diff --git a/typo3/sysext/felogin/Classes/Controller/AbstractLoginFormController.php b/typo3/sysext/felogin/Classes/Controller/AbstractLoginFormController.php
index 3f65d35b3102a089d3929631dedd366f9628d1d8..8cc77dae5a22757b451c5a7135804531715198b9 100644
--- a/typo3/sysext/felogin/Classes/Controller/AbstractLoginFormController.php
+++ b/typo3/sysext/felogin/Classes/Controller/AbstractLoginFormController.php
@@ -21,6 +21,9 @@ use TYPO3\CMS\Core\Domain\Repository\PageRepository;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
+/*
+ * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
+ */
abstract class AbstractLoginFormController extends ActionController
{
/**
diff --git a/typo3/sysext/felogin/Classes/Controller/LoginController.php b/typo3/sysext/felogin/Classes/Controller/LoginController.php
index acc4ad8c42f6513ae178ddd18618c92dcebd7604..9e4289d3397cbdddc562a16c3fbe1430cd0ca177 100644
--- a/typo3/sysext/felogin/Classes/Controller/LoginController.php
+++ b/typo3/sysext/felogin/Classes/Controller/LoginController.php
@@ -22,7 +22,6 @@ use TYPO3\CMS\Core\Authentication\LoginType;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
use TYPO3\CMS\Core\Security\RequestToken;
-use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Http\ForwardResponse;
use TYPO3\CMS\FrontendLogin\Configuration\RedirectConfiguration;
use TYPO3\CMS\FrontendLogin\Event\BeforeRedirectEvent;
@@ -31,11 +30,12 @@ use TYPO3\CMS\FrontendLogin\Event\LoginErrorOccurredEvent;
use TYPO3\CMS\FrontendLogin\Event\LogoutConfirmedEvent;
use TYPO3\CMS\FrontendLogin\Event\ModifyLoginFormViewEvent;
use TYPO3\CMS\FrontendLogin\Redirect\RedirectHandler;
-use TYPO3\CMS\FrontendLogin\Redirect\ServerRequestHandler;
use TYPO3\CMS\FrontendLogin\Service\UserService;
/**
* Used for plugin login
+ *
+ * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
*/
class LoginController extends AbstractLoginFormController
{
@@ -51,10 +51,10 @@ class LoginController extends AbstractLoginFormController
public function __construct(
protected RedirectHandler $redirectHandler,
- protected ServerRequestHandler $requestHandler,
- protected UserService $userService
+ protected UserService $userService,
+ protected Context $context
) {
- $this->userAspect = GeneralUtility::makeInstance(Context::class)->getAspect('frontend.user');
+ $this->userAspect = $context->getAspect('frontend.user');
}
/**
@@ -62,7 +62,7 @@ class LoginController extends AbstractLoginFormController
*/
public function initializeAction(): void
{
- $this->loginType = (string)$this->requestHandler->getPropertyFromGetAndPost('logintype');
+ $this->loginType = (string)($this->request->getParsedBody()['logintype'] ?? $this->request->getQueryParams()['logintype'] ?? '');
$this->configuration = RedirectConfiguration::fromSettings($this->settings);
if ($this->isLoginOrLogoutInProgress() && !$this->isRedirectDisabled()) {
@@ -72,6 +72,7 @@ class LoginController extends AbstractLoginFormController
}
$this->redirectUrl = $this->redirectHandler->processRedirect(
+ $this->request,
$this->loginType,
$this->configuration,
$this->request->hasArgument('redirectReferrer') ? $this->request->getArgument('redirectReferrer') : ''
@@ -104,9 +105,9 @@ class LoginController extends AbstractLoginFormController
'cookieWarning' => $this->showCookieWarning,
'messageKey' => $this->getStatusMessageKey(),
'permaloginStatus' => $this->getPermaloginStatus(),
- 'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->configuration, $this->isRedirectDisabled()),
+ 'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->request, $this->configuration, $this->isRedirectDisabled()),
'redirectReferrer' => $this->request->hasArgument('redirectReferrer') ? (string)$this->request->getArgument('redirectReferrer') : '',
- 'referer' => $this->requestHandler->getPropertyFromGetAndPost('referer'),
+ 'referer' => (string)($this->request->getParsedBody()['referer'] ?? $this->request->getQueryParams()['referer'] ?? ''),
'noRedirect' => $this->isRedirectDisabled(),
'requestToken' => RequestToken::create('core/user-auth/fe')
->withMergedParams(['pid' => implode(',', $this->getStorageFolders())]),
@@ -147,7 +148,7 @@ class LoginController extends AbstractLoginFormController
public function logoutAction(int $redirectPageLogout = 0): ResponseInterface
{
if (($redirectResponse = $this->handleRedirect()) !== null) {
- return $this->handleRedirect();
+ return $redirectResponse;
}
$this->view->assignMultiple(
@@ -155,7 +156,12 @@ class LoginController extends AbstractLoginFormController
'cookieWarning' => $this->showCookieWarning,
'user' => $this->userService->getFeUserData(),
'noRedirect' => $this->isRedirectDisabled(),
- 'actionUri' => $this->redirectHandler->getLogoutFormRedirectUrl($this->configuration, $redirectPageLogout, $this->isRedirectDisabled()),
+ 'actionUri' => $this->redirectHandler->getLogoutFormRedirectUrl(
+ $this->request,
+ $this->configuration,
+ $redirectPageLogout,
+ $this->isRedirectDisabled()
+ ),
]
);
diff --git a/typo3/sysext/felogin/Classes/Controller/PasswordRecoveryController.php b/typo3/sysext/felogin/Classes/Controller/PasswordRecoveryController.php
index cb224847ceea89f509f4c8ea8c88e0fd91693bd5..7b2d1518f0036fcc2fce649db6ed6b035d151ad6 100644
--- a/typo3/sysext/felogin/Classes/Controller/PasswordRecoveryController.php
+++ b/typo3/sysext/felogin/Classes/Controller/PasswordRecoveryController.php
@@ -50,7 +50,7 @@ class PasswordRecoveryController extends AbstractLoginFormController
}
/**
- * Shows the recovery form. If $userIdentifier is set an email will be sent, if the corresponding user exists and
+ * Shows the recovery form. If $userIdentifier is set, an email will be sent, if the corresponding user exists and
* has a valid email address set.
