Skip to content

Commit

Permalink
Fix broken Upgrade Wizards within Install Tool
Browse files Browse the repository at this point in the history
An _events_ user will be created and used on demand in order to allow
execution of upgrade wizards within install tool.
  • Loading branch information
DanielSiepmann committed Aug 9, 2023
1 parent 00946af commit 32b66de
Show file tree
Hide file tree
Showing 8 changed files with 337 additions and 2 deletions.
6 changes: 6 additions & 0 deletions Classes/Updates/MigrateOldLocations.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
use TYPO3\CMS\Core\DataHandling\DataHandler;
use TYPO3\CMS\Core\Log\Logger;
use TYPO3\CMS\Core\Log\LogManager;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Updates\DatabaseUpdatedPrerequisite;
use TYPO3\CMS\Install\Updates\UpgradeWizardInterface;

Expand Down Expand Up @@ -159,6 +160,11 @@ private function createLocation(array $event): int
}
$recordUid = 'NEW12121';
$l10nParentUid = $this->uidsForTranslation[$event['l10n_parent'] . '-0'] ?? 0;

if (($GLOBALS['BE_USER'] ?? null) === null) {
$GLOBALS['BE_USER'] = GeneralUtility::makeInstance(UserAuthentication::class);
$GLOBALS['BE_USER']->authenticate();
}
$dataHandler = clone $this->dataHandler;

if ($event['sys_language_uid'] > 0 && $l10nParentUid > 0) {
Expand Down
142 changes: 142 additions & 0 deletions Classes/Updates/UserAuthentication.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
<?php

declare(strict_types=1);

/*
* Copyright (C) 2023 Daniel Siepmann <[email protected]>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

namespace Wrm\Events\Updates;

use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use TYPO3\CMS\Core\Crypto\Random;
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Utility\GeneralUtility;

/**
* An backend user used by Update Wizards.
*
* That way they can use Data Handler no matter how they are executed, e.g. cli, or install tool.
* That way edits also always have this user assigned.
*
* This was mostly copied from TYPO3 core CommandLineUserAuthentication.
*/
class UserAuthentication extends BackendUserAuthentication
{
/**
* @var string
*/
protected $username = '_events_';

public function __construct()
{
if (!$this->isUserAllowedToLogin()) {
throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
}
$this->dontSetCookie = true;
parent::__construct();
}

public function start(ServerRequestInterface $request = null)

Check failure on line 58 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::start() has no return type specified.

Check failure on line 58 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::start() has no return type specified.

Check failure on line 58 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::start() has no return type specified.
{
// do nothing
}

public function checkAuthentication(ServerRequestInterface $request = null)

Check failure on line 63 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::checkAuthentication() has no return type specified.

Check failure on line 63 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::checkAuthentication() has no return type specified.

Check failure on line 63 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::checkAuthentication() has no return type specified.
{
// do nothing
}

public function authenticate()

Check failure on line 68 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::authenticate() has no return type specified.

Check failure on line 68 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::authenticate() has no return type specified.

Check failure on line 68 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::authenticate() has no return type specified.
{
// check if a _events_ user exists, if not, create one
$this->setBeUserByName($this->username);
if (!$this->user['uid']) {

Check failure on line 72 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 72 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 72 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Offset 'uid' does not exist on array|null.
// create a new BE user in the database
if (!$this->checkIfEventUserExists()) {
$this->createEventUser();
} else {
throw new \RuntimeException('No backend user named "_events_" could be authenticated, maybe this user is "hidden"?', 1484050401);
}
$this->setBeUserByName($this->username);
}
if (!$this->user['uid']) {

Check failure on line 81 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 81 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 81 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Offset 'uid' does not exist on array|null.
throw new \RuntimeException('No backend user named "_events_" could be created.', 1476107195);
}
// The groups are fetched and ready for permission checking in this initialization.
$this->fetchGroupData();
$this->backendSetUC();
// activate this functionality for DataHandler
$this->uc['recursiveDelete'] = true;
}

public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)

Check failure on line 91 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::backendCheckLogin() has no return type specified.

