[BUGFIX] Add backend authentication to Extbase CommandController 23/54223/2
authorWolfgang Klinger <wolfgang@wazum.com>
Wed, 27 Sep 2017 08:09:42 +0000 (10:09 +0200)
committerBenni Mack <benni@typo3.org>
Wed, 27 Sep 2017 12:37:44 +0000 (14:37 +0200)
Ensure backwards compatibility with existing Extbase CommandControllers
by making sure the _cli_ user is always authenticated, so e.g. calls to
the DataHandler do not require explicit authentication in the extensions
CommandController.

Resolves: #82566
Releases: master, 8.7
Change-Id: Ice9b039558b68050c08a53f1c50dc726ec657522
Reviewed-on: https://review.typo3.org/54223
Reviewed-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/extbase/Classes/Mvc/Controller/CommandController.php

index 007ecb7..8d63c2a 100644 (file)
@@ -131,6 +131,7 @@ class CommandController implements CommandControllerInterface
         $this->arguments = $this->objectManager->get(Arguments::class);
         $this->initializeCommandMethodArguments();
         $this->mapRequestArgumentsToControllerArguments();
+        $this->initializeBackendAuthentication();
         $this->callCommandMethod();
     }
 
@@ -204,6 +205,17 @@ class CommandController implements CommandControllerInterface
     }
 
     /**
+     * Initializes and ensures authenticated backend access
+     */
+    protected function initializeBackendAuthentication()
+    {
+        $backendUserAuthentication = $this->getBackendUserAuthentication();
+        if ($backendUserAuthentication !== null) {
+            $backendUserAuthentication->backendCheckLogin();
+        }
+    }
+
+    /**
      * Forwards the request to another command and / or CommandController.
      *
      * Request is directly transferred to the other command / controller