class.tx_ter_helper.php

<?php
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

/**
 * Helper functions used in the TER API
 *
 * @author    Robert Lemke <robert@typo3.org>
 */
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Utility\GeneralUtility;

// Error codes:
define('TX_TER_ERROR_GENERAL_EXTREPDIRDOESNTEXIST', '100');
define('TX_TER_ERROR_GENERAL_NOUSERORPASSWORD', '101');
define('TX_TER_ERROR_GENERAL_USERNOTFOUND', '102');
define('TX_TER_ERROR_GENERAL_WRONGPASSWORD', '103');
define('TX_TER_ERROR_GENERAL_DATABASEERROR', '104');
define('TX_TER_ERROR_GENERAL_EXTENSIONCONTAINSNOFILES', '105');

define('TX_TER_ERROR_UPLOADEXTENSION_EXTENSIONDOESNTEXIST', '202');
define('TX_TER_ERROR_UPLOADEXTENSION_EXTENSIONCONTAINSNOFILES', '203');
define('TX_TER_ERROR_UPLOADEXTENSION_WRITEERRORWHILEWRITINGFILES', '204');
define('TX_TER_ERROR_UPLOADEXTENSION_EXTENSIONTOOBIG', '205');
define('TX_TER_ERROR_UPLOADEXTENSION_EXISTINGEXTENSIONRECORDNOTFOUND', '206');
define('TX_TER_ERROR_UPLOADEXTENSION_FILEMD5DOESNOTMATCH', '207');
define('TX_TER_ERROR_UPLOADEXTENSION_ACCESSDENIED', '208');
define('TX_TER_ERROR_UPLOADEXTENSION_TYPO3DEPENDENCYINCORRECT', '209');
define('TX_TER_ERROR_UPLOADEXTENSION_TYPO3DEPENDENCYCHECKFAILED', '210');
define('TX_TER_ERROR_UPLOADEXTENSION_EXTENSIONVERSIONEXISTS', '211');
define('TX_TER_ERROR_UPLOADEXTENSION_NOUPLOADCOMMENT', '212');

define('TX_TER_ERROR_REGISTEREXTENSIONKEY_DBERRORWHILEINSERTINGKEY', '300');

define('TX_TER_ERROR_DELETEEXTENSIONKEY_ACCESSDENIED', '500');
define('TX_TER_ERROR_DELETEEXTENSIONKEY_KEYDOESNOTEXIST', '501');
define('TX_TER_ERROR_DELETEEXTENSIONKEY_CANTDELETEBECAUSEVERSIONSEXIST', '502');

define('TX_TER_ERROR_MODIFYEXTENSIONKEY_ACCESSDENIED', '600');
define('TX_TER_ERROR_MODIFYEXTENSIONKEY_SETTINGTOTHISOWNERISNOTPOSSIBLE', '601');
define('TX_TER_ERROR_MODIFYEXTENSIONKEY_KEYDOESNOTEXIST', '602');

define('TX_TER_ERROR_SETREVIEWSTATE_NOUSERGROUPDEFINED', '700');
define('TX_TER_ERROR_SETREVIEWSTATE_ACCESSDENIED', '701');
define('TX_TER_ERROR_SETREVIEWSTATE_EXTENSIONVERSIONDOESNOTEXIST', '702');

define('TX_TER_ERROR_INCREASEEXTENSIONDOWNLOADCOUNTER_NOUSERGROUPDEFINED', '800');
define('TX_TER_ERROR_INCREASEEXTENSIONDOWNLOADCOUNTER_ACCESSDENIED', '801');
define('TX_TER_ERROR_INCREASEEXTENSIONDOWNLOADCOUNTER_EXTENSIONVERSIONDOESNOTEXIST', '802');
define('TX_TER_ERROR_INCREASEEXTENSIONDOWNLOADCOUNTER_INCREMENTORNOTPOSITIVEINTEGER', '803');
define('TX_TER_ERROR_INCREASEEXTENSIONDOWNLOADCOUNTER_EXTENSIONKEYDOESNOTEXIST', '804');

define('TX_TER_ERROR_DELETEEXTENSION_ACCESS_DENIED', '900');
define('TX_TER_ERROR_DELETEEXTENSION_EXTENSIONDOESNTEXIST', '901');

// Result codes:
define('TX_TER_RESULT_GENERAL_OK', '10000');
define('TX_TER_RESULT_ERRORS_OCCURRED', '10001');

define('TX_TER_RESULT_EXTENSIONKEYALREADYEXISTS', '10500');
define('TX_TER_RESULT_EXTENSIONKEYDOESNOTEXIST', '10501');
define('TX_TER_RESULT_EXTENSIONKEYNOTVALID', '10502');
define('TX_TER_RESULT_EXTENSIONKEYSUCCESSFULLYREGISTERED', '10503');
define('TX_TER_RESULT_EXTENSIONSUCCESSFULLYUPLOADED', '10504');
define('TX_TER_RESULT_EXTENSIONSUCCESSFULLYDELETED', '10505');

/**
 * TYPO3 Extension Repository, helper functions
 *
 * @author    Robert Lemke <robert@typo3.org>
 */
class tx_ter_helper
{
    protected $pluginObj;

    /**
     * Constructor
     *
     * @param    object $pluginObj : Reference to parent object
     * @access    public
     */
    public function __construct($pluginObj)
    {
        $this->pluginObj = $pluginObj;
        $this->pluginObj->conf['adminFrontendUsergroupUid'] = 26;
        $this->pluginObj->conf['securityTeamFrontendUsergroupUid'] = 22;
    }

    /**
     * This verifies the given fe_users username/password.
     * Either the fe_user row is returned or an exception is thrown.
     *
     * @param    object $accountData : Account data information with username, password and upload password
     * @return    mixed        If success, returns array of fe_users, otherwise error string.
     * @access    public
     * @throws \T3o\Ter\Exception\UnauthorizedException
     */
    public function getValidUser(object $accountData): ?array
    {
        if ($accountData->username === '' || $accountData->password === '') {
            throw new \T3o\Ter\Exception\UnauthorizedException('No user or no password submitted.', TX_TER_ERROR_GENERAL_NOUSERORPASSWORD);
        }

        $user = $this->getUserByUsername($accountData->username);

        if ($user) {
            if (!$this->userIsAlreadyLoggedIn($accountData) && !$this->ldapValidationSucceeded($accountData)) {
                throw new \T3o\Ter\Exception\UnauthorizedException('Wrong password.', TX_TER_ERROR_GENERAL_WRONGPASSWORD);
            }
            $user['admin'] = $this->userIsAdmin($user['usergroup']) || $this->userIsSecurityTeamMember($user['usergroup']);
        } else {
            throw new \T3o\Ter\Exception\UnauthorizedException('The specified user does not exist. You need to login first on extensions.typo3.org.', TX_TER_ERROR_GENERAL_USERNOTFOUND);
        }

        return $user;
    }

    private function getUserByUsername(string $username = ''): ?array
    {
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('fe_users');

        $userRecord = $queryBuilder
            ->select('*')
            ->from('fe_users')
            ->where(
                $queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter($username))
            )
            ->execute()
            ->fetch();

        return $userRecord ?: null;
    }

    /**
     * @param string $userGroupList
     * @return bool
     */
    private function userIsAdmin(string $userGroupList): bool
    {
        return $this->pluginObj->conf['adminFrontendUsergroupUid'] > 0 && GeneralUtility::inList($userGroupList, (int)$this->pluginObj->conf['adminFrontendUsergroupUid']);
    }

    /**
     * @param string $userGroupList
     * @return bool
     */
    private function userIsSecurityTeamMember(string $userGroupList): bool
    {
        return $this->pluginObj->conf['securityTeamFrontendUsergroupUid'] > 0 && GeneralUtility::inList($userGroupList, (int)$this->pluginObj->conf['securityTeamFrontendUsergroupUid']);
    }