Check failure on line 91 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::backendCheckLogin() has no return type specified.

Check failure on line 91 in Classes/Updates/UserAuthentication.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthentication::backendCheckLogin() has no return type specified.
{
$this->authenticate();
}

/**
* Determines whether a CLI backend user is allowed to access TYPO3.
* Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
*/
public function isUserAllowedToLogin()
{
return in_array((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
}

protected function checkIfEventUserExists(): bool
{
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
$queryBuilder->getRestrictions()
->removeAll()
->add(GeneralUtility::makeInstance(DeletedRestriction::class));
$count = $queryBuilder
->count('*')
->from('be_users')
->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_events_')))
->execute()
->fetchColumn(0);
return (bool)$count;
}

protected function createEventUser(): void
{
$userFields = [
'username' => $this->username,
'password' => $this->generateHashedPassword(),
'admin' => 1,
'tstamp' => $GLOBALS['EXEC_TIME'],
'crdate' => $GLOBALS['EXEC_TIME'],
];

$databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
->getConnectionForTable('be_users');
$databaseConnection->insert('be_users', $userFields);
}

protected function generateHashedPassword(): string
{
$cryptoService = GeneralUtility::makeInstance(Random::class);
$password = $cryptoService->generateRandomBytes(20);
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
return $hashInstance->getHashedPassword($password);
}
}
142 changes: 142 additions & 0 deletions Classes/Updates/UserAuthenticationV10.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
<?php

declare(strict_types=1);

/*
* Copyright (C) 2023 Daniel Siepmann <[email protected]>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

namespace Wrm\Events\Updates;

use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use TYPO3\CMS\Core\Crypto\Random;
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Utility\VersionNumberUtility;

/**
* An backend user used by Update Wizards.
*
* That way they can use Data Handler no matter how they are executed, e.g. cli, or install tool.
* That way edits also always have this user assigned.
*
* This was mostly copied from TYPO3 core CommandLineUserAuthentication.
*/
class UserAuthenticationV10 extends BackendUserAuthentication
{
/**
* @var string
*/
protected $username = '_events_';

public function __construct()
{
if (!$this->isUserAllowedToLogin()) {
throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
}
$this->dontSetCookie = true;
parent::__construct();
}

public function start()

Check failure on line 58 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::start() has no return type specified.

Check failure on line 58 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::start() has no return type specified.

Check failure on line 58 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::start() has no return type specified.
{
// do nothing
}

public function checkAuthentication()

Check failure on line 63 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::checkAuthentication() has no return type specified.

Check failure on line 63 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::checkAuthentication() has no return type specified.

Check failure on line 63 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::checkAuthentication() has no return type specified.
{
// do nothing
}

public function authenticate()

Check failure on line 68 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::authenticate() has no return type specified.

Check failure on line 68 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::authenticate() has no return type specified.

Check failure on line 68 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Method Wrm\Events\Updates\UserAuthenticationV10::authenticate() has no return type specified.
{
// check if a _events_ user exists, if not, create one
$this->setBeUserByName($this->username);
if (!$this->user['uid']) {

Check failure on line 72 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.2, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 72 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.3, ^10.4)

Offset 'uid' does not exist on array|null.

Check failure on line 72 in Classes/Updates/UserAuthenticationV10.php

View workflow job for this annotation

GitHub Actions / code-quality (7.4, ^10.4)

Offset 'uid' does not exist on array|null.
// create a new BE user in the database
if (!$this->checkIfCliUserExists()) {
$this->createCliUser();
} else {
throw new \RuntimeException('No backend user named "_events_" could be authenticated, maybe this user is "hidden"?', 1484050401);
}
$this->setBeUserByName($this->username);
}
if (!$this->user['uid']) {
throw new \RuntimeException('No backend user named "_events_" could be created.', 1476107195);
}
// The groups are fetched and ready for permission checking in this initialization.
$this->fetchGroupData();
$this->backendSetUC();
// activate this functionality for DataHandler
$this->uc['recursiveDelete'] = true;
}

public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
{
$this->authenticate();
}