*/
public function recoveryAction(string $userIdentifier = null): ResponseInterface
@@ -67,7 +67,7 @@ class PasswordRecoveryController extends AbstractLoginFormController
if ($userData && GeneralUtility::validEmail($userData['email'])) {
$hash = $this->recoveryConfiguration->getForgotHash();
$this->userRepository->updateForgotHashForUserByUid($userData['uid'], GeneralUtility::hmac($hash));
- $this->recoveryService->sendRecoveryEmail($userData, $hash);
+ $this->recoveryService->sendRecoveryEmail($this->request, $userData, $hash);
}
if ($this->exposeNoneExistentUser($userData)) {
diff --git a/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserGroupRepository.php b/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserGroupRepository.php
index f150cfae3cdffeeef3a796530543e8f3a9cf76d0..54842712a367e6b6caaa121e8795f82f4102bf77 100644
--- a/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserGroupRepository.php
+++ b/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserGroupRepository.php
@@ -19,7 +19,6 @@ namespace TYPO3\CMS\FrontendLogin\Domain\Repository;
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\Database\ConnectionPool;
-use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\FrontendLogin\Service\UserService;
/**
@@ -30,10 +29,10 @@ class FrontendUserGroupRepository
protected Connection $connection;
protected string $table;
- public function __construct(UserService $userService)
+ public function __construct(UserService $userService, ConnectionPool $connectionPool)
{
$this->table = $userService->getFeUserGroupTable();
- $this->connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->getTable());
+ $this->connection = $connectionPool->getConnectionForTable($this->getTable());
}
public function getTable(): string
diff --git a/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserRepository.php b/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserRepository.php
index 052d64e32d03136f268a01239109ccfdd248aba1..d6a875d593b676882d71fb53ea09a998f08d68db 100644
--- a/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserRepository.php
+++ b/typo3/sysext/felogin/Classes/Domain/Repository/FrontendUserRepository.php
@@ -20,7 +20,6 @@ namespace TYPO3\CMS\FrontendLogin\Domain\Repository;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\Database\ConnectionPool;
-use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\FrontendLogin\Service\UserService;
/**
@@ -30,9 +29,12 @@ class FrontendUserRepository
{
protected Connection $connection;
- public function __construct(protected UserService $userService, protected Context $context)
- {
- $this->connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->getTable());
+ public function __construct(
+ protected UserService $userService,
+ protected Context $context,
+ ConnectionPool $connectionPool
+ ) {
+ $this->connection = $connectionPool->getConnectionForTable($this->getTable());
}
public function getTable(): string
diff --git a/typo3/sysext/felogin/Classes/Redirect/RedirectHandler.php b/typo3/sysext/felogin/Classes/Redirect/RedirectHandler.php
index d4c2df113fbe2c7bad0bd2412ffd6b9ce48bb962..e5172387eae68abf5f82d32aab021b67572815cd 100644
--- a/typo3/sysext/felogin/Classes/Redirect/RedirectHandler.php
+++ b/typo3/sysext/felogin/Classes/Redirect/RedirectHandler.php
@@ -19,7 +19,9 @@ namespace TYPO3\CMS\FrontendLogin\Redirect;
use TYPO3\CMS\Core\Authentication\LoginType;
use TYPO3\CMS\Core\Context\Context;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\FrontendLogin\Configuration\RedirectConfiguration;
+use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
/**
* Resolve felogin related redirects based on the current login type and the selected configuration (redirect mode)
@@ -31,8 +33,8 @@ class RedirectHandler
protected bool $userIsLoggedIn = false;
public function __construct(
- protected ServerRequestHandler $requestHandler,
protected RedirectModeHandler $redirectModeHandler,
+ protected RedirectUrlValidator $redirectUrlValidator,
Context $context
) {
$this->userIsLoggedIn = (bool)$context->getPropertyFromAspect('frontend.user', 'isLoggedIn');
@@ -41,10 +43,10 @@ class RedirectHandler
/**
* Process redirect modes. This method searches for a redirect url using all configured modes and returns it.
*/
- public function processRedirect(string $loginType, RedirectConfiguration $configuration, string $redirectModeReferrer): string
+ public function processRedirect(RequestInterface $request, string $loginType, RedirectConfiguration $configuration, string $redirectModeReferrer): string
{
if ($this->isUserLoginFailedAndLoginErrorActive($configuration->getModes(), $loginType)) {
- return $this->redirectModeHandler->redirectModeLoginError($configuration->getPageOnLoginError());
+ return $this->redirectModeHandler->redirectModeLoginError($request, $configuration->getPageOnLoginError());
}
$redirectUrlList = [];
@@ -52,9 +54,9 @@ class RedirectHandler
$redirectUrl = '';
if ($loginType === LoginType::LOGIN) {
- $redirectUrl = $this->handleSuccessfulLogin($redirectMode, $configuration->getPageOnLogin(), $configuration->getDomains(), $redirectModeReferrer);
+ $redirectUrl = $this->handleSuccessfulLogin($request, $redirectMode, $configuration->getPageOnLogin(), $configuration->getDomains(), $redirectModeReferrer);
} elseif ($loginType === LoginType::LOGOUT) {
- $redirectUrl = $this->handleSuccessfulLogout($redirectMode, $configuration->getPageOnLogout());
+ $redirectUrl = $this->handleSuccessfulLogout($request, $redirectMode, $configuration->getPageOnLogout());
}
if ($redirectUrl !== '') {
@@ -68,31 +70,31 @@ class RedirectHandler
/**
* Get alternative logout form redirect url if logout and page not accessible
*/
- protected function getLogoutRedirectUrl(array $redirectModes, int $redirectPageLogout = 0): string
+ protected function getLogoutRedirectUrl(RequestInterface $request, array $redirectModes, int $redirectPageLogout = 0): string
{
if ($this->userIsLoggedIn && $this->isRedirectModeActive($redirectModes, RedirectMode::LOGOUT)) {
- return $this->redirectModeHandler->redirectModeLogout($redirectPageLogout);
+ return $this->redirectModeHandler->redirectModeLogout($request, $redirectPageLogout);
}
- return $this->getGetpostRedirectUrl($redirectModes);
+ return $this->getGetpostRedirectUrl($request, $redirectModes);
}
/**
* Is used for alternative redirect urls on redirect mode "getpost"
*/
- protected function getGetpostRedirectUrl(array $redirectModes): string
+ protected function getGetpostRedirectUrl(RequestInterface $request, array $redirectModes): string
{
return $this->isRedirectModeActive($redirectModes, RedirectMode::GETPOST)
- ? $this->requestHandler->getRedirectUrlRequestParam()
+ ? $this->getRedirectUrlRequestParam($request)
: '';
}
/**
* Handle redirect mode logout
*/
- protected function handleSuccessfulLogout(string $redirectMode, int $redirectPageLogout): string
+ protected function handleSuccessfulLogout(RequestInterface $request, string $redirectMode, int $redirectPageLogout): string
{
if ($redirectMode === RedirectMode::LOGOUT) {
- return $this->redirectModeHandler->redirectModeLogout($redirectPageLogout);
+ return $this->redirectModeHandler->redirectModeLogout($request, $redirectPageLogout);
}
return '';
}
@@ -119,7 +121,7 @@ class RedirectHandler
/**
* Generate redirect_url for case that the user was successfully logged in
*/
- protected function handleSuccessfulLogin(string $redirectMode, int $redirectPageLogin = 0, string $domains = '', string $redirectModeReferrer = ''): string
