[!!!][TASK] Remove AbstractService inheritance from AbstractAuthService

The current Authentication Service API looks like this:

AbstractService
-> AbstractAuthenticationService
-> AuthenticationService

Most of the functionality of AbstractService is not
used and leads to a confusing PHP inheritance structure,
where most functionality is not needed actually.

Since there are no proper contracts APIs for neither
makeInstanceService / Service API nor Authentication,
the first step is to decouple the logic of both
areas and allow Authentication to continue without
a strong dependency on AbstractService.

This is a pre-patch to decouple Authentication logic
from Service logic.

Resolves: #88646
Releases: master
Change-Id: I525f7510d06747fcb1e204c63cf7cbc3296a54a2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61125


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Andreas Fernandez <...

typo3/sysext/core/Classes/Authentication/AbstractAuthenticationService.php

@@ -14,17 +14,20 @@ namespace TYPO3\CMS\Core\Authentication;
  * The TYPO3 project - inspiring people to share!
  */
 
+use Psr\Log\LoggerAwareInterface;
+use Psr\Log\LoggerAwareTrait;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
-use TYPO3\CMS\Core\Service\AbstractService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * Authentication services class
  */
-class AbstractAuthenticationService extends AbstractService
+class AbstractAuthenticationService implements LoggerAwareInterface
 {
+    use LoggerAwareTrait;
+
     /**
      * User object
      *
@@ -74,6 +77,11 @@ class AbstractAuthenticationService extends AbstractService
      */
     public $writeAttemptLog = false;
 
+    /**
+     * @var array service description array
+     */
+    public $info = [];
+
     /**
      * Initialize authentication service
      *
@@ -152,4 +160,81 @@ class AbstractAuthenticationService extends AbstractService
         }
         return $user;
     }
+
+    /**
+     * Initialization of the service.
+     * This is a stub as needed by GeneralUtility::makeInstanceService()
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function init(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Resets the service.
+     * This is a stub as needed by GeneralUtility::makeInstanceService()
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function reset()
+    {
+        // nothing to do
+    }
+
+    /**
+     * Returns the service key of the service
+     *
+     * @return string Service key
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function getServiceKey()
+    {
+        return $this->info['serviceKey'];
+    }
+
+    /**
+     * Returns the title of the service
+     *
+     * @return string Service title
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function getServiceTitle()
+    {
+        return $this->info['title'];
+    }
+
+    /**
+     * Returns service configuration values from the $TYPO3_CONF_VARS['SVCONF'] array
+     *
+     * @param string $optionName Name of the config option
+     * @param mixed $defaultValue Default configuration if no special config is available
+     * @param bool $includeDefaultConfig If set the 'default' config will be returned if no special config for this service is available (default: TRUE)
+     * @return mixed Configuration value for the service
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function getServiceOption($optionName, $defaultValue = '', $includeDefaultConfig = true)
+    {
+        $config = null;
+        $serviceType = $this->info['serviceType'] ?? '';
+        $serviceKey = $this->info['serviceKey'] ?? '';
+        $svOptions = $GLOBALS['TYPO3_CONF_VARS']['SVCONF'][$serviceType] ?? [];
+        if (isset($svOptions[$serviceKey][$optionName])) {
+            $config = $svOptions[$serviceKey][$optionName];
+        } elseif ($includeDefaultConfig && isset($svOptions['default'][$optionName])) {
+            $config = $svOptions['default'][$optionName];
+        }
+        if (!isset($config)) {
+            $config = $defaultValue;
+        }
+        return $config;
+    }
+
+    /**
+     * @return array
+     * @internal this is part of the Service API which should be avoided to be used and only used within TYPO3 internally
+     */
+    public function getLastErrorArray(): array
+    {
+        return [];
+    }
 }

typo3/sysext/core/Documentation/Changelog/master/Breaking-88646-RemovedInheritanceOfAbstractServiceFromAbstractAuthenticationService.rst

+.. include:: ../../Includes.txt
+
+============================================================================================
+Breaking: #88646 - Removed inheritance of AbstractService from AbstractAuthenticationService
+============================================================================================
+
+See :issue:`88646`
+
+Description
+===========
+
+The AbstractAuthenticationService PHP class is used for any kind of Authentication
+or Authorization towards Backend Users and Frontend Users.
+
+It was previously based on :php:`AbstractService` for any kind of Service API, which
+also includes manipulating files and execution of external applications, which is
+there for legacy reasons since TYPO3 3.x, where the Service API via :php:`GeneralUtility::makeInstanceService` was added.
+
+In order to refactor the Authentication API, the AbstractAuthenticationService
+class does not inherit from AbstractService anymore. Instead, the most required
+methods for executing a service is added to the Abstract class directly.
+
+
+Impact
+======
+
+Any calls or checks on the AbstractAuthenticationService class or methods, properties or constants that reside within AbstractService will result in PHP errors or warnings.
+
+Since AbstractAuthenticationService is used for most custom Authentication APIs,
+this could affect some of the hooks or custom authentication providers available.
+
+
+Affected Installations
+======================
+
+TYPO3 installations that have custom Authentication providers for frontend or backend
+users / groups - e.g. LDAP or Two-Factor-Authentication.
+
+
+Migration
+=========
+
+If your custom Authentication Service extends from AbstractAuthenticationService
+but requires methods or properties from AbstractService, ensure to copy over the
+necessary methods/properties/constants into your custom Authentication provider.
+
+.. index:: PHP-API, NotScanned
\ No newline at end of file