GdprController.php 7.64 KB
Newer Older
Stefan Busemann's avatar
Stefan Busemann committed
1
<?php
2

Stefan Busemann's avatar
Stefan Busemann committed
3
declare(strict_types = 1);
Stefan Busemann's avatar
Stefan Busemann committed
4
5
6

namespace T3o\T3oLdap\Controller;

Stefan Busemann's avatar
Stefan Busemann committed
7
use T3o\T3oLdap\Connectors\Ldap;
Stefan Busemann's avatar
Stefan Busemann committed
8
use TYPO3\CMS\Backend\Routing\UriBuilder;
9
10
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Mail\MailMessage;
11
use TYPO3\CMS\Core\Messaging\AbstractMessage;
Stefan Busemann's avatar
Stefan Busemann committed
12
13
14
15
16
17
18
19
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;

/**
 * Class GdprController
 */
class GdprController extends ActionController
{
Stefan Busemann's avatar
Stefan Busemann committed
20
21
22
23
    public function initializeAction()
    {
        parent::initializeAction();
        if (!$GLOBALS['BE_USER']) {
24
            $this->addFlashMessage('no access to this function', 'Access denied', AbstractMessage::ERROR);
Stefan Busemann's avatar
Stefan Busemann committed
25
26
27
            $this->forward('message');
        }
        if ($GLOBALS['BE_USER']->isAdmin() === false) {
28
29
30
31
32
            $this->addFlashMessage(
                'You need Admin rights, to use this function.',
                'Access denied',
                AbstractMessage::ERROR
            );
Stefan Busemann's avatar
Stefan Busemann committed
33
34
35
36
            $this->forward('message');
        }
    }

Stefan Busemann's avatar
Stefan Busemann committed
37
    /**
38
     *
Stefan Busemann's avatar
Stefan Busemann committed
39
     */
40
    public function step1Action()
Stefan Busemann's avatar
Stefan Busemann committed
41
42
43
44
45
46
    {
        $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);

        $this->view->assignMultiple(
            [
                'moduleUri' => $uriBuilder->buildUriFromRoute('tce_db'),
47
48
49
50
51
52
53
                'action' => 'step1'
            ]
        );
    }

    public function step2Action()
    {
54
        if ($this->request->hasArgument('username')) {
55
56
57
58
59
60
61
62
            $userName = $this->request->getArgument('username');
        } else {
            $this->addFlashMessage('No user given', 'Error', AbstractMessage::ERROR);
            $this->forward('step1');
        }

        if ($this->checkLdapUser($userName)) {
            $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
63
64

            $ldapUser = $this->getLdapUser($userName);
65
66
67
            $this->view->assignMultiple(
                [
                    'moduleUri' => $uriBuilder->buildUriFromRoute('tce_db'),
68
69
                    'action' => 'step2',
                    'user' => $ldapUser
70
71
72
73
74
75
                ]
            );
        } else {
            $this->addFlashMessage('No user found', 'Error', AbstractMessage::ERROR);
            $this->forward('step1');
        }
76
77
78
79
    }

    public function confirmAction()
    {
80
        if (!$this->request->hasArgument('user')) {
81
82
83
            $this->addFlashMessage('No user found', 'Error', AbstractMessage::ERROR);
            $this->forward('step1');
        }
84

85
86
87
88
89
        $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);

        $this->view->assignMultiple(
            [
                'moduleUri' => $uriBuilder->buildUriFromRoute('tce_db'),
90
                'action' => 'confirm',
Stefan Busemann's avatar
Stefan Busemann committed
91
92
93
94
                'user' => $this->request->getArgument('user'),
                'comment' => $this->request->getArgument('comment'),
                'otrs' => $this->request->getArgument('otrs'),
                'gitlab' => $this->request->getArgument('gitlab')
Stefan Busemann's avatar
Stefan Busemann committed
95
96
97
            ]
        );
    }
98

99
100
101
102
103
104
105
    public function deleteAction()
    {
        if (!$this->request->hasArgument('user')) {
            $this->addFlashMessage('No user found', 'Error', AbstractMessage::ERROR);
            $this->forward('step1');
        }
        $user = $this->request->getArgument('user');
Stefan Busemann's avatar
Stefan Busemann committed
106
107
108
109
        $data['username'] = $user['uid'][0];
        $data['email'] = $user['mail'][0];
        $data['deleted_by'] = $GLOBALS['BE_USER']->user['username'];
        $data['delete_date'] = time();
110
111
112
        $data['otrs_ticket'] = $this->request->getArgument('otrs');
        $data['gitlab_ticket'] = $this->request->getArgument('gitlab');
        $data['comment'] = $this->request->getArgument('comment');
113

114
        $this->sendORTSMail($data);
115

116
        $this->createORTSTicket($data);
117

Stefan Busemann's avatar
Stefan Busemann committed
118
119
120
        $this->deleteLdapUser($data);

        $this->deleteLocalUser($data);
121

122
123
124
        $this->createOldUser($data);

        $this->addFlashMessage('The user was deleted successfully', 'LDAP deletion', AbstractMessage::OK);
Stefan Busemann's avatar
Stefan Busemann committed
125
126