+ protected function handleSuccessfulLogin(RequestInterface $request, string $redirectMode, int $redirectPageLogin = 0, string $domains = '', string $redirectModeReferrer = ''): string
{
if (!$this->userIsLoggedIn) {
return '';
@@ -128,22 +130,22 @@ class RedirectHandler
// Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
switch ($redirectMode) {
case RedirectMode::GROUP_LOGIN:
- $redirectUrl = $this->redirectModeHandler->redirectModeGroupLogin();
+ $redirectUrl = $this->redirectModeHandler->redirectModeGroupLogin($request);
break;
case RedirectMode::USER_LOGIN:
- $redirectUrl = $this->redirectModeHandler->redirectModeUserLogin();
+ $redirectUrl = $this->redirectModeHandler->redirectModeUserLogin($request);
break;
case RedirectMode::LOGIN:
- $redirectUrl = $this->redirectModeHandler->redirectModeLogin($redirectPageLogin);
+ $redirectUrl = $this->redirectModeHandler->redirectModeLogin($request, $redirectPageLogin);
break;
case RedirectMode::GETPOST:
- $redirectUrl = $this->requestHandler->getRedirectUrlRequestParam();
+ $redirectUrl = $this->getRedirectUrlRequestParam($request);
break;
case RedirectMode::REFERER:
- $redirectUrl = $this->redirectModeHandler->redirectModeReferrer($redirectModeReferrer);
+ $redirectUrl = $this->redirectModeHandler->redirectModeReferrer($request, $redirectModeReferrer);
break;
case RedirectMode::REFERER_DOMAINS:
- $redirectUrl = $this->redirectModeHandler->redirectModeRefererDomains($domains, $redirectModeReferrer);
+ $redirectUrl = $this->redirectModeHandler->redirectModeRefererDomains($request, $domains, $redirectModeReferrer);
break;
default:
$redirectUrl = '';
@@ -167,10 +169,13 @@ class RedirectHandler
/**
* Returns the redirect Url that should be used in login form template for GET/POST redirect mode
*/
- public function getLoginFormRedirectUrl(RedirectConfiguration $configuration, bool $redirectDisabled): string
- {
+ public function getLoginFormRedirectUrl(
+ RequestInterface $request,
+ RedirectConfiguration $configuration,
+ bool $redirectDisabled
+ ): string {
if (!$redirectDisabled) {
- return $this->getGetpostRedirectUrl($configuration->getModes());
+ return $this->getGetpostRedirectUrl($request, $configuration->getModes());
}
return '';
}
@@ -178,11 +183,28 @@ class RedirectHandler
/**
* Returns the redirect Url that should be used in logout form
*/
- public function getLogoutFormRedirectUrl(RedirectConfiguration $configuration, int $redirectPageLogout, bool $redirectDisabled): string
- {
+ public function getLogoutFormRedirectUrl(
+ RequestInterface $request,
+ RedirectConfiguration $configuration,
+ int $redirectPageLogout,
+ bool $redirectDisabled
+ ): string {
if (!$redirectDisabled) {
- return $this->getLogoutRedirectUrl($configuration->getModes(), $redirectPageLogout);
+ return $this->getLogoutRedirectUrl($request, $configuration->getModes(), $redirectPageLogout);
}
- return $this->requestHandler->getRedirectUrlRequestParam();
+ return $this->getRedirectUrlRequestParam($request);
+ }
+
+ /**
+ * Returns validated redirect url contained in request param return_url or redirect_url
+ */
+ private function getRedirectUrlRequestParam(RequestInterface $request): string
+ {
+ // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
+ $returnUrlFromRequest = (string)($request->getParsedBody()['return_url'] ?? $request->getQueryParams()['return_url'] ?? null);
+ $redirectUrlFromRequest = (string)($request->getParsedBody()['redirect_url'] ?? $request->getQueryParams()['redirect_url'] ?? null);
+ $redirectUrl = $returnUrlFromRequest ?: $redirectUrlFromRequest;
+
+ return $this->redirectUrlValidator->isValid($request, $redirectUrl) ? $redirectUrl : '';
}
}
diff --git a/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php b/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
index 0b54d27ff5398f1ec22a71257ef82c3f7f06de3f..0f0fa3f5680fa58dbb38a1104bf1b7fc52a0f777 100644
--- a/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
+++ b/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
@@ -17,8 +17,8 @@ declare(strict_types=1);
namespace TYPO3\CMS\FrontendLogin\Redirect;
-use TYPO3\CMS\Core\Site\SiteFinder;
use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder;
use TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserGroupRepository;
use TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserRepository;
@@ -32,27 +32,20 @@ use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
*/
class RedirectModeHandler
{
- protected RedirectUrlValidator $redirectUrlValidator;
-
public function __construct(
protected UriBuilder $uriBuilder,
- protected ServerRequestHandler $serverRequestHandler,
+ protected RedirectUrlValidator $redirectUrlValidator,
private UserService $userService,
private FrontendUserRepository $frontendUserRepository,
private FrontendUserGroupRepository $frontendUserGroupRepository
) {
- $this->redirectUrlValidator = GeneralUtility::makeInstance(
- RedirectUrlValidator::class,
- GeneralUtility::makeInstance(SiteFinder::class)
- );
}
/**
* Handle redirect mode groupLogin
*/
- public function redirectModeGroupLogin(): string
+ public function redirectModeGroupLogin(RequestInterface $request): string
{
- // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
$groups = $this->userService->getFeUserGroupData();
if (empty($groups)) {
@@ -65,7 +58,7 @@ class RedirectModeHandler
$redirectPageId = (int)$this->frontendUserGroupRepository
->findRedirectPageIdByGroupId($groupUid);
if ($redirectPageId > 0) {
- return $this->buildUriForPageUid($redirectPageId);
+ return $this->buildUriForPageUid($request, $redirectPageId);
}
}
return '';
@@ -74,7 +67,7 @@ class RedirectModeHandler
/**
* Handle redirect mode userLogin
*/
- public function redirectModeUserLogin(): string
+ public function redirectModeUserLogin(RequestInterface $request): string
{
$redirectPageId = $this->frontendUserRepository->findRedirectIdPageByUserId(
$this->userService->getFeUserData()['uid']
@@ -84,17 +77,17 @@ class RedirectModeHandler
return '';
}
- return $this->buildUriForPageUid($redirectPageId);
+ return $this->buildUriForPageUid($request, $redirectPageId);
}
/**
* Handle redirect mode login
*/
- public function redirectModeLogin(int $redirectPageLogin): string
+ public function redirectModeLogin(RequestInterface $request, int $redirectPageLogin): string
{
$redirectUrl = '';
if ($redirectPageLogin !== 0) {
- $redirectUrl = $this->buildUriForPageUid($redirectPageLogin);
+ $redirectUrl = $this->buildUriForPageUid($request, $redirectPageLogin);
}
return $redirectUrl;
@@ -103,12 +96,12 @@ class RedirectModeHandler
/**
* Handle redirect mode referrer
*/
- public function redirectModeReferrer(string $redirectReferrer): string
+ public function redirectModeReferrer(RequestInterface $request, string $redirectReferrer): string
{
$redirectUrl = '';
if ($redirectReferrer !== 'off') {
// Avoid forced logout, when trying to login immediately after a logout
- $redirectUrl = preg_replace('/[&?]logintype=[a-z]+/', '', $this->getReferer());
+ $redirectUrl = preg_replace('/[&?]logintype=[a-z]+/', '', $this->getReferer($request));
}
return $redirectUrl ?? '';
@@ -117,7 +110,7 @@ class RedirectModeHandler
/**
* Handle redirect mode refererDomains
*/
- public function redirectModeRefererDomains(string $domains, string $redirectReferrer): string
+ public function redirectModeRefererDomains(RequestInterface $request, string $domains, string $redirectReferrer): string
{
$redirectUrl = '';
if ($redirectReferrer !== '') {
@@ -127,10 +120,9 @@ class RedirectModeHandler
// Auto redirect.
