[TASK] Create own response instance in controller actions
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / AjaxLoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
21 use TYPO3\CMS\Core\Http\JsonResponse;
22
23 /**
24 * This is the ajax handler for backend login after timeout.
25 */
26 class AjaxLoginController
27 {
28 /**
29 * Handles the actual login process, more specifically it defines the response.
30 * The login details were sent in as part of the ajax request and automatically logged in
31 * the user inside the TYPO3 CMS bootstrap part of the ajax call. If that was successful, we have
32 * a BE user and reset the timer and hide the login window.
33 * If it was unsuccessful, we display that and show the login box again.
34 *
35 * @param ServerRequestInterface $request
36 * @return ResponseInterface
37 */
38 public function loginAction(ServerRequestInterface $request): ResponseInterface
39 {
40 if ($this->isAuthorizedBackendSession()) {
41 $result = ['success' => true];
42 if ($this->hasLoginBeenProcessed()) {
43 /** @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection $formProtection */
44 $formProtection = FormProtectionFactory::get();
45 $formProtection->setSessionTokenFromRegistry();
46 $formProtection->persistSessionToken();
47 }
48 } else {
49 $result = ['success' => false];
50 }
51 return new JsonResponse(['login' => $result]);
52 }
53
54 /**
55 * Logs out the current BE user
56 *
57 * @param ServerRequestInterface $request
58 * @return ResponseInterface
59 */
60 public function logoutAction(ServerRequestInterface $request): ResponseInterface
61 {
62 $backendUser = $this->getBackendUser();
63 $backendUser->logoff();
64 return new JsonResponse([
65 'logout' => [
66 'success' => !isset($backendUser->user['uid'])
67 ]
68 ]);
69 }
70
71 /**
72 * Refreshes the login without needing login information. We just refresh the session.
73 *
74 * @param ServerRequestInterface $request
75 * @return ResponseInterface
76 */
77 public function refreshAction(ServerRequestInterface $request): ResponseInterface
78 {
79 $this->getBackendUser()->checkAuthentication();
80 return new JsonResponse([
81 'refresh' => [
82 'success' => true
83 ]
84 ]);
85 }
86
87 /**
88 * Checks if the user session is expired yet
89 *
90 * @param ServerRequestInterface $request
91 * @return ResponseInterface
92 */
93 public function isTimedOutAction(ServerRequestInterface $request): ResponseInterface
94 {
95 $session = [
96 'timed_out' => false,
97 'will_time_out' => false,
98 'locked' => false
99 ];
100 $backendUser = $this->getBackendUser();
101 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND')) {
102 $session['locked'] = true;
103 } elseif (!isset($backendUser->user['uid'])) {
104 $session['timed_out'] = true;
105 } else {
106 $backendUser->fetchUserSession(true);
107 $ses_tstamp = $backendUser->user['ses_tstamp'];
108 $timeout = $backendUser->sessionTimeout;
109 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
110 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
111 $session['will_time_out'] = $GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120;
112 }
113 return new JsonResponse(['login' => $session]);
114 }
115
116 /**
117 * Checks if a user is logged in and the session is active.
118 *
119 * @return bool
120 */
121 protected function isAuthorizedBackendSession()
122 {
123 $backendUser = $this->getBackendUser();
124 return $backendUser !== null && $backendUser instanceof BackendUserAuthentication && isset($backendUser->user['uid']);
125 }
126
127 /**
128 * Check whether the user was already authorized or not
129 *
130 * @return bool
131 */
132 protected function hasLoginBeenProcessed()
133 {
134 $loginFormData = $this->getBackendUser()->getLoginFormData();
135 return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
136 }
137
138 /**
139 * @return BackendUserAuthentication|null
140 */
141 protected function getBackendUser()
142 {
143 return $GLOBALS['BE_USER'] ?? null;
144 }
145 }