[TYPO3-dev] How to check credentials for FE-user?
Jost Baron
jost.baron at gmx.de
Mon Sep 8 20:16:03 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Philipp,
thanks.
Below is my code used to check if a users credentials are correct, in
case someone needs this, or wants to review it. It can also be found
at here: http://pastebin.com/FeinV8jE .
Regards,
Jost
use \TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* A service that verifies credentials for a frontend user.
*
* @author Jost Baron <jost.baron at gmx.de>
*/
class FrontendUserAuthenticationService implements
\TYPO3\CMS\Core\SingletonInterface {
/**
* Checks if the given credentials correct for the user with the
given name.
* Only searches users on the given storage pages.
* @param string $username
* @param string $password
* @param string $storageIds Comma separated list of storage ids
too look
* on for user data.
* @returns boolean true if the credentials are correct, false
otherwise.
*/
public function isValidLogin($username, $password, $storageIds) {
$loginData = array(
'status' => 'login',
'uname' => $username,
'uident' => $password,
'uident_text' => $password,
);
$findUserServiceObjects =
$this->getAuthenticationServices('getUserFE', $loginData, $storageIds);
$user = $this->getFirstUser($findUserServiceObjects);
if (FALSE === $user) {
return FALSE;
}
$authUserServiceObjects =
$this->getAuthenticationServices('authUserFE', $loginData, $storageIds);
return $this->checkUserAuthentication($user,
$authUserServiceObjects);
}
/**
* Returns the authentication service chain to use (configured
using TYPO3).
* @param string $subType The subtype of authentication services,
either
* getUserFE, getUserBE, authUserFE or authUserBE
* @param array $loginData
* @return array
*/
protected function getAuthenticationServices($subType, $loginData,
$storageIds) {
$serviceChain = '';
$serviceObjects = array();
$authInfo = $this->getAuthInfoArray($storageIds);
while (is_object($serviceObj =
GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
$serviceChain .= ',' . $serviceObj->getServiceKey();
$serviceObj->initAuth($subType, $loginData, $authInfo,
$this->getParentObject());
array_push($serviceObjects, $serviceObj);
}
return $serviceObjects;
}
/**
* Returns the first user that matches the login data given to the
services.
* @param array $serviceObjects The authentication service chain.
* @return array|boolean The database row of the user, or FALSE if
none is
* found.
*/
protected function getFirstUser($serviceObjects) {
$user = FALSE;
foreach ($serviceObjects as $serviceObject) {
$user = $serviceObject->getUser();
if (FALSE !== $user) {
break;
}
}
return $user;
}
/**
* Checks if the user is correctly authenticated with the given data.
* @param array $user The user to authenticate, as fetched by the
* fetchUserFE subtype of the services.
* @param array $serviceObjects The authentication service chain.
* @return boolean TRUE, if the credentials are correct, FALSE
otherwise.
*/
protected function checkUserAuthentication($user, $serviceObjects) {
$authenticationSuccessful = FALSE;
foreach ($serviceObjects as $serviceObject) {
$serviceReturnValue = intval($serviceObject->authUser($user));
if ($serviceReturnValue <= 0) {
$authenticationSuccessful = FALSE;
break;
}
if ($serviceReturnValue >= 200) {
$authenticationSuccessful = TRUE;
break;
}
else if ($serviceReturnValue < 100) {
$authenticationSuccessful = TRUE;
}
else {
$authenticationSuccessful = FALSE;
}
}
return $authenticationSuccessful;
}
/**
* Returns the "authInfo", a collection of settings and values
influencing
* authentication.
* @param string $pidlist Comma separated list of page ids to search.
* @return array The authInfo array.
*/
protected function getAuthInfoArray($pidlist) {
$authInfo = array(
'loginType' => 'FE',
'refInfo' =>
parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER')),
'HTTP_HOST' =>
GeneralUtility::getIndpEnv('HTTP_HOST'),
'REMOTE_ADDR' =>
GeneralUtility::getIndpEnv('REMOTE_ADDR'),
'REMOTE_HOST' =>
GeneralUtility::getIndpEnv('REMOTE_HOST'),
'showHiddenRecords' => FALSE,
'db_user' => array(
'table' => 'fe_users',
'userid_column' => 'uid',
'username_column' => 'username',
'userident_column' => 'password',
'usergroup_column' => 'usergroup',
'enable_clause' =>
$this->getEnabledFieldsClauseForFeUsers(),
'checkPidList' => TRUE,
'check_pid_clause' => ' AND pid IN (' .
$GLOBALS['TYPO3_DB']->cleanIntList($pidlist) . ')',
),
'db_groups' => array(
'table' => 'fe_groups',
),
);
return $authInfo;
}
/**
* Returns a part of a WHERE clause for the table fe_users, which
excludes
* all currently disabled records.
* @return string
*/
protected function getEnabledFieldsClauseForFeUsers() {
$pageRepository =
GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
return $pageRepository->enableFields('fe_users');
}
/**
* Returns a "parent" object for the services. Not pretty.
* @returns object
*/
protected function getParentObject() {
$parentObject =
GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Authentication\\FrontendUserAuthentication');
return $parentObject;
}
}
On 09/05/2014 10:07 PM, Philipp Gampe wrote:
> Hi Jost Baron,
>
> Jost Baron wrote:
>
>> I have found the class "AuthenticationService" [1], but no
>> documentation on how it is intended to be used. It looks like
>> each authentication service is part of some service chain, where
>> each one does some modifications.
>
> Yes, have a look at the class frontent user authentication. Keep in
> mind that the main logic is inside the abstract user authentication
> (core).
>
> Best regards
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQN8mIACgkQNme/yCvmvTIdMgCgnUXgFAqpyMc0R0RbcQOhfirS
W8YAnjd/t9kDLyOryH/09Ab+siiJQZ2d
=gYVc
-----END PGP SIGNATURE-----
More information about the TYPO3-dev
mailing list