    /**
     * We check whether a user is logged in by TYPO3
     * because of a sent session cookie
     *
     * @param $accountData
     * @return bool
     */
    private function userIsAlreadyLoggedIn(object $accountData): bool
    {
        /** @var \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController $tsfe */
        $tsfe = $GLOBALS['TSFE'];

        return !empty($tsfe->fe_user->user['username']) && $accountData->username === $tsfe->fe_user->user['username'];
    }

    /**
     * Check if LDAP authenticates the credentials
     *
     * @param stdClass $accountData
     * @return bool
     */
    private function ldapValidationSucceeded(\stdClass $accountData): bool
    {
        if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('ig_ldap_sso_auth')) {
            return false;
        }

        /** @var \Causal\IgLdapSsoAuth\Domain\Repository\ConfigurationRepository $configurationRepository */
        $configurationRepository = GeneralUtility::makeInstance(\Causal\IgLdapSsoAuth\Domain\Repository\ConfigurationRepository::class);
        $configurationRecords = $configurationRepository->findAll();

        \Causal\IgLdapSsoAuth\Library\Configuration::initialize('fe', $configurationRecords[0]);

        return (bool)\Causal\IgLdapSsoAuth\Library\Authentication::ldapAuthenticate($accountData->username, $accountData->password);
    }

    /**
     * Checks for correct account data without throwing an exception.
     * It just returns TRUE / FALSE
     *
     * @param  object $accountData
     * @return bool
     */
    public function checkValidUser(string $accountData): bool
    {
        if ($accountData->username === '' || $accountData->password === '') {
            $success = false;
        } else {
            $user = $this->getUserByUsername($accountData->username);
            $success = $user && $this->ldapValidationSucceeded($accountData);
        }

        return $success;
    }

    /**
     * Checks if the given extension key is unique and not registered yet.
     * Takes underscores into account, so the key "ter_ter" can't be registered
     * if "te_rt_er" or "terter" already exist.
     *
     * @param    string $extensionKey : The extension key to check
     * @return    bool        Returns TRUE if the extension key is unique and not used yet, otherwise FALSE
     * @access    public
     * @author  Elmar Hinz
     */
    public function extensionKeyIsAvailable(string $extensionKey): bool
    {
        $cleanedExtensionKey = str_replace('_', '', $extensionKey);

        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_ter_extensionkeys');
        $result = $queryBuilder->select('extensionkey')
            ->from('tx_ter_extensionkeys')
            ->add('where', 'REPLACE(extensionkey, "_", "") = ' . $queryBuilder->createNamedParameter($cleanedExtensionKey))
            ->execute()
            ->rowCount();

        return $result === 0;
    }

    /**
     * Based on $extKey this returns the extension-key record.
     *
     * @param    string $extKey : Extension key
     * @return    mixed        The extension key row or FALSE
     * @access    public
     */
    public function getExtensionKeyRecord(string $extKey): ?array
    {
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_ter_extensionkeys');

        $extensionKeyRecord = $queryBuilder
            ->select('*')
            ->from('tx_ter_extensionkeys')
            ->where(
                $queryBuilder->expr()->eq('extensionkey', $queryBuilder->createNamedParameter($extKey))
            )
            ->execute()
            ->fetch();

        return $extensionKeyRecord ?: null;
    }

    /***
     * Load an instance of the BE_USER to use with TCEFORM
     *
     * @param string $username Username
     * @param boolean $isAdmin Set admin rights
     * @return void
     */
    public function loadBackendUser(string $username, bool $isAdmin = false): void
    {
        if (!empty($GLOBALS['BE_USER'])) {
            return;
        }

        $GLOBALS['BE_USER'] = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\FrontendBackendUserAuthentication::class);
        $GLOBALS['BE_USER']->user = [
            'uid' => 0,
            'username' => $username,
            'admin' => (int)$isAdmin,
        ];
    }

    /**
     * Load an instance of the LANG object
     *
     * @param string $lang Used language ident
     */
    public function loadLang(string $lang = 'default'): void
    {
        if (!empty($GLOBALS['LANG'])) {
            return;
        }

        $GLOBALS['LANG'] = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\LanguageService::class);
        $GLOBALS['LANG']->init($lang);
    }
}