// Feature to redirect to the page where the user came from (HTTP_REFERER).
// Allowed domains to redirect to, can be configured with plugin.tx_felogin_login.domains
- // Thanks to plan2.net / Martin Kutschker for implementing this feature.
// also avoid redirect when logging in after changing password
if ($domains) {
- $url = $this->getReferer();
+ $url = $this->getReferer($request);
// Is referring url allowed to redirect?
$match = [];
if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
@@ -158,11 +150,11 @@ class RedirectModeHandler
/**
* Handle redirect mode loginError after login-error
*/
- public function redirectModeLoginError(int $redirectPageLoginError = 0): string
+ public function redirectModeLoginError(RequestInterface $request, int $redirectPageLoginError = 0): string
{
$redirectUrl = '';
if ($redirectPageLoginError > 0) {
- $redirectUrl = $this->buildUriForPageUid($redirectPageLoginError);
+ $redirectUrl = $this->buildUriForPageUid($request, $redirectPageLoginError);
}
return $redirectUrl;
@@ -171,33 +163,34 @@ class RedirectModeHandler
/**
* Handle redirect mode logout
*/
- public function redirectModeLogout(int $redirectPageLogout): string
+ public function redirectModeLogout(RequestInterface $request, int $redirectPageLogout): string
{
$redirectUrl = '';
if ($redirectPageLogout > 0) {
- $redirectUrl = $this->buildUriForPageUid($redirectPageLogout);
+ $redirectUrl = $this->buildUriForPageUid($request, $redirectPageLogout);
}
return $redirectUrl;
}
- protected function buildUriForPageUid(int $pageUid): string
+ protected function buildUriForPageUid(RequestInterface $request, int $pageUid): string
{
$this->uriBuilder->reset();
+ $this->uriBuilder->setRequest($request);
$this->uriBuilder->setTargetPageUid($pageUid);
return $this->uriBuilder->build();
}
- protected function getReferer(): string
+ protected function getReferer(RequestInterface $request): string
{
$referer = '';
- $requestReferer = (string)$this->serverRequestHandler->getPropertyFromGetAndPost('referer');
+ $requestReferer = (string)($request->getParsedBody()['referer'] ?? $request->getQueryParams()['referer'] ?? '');
if ($requestReferer === '') {
- $requestReferer = $this->serverRequestHandler->getHttpReferer();
+ $requestReferer = $request->getServerParams()['HTTP_REFERER'] ?? '';
}
- if ($this->redirectUrlValidator->isValid($requestReferer)) {
+ if ($this->redirectUrlValidator->isValid($request, $requestReferer)) {
$referer = $requestReferer;
}
diff --git a/typo3/sysext/felogin/Classes/Redirect/ServerRequestHandler.php b/typo3/sysext/felogin/Classes/Redirect/ServerRequestHandler.php
deleted file mode 100644
index 6d8a979508293b086f64e3d28d9c4830a35a244c..0000000000000000000000000000000000000000
--- a/typo3/sysext/felogin/Classes/Redirect/ServerRequestHandler.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * This file is part of the TYPO3 CMS project.
- *
- * It is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License, either version 2
- * of the License, or any later version.
- *
- * For the full copyright and license information, please read the
- * LICENSE.txt file that was distributed with this source code.
- *
- * The TYPO3 project - inspiring people to share!
- */
-
-namespace TYPO3\CMS\FrontendLogin\Redirect;
-
-use Psr\Http\Message\ServerRequestInterface;
-use TYPO3\CMS\Core\Site\SiteFinder;
-use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
-
-/**
- * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
- */
-class ServerRequestHandler
-{
- protected RedirectUrlValidator $redirectUrlValidator;
- protected ServerRequestInterface $request;
-
- public function __construct()
- {
- // todo: refactor when extbase handles PSR-15 requests
- $this->request = $GLOBALS['TYPO3_REQUEST'];
- $this->redirectUrlValidator = GeneralUtility::makeInstance(
- RedirectUrlValidator::class,
- GeneralUtility::makeInstance(SiteFinder::class)
- );
- }
-
- /**
- * Returns a property that exists in post or get context
- *
- * @return mixed|null
- */
- public function getPropertyFromGetAndPost(string $propertyName)
- {
- return $this->request->getParsedBody()[$propertyName] ?? $this->request->getQueryParams(
- )[$propertyName] ?? null;
- }
-
- /**
- * Returns the HTTP_REFERER from server request parameters if set
- */
- public function getHttpReferer(): string
- {
- return $this->request->getServerParams()['HTTP_REFERER'] ?? '';
- }
-
- /**
- * Returns validated redirect url contained in request param return_url or redirect_url
- */
- public function getRedirectUrlRequestParam(): string
- {
- // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
- $redirectUrl = (string)$this->getPropertyFromGetAndPost('return_url')
- ?: (string)$this->getPropertyFromGetAndPost('redirect_url');
-
- return $this->redirectUrlValidator->isValid($redirectUrl) ? $redirectUrl : '';
- }
-}
diff --git a/typo3/sysext/felogin/Classes/Service/RecoveryService.php b/typo3/sysext/felogin/Classes/Service/RecoveryService.php
index 4382c92e0e4e25f5b708623e38ec58607ba19345..6648728cbedc4073612a9d0a096f072ba608b3f5 100644
--- a/typo3/sysext/felogin/Classes/Service/RecoveryService.php
+++ b/typo3/sysext/felogin/Classes/Service/RecoveryService.php
@@ -18,7 +18,6 @@ declare(strict_types=1);
namespace TYPO3\CMS\FrontendLogin\Service;
use Psr\EventDispatcher\EventDispatcherInterface;
-use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
use Symfony\Component\Mime\Address;
use Symfony\Component\Mime\Email;
@@ -26,6 +25,7 @@ use TYPO3\CMS\Core\Mail\FluidEmail;
use TYPO3\CMS\Core\Mail\MailerInterface;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Configuration\ConfigurationManager;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder;
use TYPO3\CMS\Extbase\Utility\LocalizationUtility;
use TYPO3\CMS\FrontendLogin\Configuration\RecoveryConfiguration;
@@ -52,13 +52,14 @@ class RecoveryService
* Sends an email with an absolute link including the given forgot hash to the passed user
* with instructions to recover the account.
