[BUGFIX] Check for rsaauth being usable
authorSteffen Gebert <steffen.gebert@typo3.org>
Fri, 21 Oct 2011 19:39:44 +0000 (21:39 +0200)
committerXavier Perseguers <xavier@typo3.org>
Mon, 24 Oct 2011 21:46:04 +0000 (23:46 +0200)
The Extension Manager shows the results of some checks in the
Configuration section of the extension "saltedpasswords", whether
"rsaauth" is loaded and whether it is enabled.

However, it lacks a check for "rsaauth" being really able to work.
If "rsaauth" fails, tell the user that OpenSSL extension is not available
or not working correctly.

Change-Id: I80186c989d399fc88b601475a83637f0b71cbb3c
Resolves: #31178
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6267
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php

index bbd6826..eb88a1c 100644 (file)
@@ -77,7 +77,7 @@ class tx_saltedpasswords_emconfhelper {
                                if ($this->errorType < t3lib_FlashMessage::ERROR) {
                                        $this->errorType = t3lib_FlashMessage::WARNING;
                                        $this->header = 'Warnings about your configuration';
-                                       $this->preText = 'SaltedPasswords might behave different than expectated:<br />';
+                                       $this->preText = 'SaltedPasswords might behave different than expected:<br />';
                                }
                        break;
                        case 'info':
@@ -159,22 +159,39 @@ EOT;
 
                        // the backend is called over SSL
                $SSL = (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged'));
-                       // rsaAuth is loaded/active
-               $RSAauth = (t3lib_extMgm::isLoaded('rsaauth') && ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] == 'rsa'));
+               $rsaAuthLoaded = t3lib_extMgm::isLoaded('rsaauth');
 
                if ($extConf['enabled']) {
                                // SSL configured?
                        if ($SSL) {
                                $this->setErrorLevel('ok');
                                $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
-                       } elseif ($RSAauth) {
-                               $this->setErrorLevel('ok');
-                               $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentification.';
+                       } elseif ($rsaAuthLoaded) {
+                               if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa') {
+                                       if ($this->isRsaAuthBackendAvailable()) {
+                                               $this->setErrorLevel('ok');
+                                               $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentication.';
+                                       } else {
+                                                       // this means that login would fail because rsaauth is not working properly
+                                               $this->setErrorLevel('error');
+                                               $problems[] = '<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' .
+                                                                         'is available. Please install and configure the PHP extension "openssl". '.
+                                                                         'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+                                       }
+                               } else {
+                                               // this means that we are not using saltedpasswords
+                                       $this->setErrorLevel('error');
+                                       $problems[] = 'The "rsaauth" extension is installed, but TYPO3 is not configured to use it during login.
+                                               Use the Install Tool to set the Login Security Level for the backend to "rsa"
+                                               ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])';
+
+                               }
                        } else {
+                                       // this means that we are not using saltedpasswords
                                $this->setErrorLevel('error');
                                $problems[] = <<< EOT
 Backend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitely enabled for backend
+authentication will not work even if it was explicitly enabled for backend
 usage:<br />
 <ul>
        <li>Install the "rsaauth" extension and use the Install Tool to set the
@@ -196,7 +213,7 @@ EOT;
 
                                // only saltedpasswords as authsservice
                        if ($extConf['onlyAuthService']) {
-                                       // warn user taht the combination with "forceSalted" may lock him out from Backend
+                                       // warn user that the combination with "forceSalted" may lock him out from Backend
                                if ($extConf['forceSalted']) {
                                        $this->setErrorLevel('warning');
                                        $problems[] = <<< EOT
@@ -258,6 +275,21 @@ EOT;
        }
 
        /**
+        * Checks if rsaauth is able to obtain a backend
+        *
+        * @return bool
+        */
+       protected function isRsaAuthBackendAvailable() {
+               /**
+                * Try to instantiate an RSAauth backend. If this does not work, it means that OpenSSL is not usable
+                * @var $rsaauthBackendFactory tx_rsaauth_backendfactory
+                */
+               $rsaauthBackendFactory = t3lib_div::makeInstance('tx_rsaauth_backendfactory');
+               $backend = $rsaauthBackendFactory->getBackend();
+               return $backend !== NULL;
+       }
+
+       /**
         * Checks the frontend configuration and shows a message if necessary.
         *
         * @param       array                           $params: Field information to be rendered
@@ -269,13 +301,13 @@ EOT;
                $extConf = $this->extConf['FE'];
 
                if ($extConf['enabled']) {
-                               // inform the user if securityLevel in FE is superchallenged or blank --> extension won't work
+                               // inform the user if securityLevel in FE is challenged or blank --> extension won't work
                        if (!t3lib_div::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
                                $this->setErrorLevel('info');
                                $problems[] = <<< EOT
 <strong>IMPORTANT:</strong><br />
 Frontend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitely enabled for frontend
+authentication will not work even if it was explicitly enabled for frontend
 usage:<br />
 <ul>
        <li>Install the "rsaauth" extension and use the Install Tool to set the
@@ -287,8 +319,19 @@ usage:<br />
                (\$TYPO3_CONF_VARS['FE']['loginSecurityLevel'])</li>
 </ul>
 <br />
-Make sure that the Login Security Level is not set to "" or "superchallenged"!
+Make sure that the Login Security Level is not set to "" or "challenged"!
 EOT;
+                       } elseif (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') {
+                               if ($this->isRsaAuthBackendAvailable()) {
+                                       $this->setErrorLevel('ok');
+                                       $problems[] = 'The frontend is configured to use SaltedPasswords with RSA authentication.';
+                               } else {
+                                               // this means that login would fail because rsaauth is not working properly
+                                       $this->setErrorLevel('error');
+                                       $problems[] = '<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' .
+                                                                 'is available. Please install and configure the PHP extension "openssl". '.
+                                                                 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+                               }
                        }
                                // only saltedpasswords as authsservice
                        if ($extConf['onlyAuthService']) {