Fixed bug #17305: Login/ Logout was not possible after introducing the locking in...
authorErnesto Baschny <ernst@cron-it.de>
Tue, 25 Jan 2011 19:12:05 +0000 (19:12 +0000)
committerErnesto Baschny <ernst@cron-it.de>
Tue, 25 Jan 2011 19:12:05 +0000 (19:12 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@10306 709f56b5-9817-0410-a4d7-c38de5d9e867

17 files changed:
ChangeLog
t3lib/class.t3lib_befunc.php
t3lib/class.t3lib_beuserauth.php
t3lib/class.t3lib_pagerenderer.php
t3lib/class.t3lib_tceforms.php
t3lib/core_autoload.php
t3lib/extjs/class.t3lib_extjs_extdirectrouter.php
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php
t3lib/formprotection/class.t3lib_formprotection_disabledformprotection.php [new file with mode: 0644]
t3lib/formprotection/class.t3lib_formprotection_factory.php
typo3/alt_doc.php
typo3/classes/class.ajaxlogin.php
typo3/classes/class.clearcachemenu.php
typo3/index.php
typo3/sysext/setup/mod/index.php
typo3/tce_db.php
typo3/template.php

index 6e255ec..4a8d149 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2011-01-25  Ernesto Baschny  <ernst@cron-it.de>
+
+       * Fixed bug #17305: Login/ Logout was not possible after introducing the locking in #17289 (Thanks to Helmut Hummel)
+
 2011-01-25  Jeff Segars  <jeff@webempoweredchurch.org>
 
        * Fixed bug #17302: Admin Panel CSS is loaded in the Backend
index 1839cce..0a487f0 100644 (file)
@@ -3332,7 +3332,7 @@ final class t3lib_BEfunc {
         * @return string a URL GET variable including ampersand
         */
        public static function getUrlToken($formName = 'securityToken', $tokenName = 'formToken') {
-               $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+               $formprotection = t3lib_formprotection_Factory::get();
                return '&' . $tokenName . '=' . $formprotection->generateToken($formName);
        }
 
index 5718e4c..ef1efa4 100644 (file)
@@ -402,9 +402,7 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
         */
        public function logoff() {
                if (isset($GLOBALS['BE_USER'])) {
-                       t3lib_formProtection_Factory::get(
-                               't3lib_formprotection_BackendFormProtection'
-                       )->clean();
+                       t3lib_formProtection_Factory::get()->clean();
                }
                parent::logoff();
        }
index 37f7b56..feb774c 100644 (file)
@@ -947,7 +947,7 @@ class t3lib_PageRenderer implements t3lib_Singleton {
        public function addExtDirectCode() {
                $token = '';
                if (TYPO3_MODE === 'BE') {
-                       $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+                       $formprotection = t3lib_formprotection_Factory::get();
                        $token = $formprotection->generateToken('extDirect');
                }
 
index 6436796..ea0ea4a 100644 (file)
@@ -4982,7 +4982,7 @@ class t3lib_TCEforms {
         * @return string a complete input field
         */
        public static function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') {
-               $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+               $formprotection = t3lib_formprotection_Factory::get();
                return '<input type="hidden" name="' .$tokenName . '" value="' . $formprotection->generateToken($formName) . '" />';
        }
 
index cd1686d..4b8ab00 100644 (file)
@@ -126,6 +126,7 @@ $t3libClasses = array(
        't3lib_formprotection_abstract' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_abstract.php',
        't3lib_formprotection_backendformprotection' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_backendformprotection.php',
        't3lib_formprotection_installtoolformprotection' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_installtoolformprotection.php',
+       't3lib_formprotection_disabledformprotection' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_disabledformprotection.php',
        't3lib_formprotection_invalidtokenexception' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_invalidtokenexception.php',
        't3lib_localrecordlistgettablehook' => PATH_t3lib . 'interfaces/interface.t3lib_localrecordlistgettablehook.php',
        't3lib_mail_maileradapter' => PATH_t3lib . 'interfaces/interface.t3lib_mail_maileradapter.php',
index 5c6c90b..6578ebb 100644 (file)
@@ -76,9 +76,8 @@ class t3lib_extjs_ExtDirectRouter {
                if (!is_array($request)) {
                        $request = array($request);
                }
-
-               $backendUserExists = is_object($GLOBALS['BE_USER']);
-               $validToken = !$backendUserExists;
+               
+               $validToken = FALSE;
                $firstCall = TRUE;
                foreach ($request as $index => $singleRequest) {
                        $response[$index] = array(
@@ -88,9 +87,9 @@ class t3lib_extjs_ExtDirectRouter {
                        );
 