*
- *
* @throws TransportExceptionInterface
*/
- public function sendRecoveryEmail(array $userData, string $hash): void
+ public function sendRecoveryEmail(RequestInterface $request, array $userData, string $hash): void
{
+ $this->uriBuilder->setRequest($request);
+
$receiver = new Address($userData['email'], $this->getReceiverName($userData));
- $email = $this->prepareMail($receiver, $hash);
+ $email = $this->prepareMail($request, $receiver, $hash);
$event = new SendRecoveryEmailEvent($email, $userData);
$this->eventDispatcher->dispatch($event);
@@ -85,7 +86,7 @@ class RecoveryService
/**
* Create email object from configuration.
*/
- protected function prepareMail(Address $receiver, string $hash): Email
+ protected function prepareMail(RequestInterface $request, Address $receiver, string $hash): Email
{
$url = $this->uriBuilder->setCreateAbsoluteUri(true)
->uriFor(
@@ -105,6 +106,7 @@ class RecoveryService
$mailTemplatePaths = $this->recoveryConfiguration->getMailTemplatePaths();
$mail = GeneralUtility::makeInstance(FluidEmail::class, $mailTemplatePaths);
+ $mail->setRequest($request);
$mail->subject($this->getEmailSubject())
->from($this->recoveryConfiguration->getSender())
->to($receiver)
@@ -116,10 +118,6 @@ class RecoveryService
$mail->addReplyTo($replyTo);
}
- if (($GLOBALS['TYPO3_REQUEST'] ?? null) instanceof ServerRequestInterface) {
- $mail->setRequest($GLOBALS['TYPO3_REQUEST']);
- }
-
return $mail;
}
diff --git a/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php b/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
index 11df9adf9d920690178a780787946e75aa0b1b3c..da019322114bee7a1b9afbe6151cb36f49685c05 100644
--- a/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
+++ b/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
@@ -21,6 +21,7 @@ use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
use TYPO3\CMS\Core\Site\SiteFinder;
use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
/**
* Used to check if a referrer or a redirect URL is valid to be used as within Frontend Logins
@@ -32,23 +33,20 @@ class RedirectUrlValidator implements LoggerAwareInterface
{
use LoggerAwareTrait;
- protected SiteFinder $siteFinder;
-
- public function __construct(?SiteFinder $siteFinder)
+ public function __construct(protected SiteFinder $siteFinder)
{
- $this->siteFinder = $siteFinder ?? GeneralUtility::makeInstance(SiteFinder::class);
}
/**
* Checks if a given URL is valid / properly sanitized and/or the domain is known to TYPO3.
*/
- public function isValid(string $value): bool
+ public function isValid(RequestInterface $request, string $value): bool
{
if ($value === '') {
return false;
}
// Validate the URL
- if ($this->isRelativeUrl($value) || $this->isInCurrentDomain($value) || $this->isInLocalDomain($value)) {
+ if ($this->isRelativeUrl($value) || $this->isInCurrentDomain($request, $value) || $this->isInLocalDomain($value)) {
return true;
}
// URL is not allowed
@@ -60,15 +58,15 @@ class RedirectUrlValidator implements LoggerAwareInterface
* Determines whether the URL is on the current host and belongs to the
* current TYPO3 installation. The scheme part is ignored in the comparison.
*/
- protected function isInCurrentDomain(string $url): bool
+ protected function isInCurrentDomain(RequestInterface $request, string $url): bool
{
$urlWithoutSchema = preg_replace('#^https?://#', '', $url) ?? '';
- $siteUrlWithoutSchema = preg_replace('#^https?://#', '', $GLOBALS['TYPO3_REQUEST']->getAttribute('normalizedParams')->getSiteUrl()) ?? '';
+ $siteUrlWithoutSchema = preg_replace('#^https?://#', '', $request->getAttribute('normalizedParams')->getSiteUrl()) ?? '';
// this condition only exists to satisfy phpstan, which complains that this could be an array, too.
if (is_array($siteUrlWithoutSchema)) {
$siteUrlWithoutSchema = $siteUrlWithoutSchema[0];
}
- return str_starts_with($urlWithoutSchema . '/', $GLOBALS['TYPO3_REQUEST']->getAttribute('normalizedParams')->getHttpHost() . '/')
+ return str_starts_with($urlWithoutSchema . '/', $request->getAttribute('normalizedParams')->getHttpHost() . '/')
&& str_starts_with($urlWithoutSchema, $siteUrlWithoutSchema);
}
diff --git a/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserGroupRepositoryTest.php b/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserGroupRepositoryTest.php
index ea6fcae31cd0b52a67cc80b98a0d99a6e0cec621..778e12bb7a9585d39e39452cf3ec30d53f06fd75 100644
--- a/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserGroupRepositoryTest.php
+++ b/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserGroupRepositoryTest.php
@@ -17,6 +17,7 @@ declare(strict_types=1);
namespace TYPO3\CMS\FrontendLogin\Tests\Functional\Domain\Repository;
+use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
use TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserGroupRepository;
@@ -32,16 +33,10 @@ class FrontendUserGroupRepositoryTest extends FunctionalTestCase
{
parent::setUp();
- $GLOBALS['TSFE'] = $this->getMockBuilder(TypoScriptFrontendController::class)
- ->disableOriginalConstructor()
- ->getMock()
- ;
-
+ $GLOBALS['TSFE'] = $this->createMock(TypoScriptFrontendController::class);
$GLOBALS['TSFE']->fe_user = new FrontendUserAuthentication();
- $this->repository = new FrontendUserGroupRepository(
- new UserService()
- );
+ $this->repository = new FrontendUserGroupRepository(new UserService(), new ConnectionPool());
$this->importCSVDataSet(__DIR__ . '/../../Fixtures/fe_groups.csv');
}
diff --git a/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserRepositoryTest.php b/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserRepositoryTest.php
index fb3d37e13af012add6fdaaa9e0d0705fabc14652..3157554457b63124cd69b693bf75564fbb5eed21 100644
--- a/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserRepositoryTest.php
+++ b/typo3/sysext/felogin/Tests/Functional/Domain/Repository/FrontendUserRepositoryTest.php
@@ -18,6 +18,7 @@ declare(strict_types=1);
namespace TYPO3\CMS\FrontendLogin\Tests\Functional\Domain\Repository;
