From 9162dbb58719c0d762e20e047f4ec0e8a2e8f8f3 Mon Sep 17 00:00:00 2001
From: Mathias Brodala <mbrodala@pagemachine.de>
Date: Fri, 20 Nov 2015 17:52:22 +0100
Subject: [PATCH] [!!!][TASK] Clean up ObjectManager injection of
 CommandController

The ObjectManager injection method was misused to initialize
a lot of objects which are now instantiated separately.

Resolves: #71521
Releases: master
Change-Id: I6509ac064ec39140b841a258c46ad5a021039972
Reviewed-on: https://review.typo3.org/44694
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
---
 ...enticationRemovedFromCommandController.rst | 22 ++++++++
 ...521-InternalChangesInCommandController.rst | 10 ++++
 .../Mvc/Controller/CommandController.php      | 50 ++++++++++++-------
 .../Mvc/Controller/CommandControllerTest.php  |  2 +-
 4 files changed, 64 insertions(+), 20 deletions(-)
 create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Breaking-71521-PropertyUserAuthenticationRemovedFromCommandController.rst
 create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Important-71521-InternalChangesInCommandController.rst

diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-71521-PropertyUserAuthenticationRemovedFromCommandController.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-71521-PropertyUserAuthenticationRemovedFromCommandController.rst
new file mode 100644
index 000000000000..ce1c8a80c1e2
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Breaking-71521-PropertyUserAuthenticationRemovedFromCommandController.rst
@@ -0,0 +1,22 @@
+=============================================================================
+Breaking: #71521 - Property userAuthentication removed from CommandController
+=============================================================================
+
+Description
+===========
+
+The property ``$userAuthentication`` was removed from the Extbase ``CommandController`` class and
+has been migrated to the newly introduced ``getBackendUserAuthentication()`` method.
+
+
+Impact
+======
+
+All command controllers deriving from ``CommandController`` with see a fatal error when accessing
+properties or methods of the removed ``$userAuthentication`` property.
+
+
+Migration
+=========
+
+Use the newly introduced ``getBackendUserAuthentication()`` method.
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Important-71521-InternalChangesInCommandController.rst b/typo3/sysext/core/Documentation/Changelog/master/Important-71521-InternalChangesInCommandController.rst
new file mode 100644
index 000000000000..13aec2620eeb
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Important-71521-InternalChangesInCommandController.rst
@@ -0,0 +1,10 @@
+=========================================================
+Important: #71521 - Internal changes in CommandController
+=========================================================
+
+Description
+===========
+
+The ``CommandController::processRequest()`` method has been changed to initialize arguments and output.
+
+If this method was overridden without calling the parent method, these changes must be copied to prevent errors.
diff --git a/typo3/sysext/extbase/Classes/Mvc/Controller/CommandController.php b/typo3/sysext/extbase/Classes/Mvc/Controller/CommandController.php
index 6feaa99a0046..df710aa65b1d 100644
--- a/typo3/sysext/extbase/Classes/Mvc/Controller/CommandController.php
+++ b/typo3/sysext/extbase/Classes/Mvc/Controller/CommandController.php
@@ -15,16 +15,20 @@ namespace TYPO3\CMS\Extbase\Mvc\Controller;
  */
 
 use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
+use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
 use TYPO3\CMS\Extbase\Mvc\Cli\CommandArgumentDefinition;
 use TYPO3\CMS\Extbase\Mvc\Cli\ConsoleOutput;
 use TYPO3\CMS\Extbase\Mvc\Cli\Request;
 use TYPO3\CMS\Extbase\Mvc\Cli\Response;
+use TYPO3\CMS\Extbase\Mvc\Controller\Arguments;
 use TYPO3\CMS\Extbase\Mvc\Exception\InvalidArgumentTypeException;
 use TYPO3\CMS\Extbase\Mvc\Exception\NoSuchCommandException;
 use TYPO3\CMS\Extbase\Mvc\Exception\StopActionException;
 use TYPO3\CMS\Extbase\Mvc\Exception\UnsupportedRequestTypeException;
 use TYPO3\CMS\Extbase\Mvc\RequestInterface;
 use TYPO3\CMS\Extbase\Mvc\ResponseInterface;
+use TYPO3\CMS\Extbase\Object\ObjectManagerInterface;
+use TYPO3\CMS\Extbase\Reflection\ReflectionService;
 
 /**
  * A controller which processes requests from the command line
@@ -64,22 +68,17 @@ class CommandController implements CommandControllerInterface
     protected $requestAdminPermissions = false;
 
     /**
-     * @var AbstractUserAuthentication
-     */
-    protected $userAuthentication;
-
-    /**
-     * @var \TYPO3\CMS\Extbase\Reflection\ReflectionService
+     * @var ReflectionService
      */
     protected $reflectionService;
 
