[BUGFIX] Use correct server variable for domain lock evaluation 33/57833/4
authorMarkus Klein <markus.klein@typo3.org>
Tue, 7 Aug 2018 21:39:35 +0000 (23:39 +0200)
committerAndreas Fernandez <a.fernandez@scripting-base.de>
Thu, 9 Aug 2018 10:18:11 +0000 (12:18 +0200)
Patch https://review.typo3.org/57759 introduced a regression by using
REMOTE_HOST instead of HTTP_HOST for matching an authenticating user
against a configured domain lock.

Resolves: #85776
Related: #85761
Releases: master
Change-Id: I1d0087fa0c86506fedccba83fa83502963bd5f6f
Reviewed-on: https://review.typo3.org/57833
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
typo3/sysext/core/Classes/Authentication/AuthenticationService.php
typo3/sysext/core/Tests/Unit/Authentication/AuthenticationServiceTest.php

index a545b6c..e9c6a15 100644 (file)
@@ -108,7 +108,7 @@ class AuthenticationService extends AbstractAuthenticationService
         $submittedUsername = (string)$this->login['uname'];
         $submittedPassword = (string)$this->login['uident_text'];
         $passwordHashInDatabase = $user['password'];
-        $queriedDomain = $this->authInfo['REMOTE_HOST'];
+        $queriedDomain = $this->authInfo['HTTP_HOST'];
         $configuredDomainLock = $user['lockToDomain'];
         $userDatabaseTable = $this->db_user['table'];
 
@@ -192,9 +192,9 @@ class AuthenticationService extends AbstractAuthenticationService
         if (!$isDomainLockMet) {
             // Password ok, but configured domain lock not met
             $errorMessage = 'Login-attempt from ###IP###, username \'%s\', locked domain \'%s\' did not match \'%s\'!';
-            $this->writeLogMessage($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $this->authInfo['HTTP_HOST']);
-            $this->writelog(255, 3, 3, 1, $errorMessage, [$user[$this->db_user['username_column']], $configuredDomainLock, $this->authInfo['HTTP_HOST']]);
-            $this->logger->info(sprintf($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $this->authInfo['HTTP_HOST']));
+            $this->writeLogMessage($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain);
+            $this->writelog(255, 3, 3, 1, $errorMessage, [$user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain]);
+            $this->logger->info(sprintf($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain));
             // Responsible, authentication ok, but domain lock not ok, do NOT check other services
             return 0;
         }
index 242e1c9..c268cfa 100644 (file)
@@ -130,7 +130,7 @@ class AuthenticationServiceTest extends UnitTestCase
             ],
             [
                 'db_user' => ['table' => 'be_users'],
-                'REMOTE_HOST' => ''
+                'HTTP_HOST' => ''
             ],
             $pObjProphecy->reveal()
         );
@@ -158,7 +158,7 @@ class AuthenticationServiceTest extends UnitTestCase
             ],
             [
                 'db_user' => ['table' => 'be_users'],
-                'REMOTE_HOST' => '',
+                'HTTP_HOST' => '',
             ],
             $pObjProphecy->reveal()
         );
@@ -187,7 +187,7 @@ class AuthenticationServiceTest extends UnitTestCase
             ],
             [
                 'db_user' => ['table' => 'be_users'],
-                'REMOTE_HOST' => ''
+                'HTTP_HOST' => ''
             ],
             $pObjProphecy->reveal()
         );