use TYPO3\CMS\Core\Context\Context;
+use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
use TYPO3\CMS\FrontendLogin\Domain\Repository\FrontendUserRepository;
@@ -33,18 +34,10 @@ class FrontendUserRepositoryTest extends FunctionalTestCase
{
parent::setUp();
- $context = new Context();
- $GLOBALS['TSFE'] = $this->getMockBuilder(TypoScriptFrontendController::class)
- ->disableOriginalConstructor()
- ->getMock()
- ;
-
+ $GLOBALS['TSFE'] = $this->createMock(TypoScriptFrontendController::class);
$GLOBALS['TSFE']->fe_user = new FrontendUserAuthentication();
- $this->repository = new FrontendUserRepository(
- new UserService(),
- $context
- );
+ $this->repository = new FrontendUserRepository(new UserService(), new Context(), new ConnectionPool());
$this->importCSVDataSet(__DIR__ . '/../../Fixtures/fe_users.csv');
}
diff --git a/typo3/sysext/felogin/Tests/Unit/Redirect/RedirectHandlerTest.php b/typo3/sysext/felogin/Tests/Unit/Redirect/RedirectHandlerTest.php
index 195b1c3b427ff0fadf95264a0664862c9db94fad..ba4c2db4822232658ab792d8a0328ab5aa63bf23 100644
--- a/typo3/sysext/felogin/Tests/Unit/Redirect/RedirectHandlerTest.php
+++ b/typo3/sysext/felogin/Tests/Unit/Redirect/RedirectHandlerTest.php
@@ -22,12 +22,15 @@ use PHPUnit\Framework\MockObject\MockObject;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
+use TYPO3\CMS\Core\Http\ServerRequest;
+use TYPO3\CMS\Extbase\Mvc\ExtbaseRequestParameters;
+use TYPO3\CMS\Extbase\Mvc\Request;
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
use TYPO3\CMS\FrontendLogin\Configuration\RedirectConfiguration;
use TYPO3\CMS\FrontendLogin\Redirect\RedirectHandler;
use TYPO3\CMS\FrontendLogin\Redirect\RedirectModeHandler;
-use TYPO3\CMS\FrontendLogin\Redirect\ServerRequestHandler;
+use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
class RedirectHandlerTest extends UnitTestCase
@@ -35,40 +38,61 @@ class RedirectHandlerTest extends UnitTestCase
protected bool $resetSingletonInstances = true;
protected RedirectHandler $subject;
protected ServerRequestInterface $typo3Request;
- protected MockObject&ServerRequestHandler $serverRequestHandler;
protected MockObject&RedirectModeHandler $redirectModeHandler;
+ protected MockObject&RedirectUrlValidator $redirectUrlValidator;
protected function setUp(): void
{
parent::setUp();
- $this->serverRequestHandler = $this->getMockBuilder(ServerRequestHandler::class)->disableOriginalConstructor()->getMock();
- $this->redirectModeHandler = $this->getMockBuilder(RedirectModeHandler::class)->disableOriginalConstructor()->getMock();
+ $this->redirectModeHandler = $this->createMock(RedirectModeHandler::class);
+ $this->redirectUrlValidator = $this->createMock(RedirectUrlValidator::class);
$GLOBALS['TSFE'] = $this->getMockBuilder(TypoScriptFrontendController::class)->disableOriginalConstructor()->getMock();
$this->subject = new RedirectHandler(
- $this->serverRequestHandler,
$this->redirectModeHandler,
+ $this->redirectUrlValidator,
new Context()
);
}
+ public function loginTypeLogoutDataProvider(): Generator
+ {
+ yield 'empty string on empty redirect mode' => ['', ''];
+ yield 'empty string on redirect mode logout' => ['', 'logout'];
+ }
+
/**
* @test
* @dataProvider loginTypeLogoutDataProvider
*/
public function processShouldReturnStringForLoginTypeLogout(string $expect, string $redirectMode): void
{
- $this->redirectModeHandler->method('redirectModeLogout')->with(0)->willReturn('');
+ $serverRequest = (new ServerRequest())->withAttribute('extbase', new ExtbaseRequestParameters());
+ $request = new Request($serverRequest);
- self::assertEquals($expect, $this->subject->processRedirect('logout', new RedirectConfiguration($redirectMode, '', 0, '', 0, 0), ''));
+ $this->redirectModeHandler->method('redirectModeLogout')->with($request, 0)->willReturn('');
+
+ $result = $this->subject->processRedirect($request, 'logout', new RedirectConfiguration($redirectMode, '', 0, '', 0, 0), '');
+ self::assertEquals($expect, $result);
}
- public function loginTypeLogoutDataProvider(): Generator
+ public function getLogoutRedirectUrlDataProvider(): Generator
{
- yield 'empty string on empty redirect mode' => ['', ''];
- yield 'empty string on redirect mode logout' => ['', 'logout'];
+ yield 'empty redirect mode should return empty returnUrl' => ['', [], [], false];
+ yield 'redirect mode getpost should return param return_url' => [
+ 'https://dummy.url',
+ ['getpost'],
+ ['return_url' => 'https://dummy.url'],
+ false,
+ ];
+ yield 'redirect mode getpost, logout should return param return_url on not logged in user' => [
+ 'https://dummy.url/3',
+ ['getpost', 'logout'],
+ ['return_url' => 'https://dummy.url/3'],
+ false,
+ ];
}
/**
@@ -82,32 +106,20 @@ class RedirectHandlerTest extends UnitTestCase
bool $userLoggedIn
): void {
$this->subject = new RedirectHandler(
- $this->serverRequestHandler,
$this->redirectModeHandler,
+ $this->redirectUrlValidator,
$this->getContextMockWithUserLoggedIn($userLoggedIn)
);
- $this->serverRequestHandler->method('getRedirectUrlRequestParam')->willReturn($body['return_url'] ?? '');
+ $serverRequest = (new ServerRequest())->withParsedBody($body)->withAttribute('extbase', new ExtbaseRequestParameters());
+ $request = new Request($serverRequest);
- $configuration = RedirectConfiguration::fromSettings(['redirectMode' => $redirectModes]);
- self::assertEquals($expected, $this->subject->getLogoutFormRedirectUrl($configuration, 13, false));
- }
+ if ($expected !== '') {
+ $this->redirectUrlValidator->expects(self::once())->method('isValid')->with($request, $body['return_url'])->willReturn(true);
+ }
- public function getLogoutRedirectUrlDataProvider(): Generator
- {
- yield 'empty redirect mode should return empty returnUrl' => ['', [], [], false];
- yield 'redirect mode getpost should return param return_url' => [
- 'https://dummy.url',
- ['getpost'],
- ['return_url' => 'https://dummy.url'],
- false,
- ];
- yield 'redirect mode getpost,logout should return param return_url on not logged in user' => [