/**
* Determines whether a CLI backend user is allowed to access TYPO3.
* Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
*/
protected function isUserAllowedToLogin(): bool
{
return in_array((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
}

protected function checkIfCliUserExists(): bool
{
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
$queryBuilder->getRestrictions()
->removeAll()
->add(GeneralUtility::makeInstance(DeletedRestriction::class));
$count = $queryBuilder
->count('*')
->from('be_users')
->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_events_')))
->execute()
->fetchColumn(0);
return (bool)$count;
}

protected function createCliUser(): void
{
$userFields = [
'username' => $this->username,
'password' => $this->generateHashedPassword(),
'admin' => 1,
'tstamp' => $GLOBALS['EXEC_TIME'],
'crdate' => $GLOBALS['EXEC_TIME'],
];

$databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
->getConnectionForTable('be_users');
$databaseConnection->insert('be_users', $userFields);
}

protected function generateHashedPassword(): string
{
$cryptoService = GeneralUtility::makeInstance(Random::class);
$password = $cryptoService->generateRandomBytes(20);
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
return $hashInstance->getHashedPassword($password);
}
}
7 changes: 7 additions & 0 deletions Configuration/Services.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,11 @@
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use TYPO3\CMS\Core\Utility\VersionNumberUtility;
use Wrm\Events\Service\DestinationDataImportService\Slugger\Registry;
use Wrm\Events\Service\DestinationDataImportService\Slugger\SluggerType;
use Wrm\Events\Updates\UserAuthentication;
use Wrm\Events\Updates\UserAuthenticationV10;

return static function (ContainerConfigurator $container, ContainerBuilder $containerBuilder) {
$containerBuilder->registerForAutoconfiguration(SluggerType::class)->addTag('tx_events.slugger_type');
Expand All @@ -21,4 +24,8 @@ public function process(ContainerBuilder $container): void
}
}
});

if (version_compare(VersionNumberUtility::getNumericTypo3Version(), '11.0', '<')) {
$container->services()->set(UserAuthentication::class, UserAuthenticationV10::class);
}
};
1 change: 1 addition & 0 deletions Configuration/Services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ services:

Wrm\Events\:
resource: '../Classes/*'
exclude: '../Classes/Updates/UserAuthentication*'

Wrm\Events\Command\ImportDestinationDataViaConfigruationCommand:
tags:
Expand Down
32 changes: 32 additions & 0 deletions Documentation/Changelog/3.4.1.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
3.4.1
=====

Breaking
--------

Nothing

Features
--------

Nothing

Fixes
-----

* Do not break Upgrade Wizards in install tool.

TYPO3 does not provide a BE_USER within install tool.
That will break the Upgrade Wizards as they use DataHandler that relies on an existing backend user.
This was not an issue on command line where _cli_ user will be created and used by TYPO3.
The extension now adds an _events_ user as admin as well when necessary.

Tasks
-----

Nothing

Deprecation
-----------

Nothing
7 changes: 6 additions & 1 deletion Documentation/Maintenance/TYPO3/V10.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,14 @@ TYPO3 V10

Changes that should happen once we drop TYPO3 v10.


Remove fetching cached page stage from body from tests
------------------------------------------------------

We have different assertions based on TYPO3 version, due to how TYPO3 exposes the info.
We can remove the condition with its content once we drop v10.

Remove UserAuthenticationV10
----------------------------

TYPO3 has different signatures for AbstractUserAuthentication class.
There is an implementation for v10 that can be removed once we drop v10.
2 changes: 1 addition & 1 deletion ext_emconf.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
'state' => 'alpha',
'createDirs' => '',
'clearCacheOnLoad' => 0,
'version' => '3.4.0',
'version' => '3.4.1',
'constraints' => [
'depends' => [
'typo3' => '10.4.00-11.5.99',
Expand Down

0 comments on commit 32b66de

Please sign in to comment.