                        $token = array_pop($singleRequest->data);
-                       if ($firstCall && $backendUserExists) {
+                       if ($firstCall) {
                                $firstCall = FALSE;
-                               $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+                               $formprotection = t3lib_formprotection_Factory::get();
                                $validToken = $formprotection->validateToken($token, 'extDirect');
                        }
 
index 49c5010..20cc07e 100644 (file)
@@ -127,7 +127,7 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
         * Only allow construction if we have a backend session
         */
        public function __construct() {
-               if (!isset($GLOBALS['BE_USER'])) {
+               if (!$this->isAuthorizedBackendSession()) {
                        throw new t3lib_error_Exception(
                                'A back-end form protection may only be instantiated if there' .
                                ' is an active back-end session.',
@@ -182,11 +182,9 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
         *
         */
        protected function updateTokens() {
-               if ($this->backendUser->user) {
-                       $this->backendUser->user = $this->backendUser->fetchUserSession(TRUE);
-                       $tokens = $this->retrieveTokens();
-                       $this->tokens = array_merge($this->tokens, $tokens);
-               }
+               $this->backendUser->user = $this->backendUser->fetchUserSession(TRUE);
+               $tokens = $this->retrieveTokens();
+               $this->tokens = array_merge($this->tokens, $tokens);
        }
 
        /**
@@ -212,6 +210,7 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
        protected function acquireLock() {
                $identifier = 'persistTokens' . $this->backendUser->id;
                try {
+                       /** @var t3lib_lock $lockObject */
                        $lockObject = t3lib_div::makeInstance('t3lib_lock', $identifier, 'simple');
                        $lockObject->setEnableLogging(FALSE);
                        $success = $lockObject->acquire();
@@ -238,6 +237,15 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
 
                return $success;
        }
+
+       /**
+        * Checks if a user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected function isAuthorizedBackendSession() {
+               return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid']));
+       }
 }
 
 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php'])) {
diff --git a/t3lib/formprotection/class.t3lib_formprotection_disabledformprotection.php b/t3lib/formprotection/class.t3lib_formprotection_disabledformprotection.php
new file mode 100644 (file)
index 0000000..62dbce2
--- /dev/null
@@ -0,0 +1,93 @@
+<?php
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2011 Helmut Hummel <helmut.hummel@typo3.org>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Class t3lib_formprotection_DisabledFormProtection.
+ *
+ * This class is a dummy implementation of the form protection,
+ * which is used when no authentication is used.
+ *
+ * $Id$
+ *
+ * @package TYPO3
+ * @subpackage t3lib
+ *
+ * @author Helmut Hummel <helmut.hummel@typo3.org>
+ */
+class t3lib_formprotection_DisabledFormProtection extends t3lib_formprotection_Abstract {
+
+       /**
+        * Disable parent constructor
+        */
+       public function __construct() {
+               // Do nothing.
+       }
+
+       /**
+        * Disable parent method
+        */
+       public function generateToken(
+               $formName, $action = '', $formInstanceName = ''
+       ) {
+               return 'dummyToken';
+       }
+
+       /**
+        * Disable parent method.
+        * Always return true.
+        *
+        * @return boolean
+        */
+       public function validateToken(
+               $tokenId, $formName, $action = '', $formInstanceName = ''
+       ) {
+               return TRUE;
+       }
+
+       /**
+        * Dummy implementation
+        */
+       protected function createValidationErrorMessage() {
+               // Do nothing.
+       }
+
+       /**
+        * Dummy implementation
+        */
+       protected function retrieveTokens() {
+               // Do nothing.
+       }
+
+       /**
+        * Dummy implementation
+        */
+       public function persistTokens() {
+               // Do nothing.
+       }
+}
+
+if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php'])) {
+       include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php']);
+}
+?>
index aaf116d..5688f47 100644 (file)
@@ -61,7 +61,7 @@ final class t3lib_formprotection_Factory {
         *
         * @var array<t3lib_formProtectionAbstract>
         */
-       static protected $instances = array();
+       protected static $instances = array();
 