- 'https://dummy.url/3',
- ['getpost', 'logout'],
- ['return_url' => 'https://dummy.url/3'],
- false,
- ];
+ $configuration = RedirectConfiguration::fromSettings(['redirectMode' => $redirectModes]);
+ self::assertEquals($expected, $this->subject->getLogoutFormRedirectUrl($request, $configuration, 13, false));
}
/**
@@ -116,16 +128,18 @@ class RedirectHandlerTest extends UnitTestCase
public function getLogoutRedirectUrlShouldReturnAlternativeRedirectUrlForLoggedInUserAndRedirectPageLogoutSet(): void
{
$this->subject = new RedirectHandler(
- $this->serverRequestHandler,
$this->redirectModeHandler,
+ $this->redirectUrlValidator,
$this->getContextMockWithUserLoggedIn()
);
- $this->serverRequestHandler->method('getRedirectUrlRequestParam')->willReturn('');
- $this->redirectModeHandler->method('redirectModeLogout')->with(3)->willReturn('https://logout.url');
+ $serverRequest = (new ServerRequest())->withAttribute('extbase', new ExtbaseRequestParameters());
+ $request = new Request($serverRequest);
+
+ $this->redirectModeHandler->method('redirectModeLogout')->with($request, 3)->willReturn('https://logout.url');
$configuration = RedirectConfiguration::fromSettings(['redirectMode' => ['logout']]);
- self::assertEquals('https://logout.url', $this->subject->getLogoutFormRedirectUrl($configuration, 3, false));
+ self::assertEquals('https://logout.url', $this->subject->getLogoutFormRedirectUrl($request, $configuration, 3, false));
}
protected function getContextMockWithUserLoggedIn(bool $userLoggedIn = true): Context
@@ -151,7 +165,13 @@ class RedirectHandlerTest extends UnitTestCase
false,
'',
],
- 'redirect enabled, GET/POST redirect mode configured' => [
+ 'redirect enabled, GET/POST redirect mode configured, invalid URL' => [
+ 'https://invalid-redirect.url',
+ 'login,getpost',
+ false,
+ '',
+ ],
+ 'redirect enabled, GET/POST redirect mode configured, valid URL' => [
'https://redirect.url',
'login,getpost',
false,
@@ -169,16 +189,21 @@ class RedirectHandlerTest extends UnitTestCase
string $redirectMode,
bool $redirectDisabled,
string $expected
- ) {
+ ): void {
$this->subject = new RedirectHandler(
- $this->serverRequestHandler,
$this->redirectModeHandler,
+ $this->redirectUrlValidator,
new Context()
);
- $this->serverRequestHandler->method('getRedirectUrlRequestParam')->willReturn($redirectUrl);
+ $serverRequest = (new ServerRequest())->withQueryParams(['redirect_url' => $redirectUrl])->withAttribute('extbase', new ExtbaseRequestParameters());
+ $request = new Request($serverRequest);
+
+ if ($redirectUrl === $expected) {
+ $this->redirectUrlValidator->expects(self::once())->method('isValid')->with($request, $redirectUrl)->willReturn(true);
+ }
$configuration = RedirectConfiguration::fromSettings(['redirectMode' => $redirectMode]);
- self::assertEquals($expected, $this->subject->getLoginFormRedirectUrl($configuration, $redirectDisabled));
+ self::assertEquals($expected, $this->subject->getLoginFormRedirectUrl($request, $configuration, $redirectDisabled));
}
}
diff --git a/typo3/sysext/felogin/Tests/Unit/Service/RecoveryServiceTest.php b/typo3/sysext/felogin/Tests/Unit/Service/RecoveryServiceTest.php
index 0085935740211b205a3c0ff0f22075d79bc2179a..88e327e279133cc41dba67fc995383f9f53b54fd 100644
--- a/typo3/sysext/felogin/Tests/Unit/Service/RecoveryServiceTest.php
+++ b/typo3/sysext/felogin/Tests/Unit/Service/RecoveryServiceTest.php
@@ -21,10 +21,16 @@ use Generator;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\Mime\Address;
+use TYPO3\CMS\Core\Core\SystemEnvironmentBuilder;
+use TYPO3\CMS\Core\Http\NormalizedParams;
+use TYPO3\CMS\Core\Http\ServerRequest;
use TYPO3\CMS\Core\Mail\FluidEmail;
use TYPO3\CMS\Core\Mail\MailerInterface;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Configuration\ConfigurationManager;
+use TYPO3\CMS\Extbase\Mvc\ExtbaseRequestParameters;
+use TYPO3\CMS\Extbase\Mvc\Request;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder;
use TYPO3\CMS\Fluid\View\TemplatePaths;
use TYPO3\CMS\FrontendLogin\Configuration\RecoveryConfiguration;
@@ -39,13 +45,20 @@ class RecoveryServiceTest extends UnitTestCase
protected MockObject&FrontendUserRepository $userRepository;
protected MockObject&RecoveryConfiguration $recoveryConfiguration;
protected MockObject&TemplatePaths $templatePaths;
+ protected RequestInterface $extbaseRequest;
protected function setUp(): void
{
parent::setUp();
- $this->userRepository = $this->getMockBuilder(FrontendUserRepository::class)->disableOriginalConstructor()->getMock();
- $this->recoveryConfiguration = $this->getMockBuilder(RecoveryConfiguration::class)->disableOriginalConstructor()->getMock();
- $this->templatePaths = $this->getMockBuilder(TemplatePaths::class)->disableOriginalConstructor()->getMock();
+ $this->userRepository = $this->createMock(FrontendUserRepository::class);
+ $this->recoveryConfiguration = $this->createMock(RecoveryConfiguration::class);
+ $this->templatePaths = $this->createMock(TemplatePaths::class);
+
+ $request = new ServerRequest();
+ $request = $request->withAttribute('applicationType', SystemEnvironmentBuilder::REQUESTTYPE_FE);
+ $normalizedParams = NormalizedParams::createFromRequest($request);
+ $request = $request->withAttribute('normalizedParams', $normalizedParams)->withAttribute('extbase', new ExtbaseRequestParameters());
+ $this->extbaseRequest = new Request($request);
}
/**
@@ -106,7 +119,7 @@ class RecoveryServiceTest extends UnitTestCase
)->getMock();
$subject->method('getEmailSubject')->willReturn('translation');
- $subject->sendRecoveryEmail($userData, $recoveryConfiguration['forgotHash']);
+ $subject->sendRecoveryEmail($this->extbaseRequest, $userData, $recoveryConfiguration['forgotHash']);
}
public function configurationDataProvider(): Generator
diff --git a/typo3/sysext/felogin/Tests/Unit/Validation/RedirectUrlValidatorTest.php b/typo3/sysext/felogin/Tests/Unit/Validation/RedirectUrlValidatorTest.php
index 9e3599d29a427a5549aa80d9a9457db0c9ba7102..133a3ffc75aca057c86deee18aa41887453e14b3 100644
