Commit 4a4e435a authored by Benjamin Franzke's avatar Benjamin Franzke Committed by Benni Mack
Browse files

[BUGFIX] Fix negated isLoggedInBackendUserRequired() method

The method returned the opposite of what the function name
defines. It checks whether the current backend route
is a public route, and in that case it returned true. But if
a public route is requested, then a backend user is actually
*not* required.

The method was then used inverted, which contervailed this mistake.
Therefore there was no functional bug here, just a naming bug.

Therefore we now invert the result of this method.

Releases: master
Resolves: #93021
Change-Id: I4ae585eb9259360cb3975df6654640d18ec45932
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67048


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
parent eff4fd02
......@@ -72,14 +72,15 @@ class BackendUserAuthenticator extends \TYPO3\CMS\Core\Middleware\BackendUserAut
$GLOBALS['BE_USER']->start();
// Register the backend user as aspect and initializing workspace once for TSconfig conditions
$this->setBackendUserAspect($GLOBALS['BE_USER'], (int)$GLOBALS['BE_USER']->user['workspace_id']);
if (!$this->isLoggedInBackendUserRequired($route) && !$this->context->getAspect('backend.user')->isLoggedIn()) {
if ($this->isLoggedInBackendUserRequired($route) && !$this->context->getAspect('backend.user')->isLoggedIn()) {
$uri = GeneralUtility::makeInstance(UriBuilder::class)->buildUriFromRoute('login');
$response = new RedirectResponse($uri);
return $this->enrichResponseWithHeadersAndCookieInformation($response, $GLOBALS['BE_USER']);
}
try {
$proceedIfNoUserIsLoggedIn = $this->isLoggedInBackendUserRequired($route) === false;
// @todo: Ensure that the runtime exceptions are caught
$GLOBALS['BE_USER']->backendCheckLogin($this->isLoggedInBackendUserRequired($route));
$GLOBALS['BE_USER']->backendCheckLogin($proceedIfNoUserIsLoggedIn);
$GLOBALS['LANG'] = LanguageService::createFromUserPreferences($GLOBALS['BE_USER']);
// Re-setting the user and take the workspace from the user object now
$this->setBackendUserAspect($GLOBALS['BE_USER']);
......@@ -127,10 +128,10 @@ class BackendUserAuthenticator extends \TYPO3\CMS\Core\Middleware\BackendUserAut
* If we're trying to do a login or an ajax login, don't require a user.
*
* @param Route $route the Route path to check against, something like '
* @return bool whether the request can proceed without a login required
* @return bool true when the Route requires an authenticated backend user
*/
protected function isLoggedInBackendUserRequired(Route $route): bool
{
return in_array($route->getPath(), $this->publicRoutes, true);
return in_array($route->getPath(), $this->publicRoutes, true) === false;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment