[TASK] Unify handling of TYPO3_PROCEED_IF_NO_USER 33/38033/8
authorBenjamin Mack <benni@typo3.org>
Mon, 23 Mar 2015 12:29:24 +0000 (13:29 +0100)
committerBenjamin Mack <benni@typo3.org>
Tue, 16 Jun 2015 13:51:49 +0000 (15:51 +0200)
The constant TYPO3_PROCEED_IF_NO_USER
allows for calling the Backend boostrap without
a authenticated user. The constant is now moved
mainly to the Request Handlers so it is encapsulated
in that area for now.

Once the Request Handler logic is streamlined better
the constant can be dropped in the core with a
deprecation layer.

Resolves: #65932
Releases: master
Change-Id: I02dfb384660be749247ea27e05038d3f0b373896
Reviewed-on: http://review.typo3.org/38033
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Xavier Perseguers <xavier@typo3.org>
Tested-by: Xavier Perseguers <xavier@typo3.org>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/backend/Classes/AjaxRequestHandler.php
typo3/sysext/backend/Classes/BackendModuleRequestHandler.php
typo3/sysext/backend/Classes/CliRequestHandler.php
typo3/sysext/backend/Classes/RequestHandler.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Core/Bootstrap.php

index 96bac65..123816b 100644 (file)
@@ -36,6 +36,19 @@ class AjaxRequestHandler implements RequestHandlerInterface {
        protected $bootstrap;
 
        /**
+        * List of requests that don't need a valid BE user
+        * @var array
+        */
+       protected $publicAjaxIds = array(
+               'BackendLogin::login',
+               'BackendLogin::logout',
+               'BackendLogin::refreshLogin',
+               'BackendLogin::isTimedOut',
+               'BackendLogin::getChallenge',
+               'BackendLogin::getRsaPublicKey'
+       );
+
+       /**
         * Constructor handing over the bootstrap
         *
         * @param Bootstrap $bootstrap
@@ -50,42 +63,14 @@ class AjaxRequestHandler implements RequestHandlerInterface {
         * @return void
         */
        public function handleRequest() {
-
-               // This is a list of requests that don't necessarily need a valid BE user
-               $noUserAjaxIDs = array(
-                       'BackendLogin::login',
-                       'BackendLogin::logout',
-                       'BackendLogin::refreshLogin',
-                       'BackendLogin::isTimedOut',
-                       'BackendLogin::getRsaPublicKey',
-               );
-
                // First get the ajaxID
                $ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
                if (isset($ajaxID)) {
                        $ajaxID = (string)stripslashes($ajaxID);
                }
 
-               // If we're trying to do an ajax login, don't require a user.
-               if (in_array($ajaxID, $noUserAjaxIDs)) {
-                       define('TYPO3_PROCEED_IF_NO_USER', 2);
-               }
-
                $GLOBALS['ajaxID'] = $ajaxID;
-               $this->bootstrap
-                       ->checkLockedBackendAndRedirectOrDie()
-                       ->checkBackendIpOrDie()
-                       ->checkSslBackendAndRedirectIfNeeded()
-                       ->checkValidBrowserOrDie()
-                       ->loadExtensionTables(TRUE)
-                       ->initializeSpriteManager()
-                       ->initializeBackendUser()
-                       ->initializeBackendAuthentication()
-                       ->initializeLanguageObject()
-                       ->initializeBackendTemplate()
-                       ->endOutputBufferingAndCleanPreviousOutput()
-                       ->initializeOutputCompression()
-                       ->sendHttpHeaders();
+               $this->boot($ajaxID);
 