        $this->forward('step1');
127
128
129
130
131
132
133
    }

    /**
     * @param string $userName
     * @return bool
     * @throws \Exception
     */
134
135
    protected function checkLdapUser(string $userName)
    {
136
137
138
139
140
141
        /** @var Ldap $ldap */
        try {
            $ldap = new Ldap();
        } catch (\Exception $e) {
            throw $e;
        }
142

143
144
145
        if ($ldap->userExists($userName)) {
            return true;
        }
Stefan Busemann's avatar
Stefan Busemann committed
146
        return false;
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
    }

    /**
     * @param string $userName
     * @return array
     * @throws \Exception
     */
    protected function getLdapUser(string $userName)
    {
        /** @var Ldap $ldap */
        try {
            $ldap = new Ldap();
        } catch (\Exception $e) {
            throw $e;
        }

        return $ldap->getUser($userName);
    }

166
167
168
169
    protected function createOldUser(array $data)
    {
        $dbConnection = GeneralUtility::makeInstance(ConnectionPool::class);
        $dbConnection->getConnectionForTable('old_users')->insert('old_users', $data);
170
171
    }

172
173
    protected function sendORTSMail(array $data)
    {
Stefan Busemann's avatar
Stefan Busemann committed
174
175
176
177
178
179
        $message = 'Dear data privacy officer,
        
            we like to inform you, that this 
            
            LDAP User:' . $data['username'] . ' 
            
180
            was deleted.
Stefan Busemann's avatar
Stefan Busemann committed
181
182
183
184
185
             
             The Server Team is informed, and will remove all further account data (wiki, forge, talk, ...).
             OTRS Link of initial Ticket from data privacy officer:' . $data['otrs_ticket'] . '
             Gitlab Link of typo3.org website team:' . $data['gitlab_ticket'] . '
             further comment:' . $data['comment'] . '
Stefan Busemann's avatar
Stefan Busemann committed
186
             LDAP User deletion was performed by:' . $GLOBALS['BE_USER']->name . '
Stefan Busemann's avatar
Stefan Busemann committed
187
             
188
             Your TYPO3 website administration team
Stefan Busemann's avatar
Stefan Busemann committed
189
             ';
190
        $mail = GeneralUtility::makeInstance(MailMessage::class);
191
        $mail->setSubject('[Ticket#' . $data['otrs'] . '] User deletion notification : ' . $data['username']);
Stefan Busemann's avatar
Stefan Busemann committed
192
193
        $mail->setFrom(['confirm-t3o-account@typo3.org' => 'typo3.org administration']);
        $mail->setTo(['otrs@typo3.org', 'otrs@typo3.org' => 'TYPO3 OTRS Notification Master']);
Stefan Busemann's avatar
Stefan Busemann committed
194
        $mail->setBody($message);
195
        $mail->send();
196
197
    }

198
199
    protected function createORTSTicket(array $data)
    {
200
        $message = 'Dear Server Team,
Stefan Busemann's avatar
Stefan Busemann committed
201
        
202
        please delete all accounts from this LDAP User:
Stefan Busemann's avatar
Stefan Busemann committed
203
        
204
        Username: ' . $data['username'] . '        
205
        Mail: ' . $data['email'] . '
Stefan Busemann's avatar
Stefan Busemann committed
206
207
208
209
210
211
        
        OTRS Link of initial Ticket from data privacy officer:' . $data['otrs_ticket'] . '
        Gitlab Link of typo3.org website team:' . $data['gitlab_ticket'] . '
        further comment:' . $data['comment'] . '
        LDAP User deletion was performed by:' . $GLOBALS['BE_USER']->name . '
             
212
        Your TYPO3 website administration team';
Stefan Busemann's avatar
Stefan Busemann committed
213

214
        $mail = GeneralUtility::makeInstance(MailMessage::class);
Stefan Busemann's avatar
Stefan Busemann committed
215
        $mail->setSubject('User delection process: ' . $data['username']);
Stefan Busemann's avatar
Stefan Busemann committed
216
217
        $mail->setFrom(['confirm-t3o-account@typo3.org' => 'typo3.org administration']);
        $mail->setTo(['admin@typo3.org', 'admin@typo3.org' => 'TYPO3 Serverteam']);
Stefan Busemann's avatar
Stefan Busemann committed
218
        $mail->setBody($message);
219
        $mail->send();
220
221
    }

Stefan Busemann's avatar
Stefan Busemann committed
222
    protected function deleteLdapUser(array $data)
223
    {
224
        // delete my.typo3.org user
Stefan Busemann's avatar
Stefan Busemann committed
225
226
227
228
229
230
231
        /** @var Ldap $ldap */
        try {
            $ldap = new Ldap();
        } catch (\Exception $e) {
            throw $e;
        }

Stefan Busemann's avatar
Stefan Busemann committed
232
        //$ldap->deleteUser($data['userName']);
Stefan Busemann's avatar
Stefan Busemann committed
233
234
235

        return true;
    }
236

Stefan Busemann's avatar
Stefan Busemann committed
237
238
239
240
241
    protected function deleteLocalUser(array $data)
    {
        $dbConnection = GeneralUtility::makeInstance(ConnectionPool::class);
        $dbConnection->getConnectionForTable('fe_users')->delete(
            'fe_users',
Stefan Busemann's avatar
Stefan Busemann committed
242
            ['username' => $data['username']]
Stefan Busemann's avatar
Stefan Busemann committed
243
        );
244
    }
Stefan Busemann's avatar
Stefan Busemann committed
245
}