From 6501c3284b2d318a2da731bae17f32388ef2a29d Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Thu, 11 Nov 2021 12:08:42 +0100
Subject: [PATCH] [BUGFIX] Avoid PHP warnings in AbstractUserAuthentication
When dealing with 3rd-party authentication services,
which might return other values than arrays or
without UIDs.
This change fixes the relevant places.
Resolves: #95958
Releases: master
Change-Id: Idd50e3dceea079086a98225727ef7733a9b432c8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72157
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
---
.../AbstractUserAuthentication.php | 24 +++++++++++--------
.../FrontendUserAuthentication.php | 14 +++++------
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index 5e8e3955f0fd..bbd7c8a5aa03 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -517,7 +517,8 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
$subType = 'getUser' . $this->loginType;
/** @var AuthenticationService $serviceObj */
foreach ($this->getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
- if ($row = $serviceObj->getUser()) {
+ $row = $serviceObj->getUser();
+ if (is_array($row)) {
$tempuserArr[] = $row;
$this->logger->debug('User found', [
$this->userid_column => $row[$this->userid_column],
@@ -542,14 +543,17 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
// If no new user was set we use the already found user session
if (empty($tempuserArr) && $haveSession && !$anonymousSession) {
- $tempuserArr[] = $authInfo['user'];
- $tempuser = $authInfo['user'];
- // User is authenticated because we found a user session
- $authenticated = true;
- $this->logger->debug('User session used', [
- $this->userid_column => $authInfo['user'][$this->userid_column],
- $this->username_column => $authInfo['user'][$this->username_column],
- ]);
+ // Check if the previous services returned a proper user
+ if (is_array($authInfo['user'] ?? null)) {
+ $tempuserArr[] = $authInfo['user'];
+ $tempuser = $authInfo['user'];
+ // User is authenticated because we found a user session
+ $authenticated = true;
+ $this->logger->debug('User session used', [
+ $this->userid_column => $authInfo['user'][$this->userid_column] ?? '',
+ $this->username_column => $authInfo['user'][$this->username_column] ?? '',
+ ]);
+ }
}
// Re-auth user when 'auth'-service option is set
if (!empty($authConfiguration[$this->loginType . '_alwaysAuthUser'])) {
@@ -595,7 +599,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
// Insert session record if needed:
if (!$haveSession
|| $anonymousSession
- || (int)$tempuser['uid'] !== $this->userSession->getUserId()
+ || (int)($tempuser['uid'] ?? 0) !== $this->userSession->getUserId()
) {
$sessionData = $this->userSession->getData();
// Create a new session with a fixated user
diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index a45529da8c9c..96ce62aafc22 100644
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -300,10 +300,10 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
}
foreach ($groupDataArr as $groupData) {
$groupId = (int)$groupData['uid'];
- $this->groupData['title'][$groupId] = $groupData['title'];
- $this->groupData['uid'][$groupId] = $groupData['uid'];
- $this->groupData['pid'][$groupId] = $groupData['pid'];
- $this->TSdataArray[] = $groupData['TSconfig'];
+ $this->groupData['title'][$groupId] = $groupData['title'] ?? '';
+ $this->groupData['uid'][$groupId] = $groupData['uid'] ?? 0;
+ $this->groupData['pid'][$groupId] = $groupData['pid'] ?? 0;
+ $this->TSdataArray[] = $groupData['TSconfig'] ?? '';
$this->userGroups[$groupId] = $groupData;
}
$this->TSdataArray[] = $this->user['TSconfig'] ?? '';
@@ -487,7 +487,7 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
}
switch ($type) {
case 'user':
- if ($this->user['uid']) {
+ if ($this->user['uid'] ?? 0) {
if ($data === null) {
unset($this->uc[$key]);
} else {
@@ -533,8 +533,8 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
*/
public function updateOnlineTimestamp()
{
- if (!is_array($this->user) || !$this->user['uid']
- || $this->user['is_online'] >= $GLOBALS['EXEC_TIME'] - 60) {
+ if (!is_array($this->user) || !($this->user['uid'] ?? 0)
+ || ($this->user['is_online'] ?? 0) >= $GLOBALS['EXEC_TIME'] - 60) {
return;
}
$dbConnection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table);
--
GitLab