                // Finding the script path from the registry
                $ajaxRegistryEntry = isset($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID]) ? $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID] : NULL;
@@ -151,4 +136,29 @@ class AjaxRequestHandler implements RequestHandlerInterface {
        public function getPriority() {
                return 80;
        }
+
+       /**
+        * Start the Backend bootstrap part
+        *
+        * @param string $ajaxId Contains the string of the ajaxId used
+        */
+       protected function boot($ajaxId) {
+               // If we're trying to do an ajax login, don't require a user
+               $proceedIfNoUserIsLoggedIn = in_array($ajaxId, $this->publicAjaxIds, TRUE);
+
+               $this->bootstrap
+                       ->checkLockedBackendAndRedirectOrDie($proceedIfNoUserIsLoggedIn)
+                       ->checkBackendIpOrDie()
+                       ->checkSslBackendAndRedirectIfNeeded()
+                       ->checkValidBrowserOrDie()
+                       ->loadExtensionTables(TRUE)
+                       ->initializeSpriteManager()
+                       ->initializeBackendUser()
+                       ->initializeBackendAuthentication($proceedIfNoUserIsLoggedIn)
+                       ->initializeLanguageObject()
+                       ->initializeBackendTemplate()
+                       ->endOutputBufferingAndCleanPreviousOutput()
+                       ->initializeOutputCompression()
+                       ->sendHttpHeaders();
+       }
 }
index 6d40660..2221c39 100644 (file)
@@ -82,6 +82,13 @@ class BackendModuleRequestHandler implements \TYPO3\CMS\Core\Core\RequestHandler
         * Execute TYPO3 bootstrap
         */
        protected function boot() {
+               // Evaluate the constant for skipping the BE user check for the bootstrap, will be done without the constant at a later point
+               if (defined('TYPO3_PROCEED_IF_NO_USER') && TYPO3_PROCEED_IF_NO_USER) {
+                       $proceedIfNoUserIsLoggedIn = TRUE;
+               } else {
+                       $proceedIfNoUserIsLoggedIn = FALSE;
+               }
+
                $this->bootstrap->checkLockedBackendAndRedirectOrDie()
                        ->checkBackendIpOrDie()
                        ->checkSslBackendAndRedirectIfNeeded()
@@ -89,7 +96,7 @@ class BackendModuleRequestHandler implements \TYPO3\CMS\Core\Core\RequestHandler
                        ->loadExtensionTables(TRUE)
                        ->initializeSpriteManager()
                        ->initializeBackendUser()
-                       ->initializeBackendAuthentication()
+                       ->initializeBackendAuthentication($proceedIfNoUserIsLoggedIn)
                        ->initializeLanguageObject()
                        ->initializeBackendTemplate()
                        ->endOutputBufferingAndCleanPreviousOutput()
index fe6f883..3a05300 100644 (file)
@@ -50,14 +50,7 @@ class CliRequestHandler implements RequestHandlerInterface {
                $commandLineKey = $this->getCommandLineKeyOrDie();
                $commandLineScript = $this->getIncludeScriptByCommandLineKey($commandLineKey);
 
-               $this->bootstrap
-                       ->loadExtensionTables(TRUE)
-                       ->initializeBackendUser()
-                       ->initializeBackendAuthentication()
-                       ->initializeLanguageObject();
-
-               // Make sure output is not buffered, so command-line output and interaction can take place
-               GeneralUtility::flushOutputBuffers();
+               $this->boot();
 
                try {
                        include($commandLineScript);
@@ -68,6 +61,27 @@ class CliRequestHandler implements RequestHandlerInterface {
        }
 