        /**
         * Private constructor to prevent instantiation.
@@ -81,8 +81,83 @@ final class t3lib_formprotection_Factory {
         *
         * @return t3lib_formprotection_Abstract the requested instance
         */
-       static public function get($className) {
+       public static function get($className = NULL) {
+               if ($className === NULL) {
+                       $className = self::getClassNameByState();
+               }
                if (!isset(self::$instances[$className])) {
+                       self::createAndStoreInstance($className);
+               }
+               return self::$instances[$className];
+       }
+
+       /**
+        * Returns the classname depending on TYPO3_MODE and
+        * active backend session.
+        *
+        * @return string
+        */
+       protected static function getClassNameByState() {
+               switch (true) {
+                       case self::isInstallToolSession():
+                               $className = 't3lib_formprotection_InstallToolFormProtection';
+                               break;
+                       case self::isBackendSession():
+                               $className = 't3lib_formprotection_BackendFormProtection';
+                               break;
+                       case self::isFrontendSession():
+                       default:
+                               $className = 't3lib_formprotection_DisabledFormProtection';
+               }
+               return $className;
+       }
+
+       /**
+        * Check if we are in the install tool
+        *
+        * @return boolean
+        */
+       protected static function isInstallToolSession() {
+               return (defined(TYPO3_enterInstallScript) && TYPO3_enterInstallScript);
+       }
+
+       /**
+        * Checks if a user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected static function isBackendSession() {
+               return (isset($GLOBALS['BE_USER']) &&
+                       $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth &&
+                       isset($GLOBALS['BE_USER']->user['uid']) &&
+                       !(TYPO3_MODE == 'FE')
+               );
+       }
+
+       /**
+        * Checks if a frontend user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected static function isFrontendSession() {
+               return (is_object($GLOBALS['TSFE']) &&
+                       $GLOBALS['TSFE']->fe_user instanceof tslib_feUserAuth &&
+                       isset($GLOBALS['TSFE']->fe_user->user['uid']) &&
+                       (TYPO3_MODE == 'FE')
+               );
+       }
+
+       /**
+        * Creates an instace for the requested class $className
+        * and stores it internally.
+        *
+        * @param string $className
+        *              the name of the class for which to return an instance, must be
+        *              "t3lib_formProtection_BackEnd" or "t3lib_formprotection_InstallToolFormProtection"
+        *
+        * @throws InvalidArgumentException
+        */
+       protected static function createAndStoreInstance($className) {
                        if (!class_exists($className, TRUE)) {
                                throw new InvalidArgumentException(
                                        '$className must be the name of an existing class, but ' .
@@ -101,8 +176,6 @@ final class t3lib_formprotection_Factory {
                                );
                        }
                        self::$instances[$className] = $instance;
-               }
-               return self::$instances[$className];
        }
 
        /**
@@ -119,7 +192,7 @@ final class t3lib_formprotection_Factory {
         *
         * @return void
         */
-       static public function set($className, t3lib_formprotection_Abstract $instance) {
+       public static function set($className, t3lib_formprotection_Abstract $instance) {
                self::$instances[$className] = $instance;
        }
 
@@ -130,7 +203,7 @@ final class t3lib_formprotection_Factory {
         *
         * @return void
         */
-       static public function purgeInstances() {
+       public static function purgeInstances() {
                foreach (self::$instances as $key => $instance) {
                        $instance->__destruct();
                        unset(self::$instances[$key]);
index d43f387..6fd9173 100644 (file)
@@ -1491,7 +1491,7 @@ $SOBE = t3lib_div::makeInstance('SC_alt_doc');
 // Preprocessing, storing data if submitted to
 $SOBE->preInit();
 
-$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+$formprotection = t3lib_formprotection_Factory::get();
 
 if ($SOBE->doProcessData())    {               // Checks, if a save button has been clicked (or the doSave variable is sent)
        if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'editRecord')) {
index 342b1df..fbced2e 100644 (file)
@@ -44,7 +44,7 @@ class AjaxLogin {
         */
        public function login(array $parameters, TYPO3AJAX $ajaxObj) {
                if ($GLOBALS['BE_USER']->user['uid']) {
-                       $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+                       $formprotection = t3lib_formprotection_Factory::get();
                        $token = $formprotection->generateToken('extDirect');
 
                        $json = array(
index 1c70490..afc798a 100644 (file)
@@ -115,7 +115,7 @@ class ClearCacheMenu implements backend_toolbarItem {
                        }
                }
 
-               t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection')->persistTokens();
+               t3lib_formprotection_Factory::get()->persistTokens();
        }
 
        /**
index 5a363c6..71669b1 100644 (file)
@@ -397,7 +397,7 @@ class SC_index {
                        if (!$this->loginRefresh)       {
                                t3lib_utility_Http::redirect($this->redirectToURL);
                        } else {
-                               $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+                               $formprotection = t3lib_formprotection_Factory::get();
                                $token = $formprotection->generateToken('extDirect');
                                $TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
                                        if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
index aa7df95..6ed8e30 100755 (executable)
@@ -139,9 +139,7 @@ class SC_mod_user_setup_index {
         * Instanciate the form protection before a simulated user is initialized.
         */
        public function __construct() {
-               $this->formProtection = t3lib_formProtection_Factory::get(
-                       't3lib_formprotection_BackendFormProtection'
-               );
+               $this->formProtection = t3lib_formProtection_Factory::get();
        }
 
        /**
index e098672..7e883e7 100644 (file)
@@ -246,7 +246,7 @@ $SOBE->init();
 // Include files?
 foreach($SOBE->include_once as $INC_FILE)      include_once($INC_FILE);
 
-$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+$formprotection = t3lib_formprotection_Factory::get();
 
 if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'tceAction')) {
        $SOBE->initClipboard();
index cc6858a..c244e75 100644 (file)
@@ -926,7 +926,7 @@ $str.=$this->docBodyTagBegin().
 
 <!-- Wrapping DIV-section for whole page END -->
 </div>':'') . $this->endOfPageJsBlock ;
-                       t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection')->persistTokens();
+                       t3lib_formprotection_Factory::get()->persistTokens();
                }