101 }
102
103 /**
104 * Authenticate a user (Check various conditions for the user that might invalidate its authentication, eg. password match, domain, IP, etc.)
105 *
106 * @param array $user Data of user.
107 *
108 * @return integer >= 200: User authenticated successfully.
109 * No more checking is needed by other auth services.
110 * >= 100: User not authenticated; this service is not responsible.
111 * Other auth services will be asked.
112 * > 0: User authenticated successfully.
113 * Other auth services will still be asked.
114 * <= 0: Authentication failed, no more checking needed
115 * by other auth services.
116 */
117 public function authUser(array $user) {
118 $OK = 100;
119 if ($this->login['uident'] && $this->login['uname']) {
120 // Checking password match for user:
121 $OK = $this->compareUident($user, $this->login);
122 if (!$OK) {
123 // Failed login attempt (wrong password) - write that to the log!
124 if ($this->writeAttemptLog) {
125 $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', password not accepted!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
126 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', password not accepted!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
127 }
128 if ($this->writeDevLog) {
129 \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Password not accepted: ' . $this->login['uident'], 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);
130 }
131 }
132 // Checking the domain (lockToDomain)
133 if ($OK && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {
134 // Lock domain didn't match, so error:
135 if ($this->writeAttemptLog) {
136 $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
137 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
138 }
139 $OK = 0;
140 }
141 }
142 return $OK;
143 }
144
145 /**
146 * Find usergroup records, currently only for frontend
147 *
148 * @param array $user Data of user.
149 * @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
150 * @return mixed Groups array, keys = uid which must be unique
151 * @todo Define visibility
152 */
153 public function getGroups($user, $knownGroups) {
154 global $TYPO3_CONF_VARS;
155 $groupDataArr = array();
156 if ($this->mode == 'getGroupsFE') {
157 $groups = array();
158 if (is_array($user) && $user[$this->db_user['usergroup_column']]) {
159 $groupList = $user[$this->db_user['usergroup_column']];
160 $groups = array();
161 $this->getSubGroups($groupList, '', $groups);
162 }
163 // ADD group-numbers if the IPmask matches.
164 if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {
165 foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {
166 if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {
167 $groups[] = (int)$IPel[1];
168 }
169 }
170 }
171 $groups = array_unique($groups);
172 if (count($groups)) {
173 $list = implode(',', $groups);
174 if ($this->writeDevLog) {
175 \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Get usergroups with id: ' . $list, 'TYPO3\\CMS\\Sv\\AuthenticationService');
176 }
177 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';
178 if (!$this->authInfo['showHiddenRecords']) {
179 $hiddenP = 'AND hidden=0 ';
180 }
181 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);
182 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
183 $groupDataArr[$row['uid']] = $row;
184 }
185 if ($res) {
186 $GLOBALS['TYPO3_DB']->sql_free_result($res);
187 }
188 } else {
189 if ($this->writeDevLog) {
190 \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('No usergroups found.', 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);
191 }
192 }
193 } elseif ($this->mode == 'getGroupsBE') {
194
195 }
196 return $groupDataArr;
197 }
198
199 /**
200 * Fetches subgroups of groups. Function is called recursively for each subgroup.
201 * Function was previously copied from
202 * \TYPO3\CMS\Core\Authentication\BackendUserAuthentication->fetchGroups and has been slightly modified.
203 *
204 * @param string $grList Commalist of fe_groups uid numbers
205 * @param string $idList List of already processed fe_groups-uids so the function will not fall into a eternal recursion.
206 * @param array $groups
207 * @return array
208 * @access private
209 * @todo Define visibility
210 */
211 public function getSubGroups($grList, $idList = '', &$groups) {
212 // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
213 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';
214 if (!$this->authInfo['showHiddenRecords']) {
215 $hiddenP = 'AND hidden=0 ';
216 }
217 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $grList . ')' . $lockToDomain_SQL);
218 // Internal group record storage
219 $groupRows = array();
220 // The groups array is filled
221 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
222 if (!in_array($row['uid'], $groups)) {
223 $groups[] = $row['uid'];
224 }
225 $groupRows[$row['uid']] = $row;
226 }
227 // Traversing records in the correct order
228 $include_staticArr = \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $grList);
229 // traversing list
230 foreach ($include_staticArr as $uid) {
231 // Get row:
232 $row = $groupRows[$uid];
233 // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
234 if (is_array($row) && !\TYPO3\CMS\Core\Utility\GeneralUtility::inList($idList, $uid)) {
235 // Include sub groups
236 if (trim($row['subgroup'])) {
237 // Make integer list
238 $theList = implode(',', \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $row['subgroup']));
239 // Call recursively, pass along list of already processed groups so they are not recursed again.
240 $this->getSubGroups($theList, $idList . ',' . $uid, $groups);
241 }
242 }
243 }
244 }
245
246 }