        /**
+        * Execute TYPO3 bootstrap
+        */
+       protected function boot() {
+               // Evaluate the constant for skipping the BE user check for the bootstrap
+               if (defined('TYPO3_PROCEED_IF_NO_USER') && TYPO3_PROCEED_IF_NO_USER) {
+                       $proceedIfNoUserIsLoggedIn = TRUE;
+               } else {
+                       $proceedIfNoUserIsLoggedIn = FALSE;
+               }
+
+               $this->bootstrap
+                       ->loadExtensionTables(TRUE)
+                       ->initializeBackendUser()
+                       ->initializeBackendAuthentication($proceedIfNoUserIsLoggedIn)
+                       ->initializeLanguageObject();
+
+               // Make sure output is not buffered, so command-line output and interaction can take place
+               GeneralUtility::flushOutputBuffers();
+       }
+
+       /**
         * Check CLI parameters.
         * First argument is a key that points to the script configuration.
         * If it is not set or not valid, the script exits with an error message.
index 23be5e2..e2bae71 100644 (file)
@@ -47,6 +47,13 @@ class RequestHandler implements RequestHandlerInterface {
         * @return void
         */
        public function handleRequest() {
+               // Evaluate the constant for skipping the BE user check for the bootstrap
+               if (defined('TYPO3_PROCEED_IF_NO_USER') && TYPO3_PROCEED_IF_NO_USER) {
+                       $proceedIfNoUserIsLoggedIn = TRUE;
+               } else {
+                       $proceedIfNoUserIsLoggedIn = FALSE;
+               }
+
                $this->bootstrap
                        ->checkLockedBackendAndRedirectOrDie()
                        ->checkBackendIpOrDie()
@@ -55,7 +62,7 @@ class RequestHandler implements RequestHandlerInterface {
                        ->loadExtensionTables(TRUE)
                        ->initializeSpriteManager()
                        ->initializeBackendUser()
-                       ->initializeBackendAuthentication()
+                       ->initializeBackendAuthentication($proceedIfNoUserIsLoggedIn)
                        ->initializeLanguageObject()
                        ->initializeBackendTemplate()
                        ->endOutputBufferingAndCleanPreviousOutput()
index c475657..461e0cb 100644 (file)
@@ -2266,12 +2266,13 @@ This is a dump of the failures:
         * but this will happen ONLY if the constant TYPO3_PROCEED_IF_NO_USER is set TRUE.
         * This function is called right after ->start() in fx. the TYPO3 CMS bootsrap
         *
+        * @param bool $proceedIfNoUserIsLoggedIn if this option is set, then there won't be a redirect to the login screen of the Backend - used for areas in the backend which do not need user rights like the login page.
         * @throws \RuntimeException
         * @return void
         */
-       public function backendCheckLogin() {
+       public function backendCheckLogin($proceedIfNoUserIsLoggedIn = FALSE) {
                if (empty($this->user['uid'])) {
-                       if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
+                       if ($proceedIfNoUserIsLoggedIn === FALSE) {
                                \TYPO3\CMS\Core\Utility\HttpUtility::redirect($GLOBALS['BACK_PATH']);
                        }
                } else {
index 3b5b7c3..fffa24b 100644 (file)
@@ -878,25 +878,22 @@ class Bootstrap {
         * to an URL in file typo3conf/LOCK_BACKEND or exit the script
         *
         * @throws \RuntimeException
+        * @param bool $forceProceeding if this option is set, the bootstrap will proceed even if the user is logged in (usually only needed for special AJAX cases, see AjaxRequestHandler)
         * @return Bootstrap
         * @internal This is not a public API method, do not use in own extensions
         */
-       public function checkLockedBackendAndRedirectOrDie() {
+       public function checkLockedBackendAndRedirectOrDie($forceProceeding = FALSE) {
                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
                        throw new \RuntimeException('TYPO3 Backend locked: Backend and Install Tool are locked for maintenance. [BE][adminOnly] is set to "' . (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] . '".', 1294586847);
                }
-               if (@is_file((PATH_typo3conf . 'LOCK_BACKEND'))) {
-                       if (TYPO3_PROCEED_IF_NO_USER === 2) {
-
+               if (@is_file(PATH_typo3conf . 'LOCK_BACKEND') && $forceProceeding === FALSE) {
+                       $fileContent = Utility\GeneralUtility::getUrl(PATH_typo3conf . 'LOCK_BACKEND');
+                       if ($fileContent) {
+                               header('Location: ' . $fileContent);
                        } else {
-                               $fileContent = Utility\GeneralUtility::getUrl(PATH_typo3conf . 'LOCK_BACKEND');
-                               if ($fileContent) {
-                                       header('Location: ' . $fileContent);
-                               } else {
-                                       throw new \RuntimeException('TYPO3 Backend locked: Browser backend is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.', 1294586848);
-                               }
-                               die;
+                               throw new \RuntimeException('TYPO3 Backend locked: Browser backend is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.', 1294586848);
                        }
+                       die;
                }
                return $this;
        }
@@ -1088,11 +1085,12 @@ class Bootstrap {
         * Initializes and ensures authenticated access
         *
         * @internal This is not a public API method, do not use in own extensions
+        * @param bool $proceedIfNoUserIsLoggedIn if set to TRUE, no forced redirect to the login page will be done
         * @return \TYPO3\CMS\Core\Core\Bootstrap
         */
-       public function initializeBackendAuthentication() {
+       public function initializeBackendAuthentication($proceedIfNoUserIsLoggedIn = FALSE) {
                $GLOBALS['BE_USER']->checkCLIuser();
-               $GLOBALS['BE_USER']->backendCheckLogin();
+               $GLOBALS['BE_USER']->backendCheckLogin($proceedIfNoUserIsLoggedIn);
                return $this;
        }