     /**
-     * @var \TYPO3\CMS\Extbase\Object\ObjectManagerInterface
+     * @var ObjectManagerInterface
      */
     protected $objectManager;
 
     /**
-     * @var \TYPO3\CMS\Extbase\Mvc\Cli\ConsoleOutput
+     * @var ConsoleOutput
      */
     protected $output;
 
@@ -87,18 +86,15 @@ class CommandController implements CommandControllerInterface
      * @param \TYPO3\CMS\Extbase\Object\ObjectManagerInterface $objectManager
      * @return void
      */
-    public function injectObjectManager(\TYPO3\CMS\Extbase\Object\ObjectManagerInterface $objectManager)
+    public function injectObjectManager(ObjectManagerInterface $objectManager)
     {
         $this->objectManager = $objectManager;
-        $this->arguments = $this->objectManager->get(\TYPO3\CMS\Extbase\Mvc\Controller\Arguments::class);
-        $this->userAuthentication = isset($GLOBALS['BE_USER']) ? $GLOBALS['BE_USER'] : null;
-        $this->output = $this->objectManager->get(ConsoleOutput::class);
     }
 
     /**
      * @param \TYPO3\CMS\Extbase\Reflection\ReflectionService $reflectionService
      */
-    public function injectReflectionService(\TYPO3\CMS\Extbase\Reflection\ReflectionService $reflectionService)
+    public function injectReflectionService(ReflectionService $reflectionService)
     {
         $this->reflectionService = $reflectionService;
     }
@@ -134,6 +130,8 @@ class CommandController implements CommandControllerInterface
         $this->response = $response;
 
         $this->commandMethodName = $this->resolveCommandMethodName();
+        $this->output = $this->objectManager->get(ConsoleOutput::class);
+        $this->arguments = $this->objectManager->get(Arguments::class);
         $this->initializeCommandMethodArguments();
         $this->mapRequestArgumentsToControllerArguments();
         $this->callCommandMethod();
@@ -168,7 +166,6 @@ class CommandController implements CommandControllerInterface
      */
     protected function initializeCommandMethodArguments()
     {
-        $this->arguments->removeAll();
         $methodParameters = $this->reflectionService->getMethodParameters(get_class($this), $this->commandMethodName);
 
         foreach ($methodParameters as $parameterName => $parameterInfo) {
@@ -271,11 +268,14 @@ class CommandController implements CommandControllerInterface
      */
     protected function ensureAdminRoleIfRequested()
     {
-        if (!$this->requestAdminPermissions || !$this->userAuthentication || !isset($this->userAuthentication->user['admin'])) {
+        $userAuthentication = $this->getBackendUserAuthentication();
+
+        if (!$this->requestAdminPermissions || $userAuthentication === null || !isset($userAuthentication->user['admin'])) {
             return null;
         }
-        $originalRole = $this->userAuthentication->user['admin'];
-        $this->userAuthentication->user['admin'] = 1;
+
+        $originalRole = $userAuthentication->user['admin'];
+        $userAuthentication->user['admin'] = 1;
         return $originalRole;
     }
 
@@ -286,8 +286,10 @@ class CommandController implements CommandControllerInterface
      */
     protected function restoreUserRole($originalRole)
     {
-        if ($originalRole !== null) {
-            $this->userAuthentication->user['admin'] = $originalRole;
+        $userAuthentication = $this->getBackendUserAuthentication();
+
+        if ($originalRole !== null && $userAuthentication !== null) {
+            $userAuthentication->user['admin'] = $originalRole;
         }
     }
 
@@ -359,4 +361,14 @@ class CommandController implements CommandControllerInterface
         $this->response->send();
         exit($exitCode);
     }
+
+    /**
+     * Returns the global BackendUserAuthentication object.
+     *
+     * @return BackendUserAuthentication|null
+     */
+    protected function getBackendUserAuthentication()
+    {
+        return isset($GLOBALS['BE_USER']) ? $GLOBALS['BE_USER'] : null;
+    }
 }
diff --git a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/CommandControllerTest.php b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/CommandControllerTest.php
index ba95ed604580..93fdd24e85b0 100644
--- a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/CommandControllerTest.php
+++ b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/CommandControllerTest.php
@@ -94,7 +94,7 @@ class CommandControllerTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                         }
                     }
                 ));
-        $this->commandController->_set('userAuthentication', $mockedUserAuthentication);
+        $GLOBALS['BE_USER'] = $mockedUserAuthentication;
         $this->commandController->_set('arguments', array());
         $this->commandController->_set('commandMethodName', 'dummyCommand');
         $this->commandController->_set('requestAdminPermissions', true);
-- 
GitLab