--- a/typo3/sysext/felogin/Tests/Unit/Validation/RedirectUrlValidatorTest.php
+++ b/typo3/sysext/felogin/Tests/Unit/Validation/RedirectUrlValidatorTest.php
@@ -25,6 +25,9 @@ use TYPO3\CMS\Core\Http\ServerRequestFactory;
use TYPO3\CMS\Core\Site\Entity\Site;
use TYPO3\CMS\Core\Site\SiteFinder;
use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Extbase\Mvc\ExtbaseRequestParameters;
+use TYPO3\CMS\Extbase\Mvc\Request;
+use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
use TYPO3\TestingFramework\Core\AccessibleObjectInterface;
use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
@@ -34,6 +37,7 @@ class RedirectUrlValidatorTest extends UnitTestCase
protected bool $backupEnvironment = true;
protected RedirectUrlValidator&AccessibleObjectInterface $accessibleFixture;
+ protected RequestInterface $extbaseRequest;
protected string $testHostName;
protected string $testSitePath;
@@ -66,8 +70,8 @@ class RedirectUrlValidatorTest extends UnitTestCase
$request = ServerRequestFactory::fromGlobals();
$request = $request->withAttribute('applicationType', SystemEnvironmentBuilder::REQUESTTYPE_FE);
$normalizedParams = NormalizedParams::createFromRequest($request);
- $request = $request->withAttribute('normalizedParams', $normalizedParams);
- $GLOBALS['TYPO3_REQUEST'] = $request;
+ $request = $request->withAttribute('normalizedParams', $normalizedParams)->withAttribute('extbase', new ExtbaseRequestParameters());
+ $this->extbaseRequest = new Request($request);
}
/**
@@ -110,7 +114,7 @@ class RedirectUrlValidatorTest extends UnitTestCase
Environment::getPublicPath() . '/index.php',
Environment::isWindows() ? 'WINDOWS' : 'UNIX'
);
- self::assertFalse($this->accessibleFixture->isValid($url));
+ self::assertFalse($this->accessibleFixture->isValid($this->extbaseRequest, $url));
}
/**
@@ -121,13 +125,13 @@ class RedirectUrlValidatorTest extends UnitTestCase
return [
'sane absolute URL' => ['http://sub.domainhostname.tld/path/'],
'sane absolute URL with script' => ['http://sub.domainhostname.tld/path/index.php?id=1'],
- 'sane absolute URL with realurl' => ['http://sub.domainhostname.tld/path/foo/bar/foo.html'],
+ 'sane absolute URL with routing' => ['http://sub.domainhostname.tld/path/foo/bar/foo.html'],
'sane absolute URL with homedir' => ['http://sub.domainhostname.tld/path/~user/'],
'sane absolute URL with some strange chars encoded' => ['http://sub.domainhostname.tld/path/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'],
'relative URL, no leading slash 1' => ['index.php?id=1'],
'relative URL, no leading slash 2' => ['foo/bar/index.php?id=2'],
- 'relative URL, leading slash, no realurl' => ['/index.php?id=1'],
- 'relative URL, leading slash, realurl' => ['/de/service/imprint.html'],
+ 'relative URL, leading slash, no routing' => ['/index.php?id=1'],
+ 'relative URL, leading slash, routing' => ['/de/service/imprint.html'],
];
}
@@ -148,7 +152,7 @@ class RedirectUrlValidatorTest extends UnitTestCase
Environment::getPublicPath() . '/index.php',
Environment::isWindows() ? 'WINDOWS' : 'UNIX'
);
- self::assertTrue($this->accessibleFixture->isValid($url));
+ self::assertTrue($this->accessibleFixture->isValid($this->extbaseRequest, $url));
}
/**
@@ -175,7 +179,7 @@ class RedirectUrlValidatorTest extends UnitTestCase
GeneralUtility::flushInternalRuntimeCaches();
$this->testSitePath = '/subdir/';
$this->setUpFakeSitePathAndHost();
- self::assertFalse($this->accessibleFixture->isValid($url));
+ self::assertFalse($this->accessibleFixture->isValid($this->extbaseRequest, $url));
}
/**
@@ -185,12 +189,12 @@ class RedirectUrlValidatorTest extends UnitTestCase
{
return [
'absolute URL, correct subdirectory' => ['http://hostname.tld/subdir/'],
- 'absolute URL, correct subdirectory, realurl' => ['http://hostname.tld/subdir/de/imprint.html'],
- 'absolute URL, correct subdirectory, no realurl' => ['http://hostname.tld/subdir/index.php?id=10'],
+ 'absolute URL, correct subdirectory, routing' => ['http://hostname.tld/subdir/de/imprint.html'],
+ 'absolute URL, correct subdirectory, no routing' => ['http://hostname.tld/subdir/index.php?id=10'],
'absolute URL, correct subdirectory of site base' => ['http://sub.domainhostname.tld/path/'],
- 'relative URL, no leading slash, realurl' => ['de/service/imprint.html'],
- 'relative URL, no leading slash, no realurl' => ['index.php?id=1'],
- 'relative nested URL, no leading slash, no realurl' => ['foo/bar/index.php?id=2'],
+ 'relative URL, no leading slash, routing' => ['de/service/imprint.html'],
+ 'relative URL, no leading slash, no routing' => ['index.php?id=1'],
+ 'relative nested URL, no leading slash, no routing' => ['foo/bar/index.php?id=2'],
];
}
@@ -213,7 +217,7 @@ class RedirectUrlValidatorTest extends UnitTestCase
);
$this->testSitePath = '/subdir/';
$this->setUpFakeSitePathAndHost();
- self::assertTrue($this->accessibleFixture->isValid($url));
+ self::assertTrue($this->accessibleFixture->isValid($this->extbaseRequest, $url));
}
/**************************************************
@@ -275,10 +279,10 @@ class RedirectUrlValidatorTest extends UnitTestCase
$request = ServerRequestFactory::fromGlobals();
$request = $request->withAttribute('applicationType', SystemEnvironmentBuilder::REQUESTTYPE_FE);
$normalizedParams = NormalizedParams::createFromRequest($request);
- $request = $request->withAttribute('normalizedParams', $normalizedParams);
- $GLOBALS['TYPO3_REQUEST'] = $request;
+ $request = $request->withAttribute('normalizedParams', $normalizedParams)->withAttribute('extbase', new ExtbaseRequestParameters());
+ $extbaseRequest = new Request($request);
- self::assertTrue($this->accessibleFixture->_call('isInCurrentDomain', $url));
+ self::assertTrue($this->accessibleFixture->_call('isInCurrentDomain', $extbaseRequest, $url));
}
public function isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider(): array
@@ -304,7 +308,14 @@ class RedirectUrlValidatorTest extends UnitTestCase
public function isInCurrentDomainReturnsFalseIfDomainsAreDifferent(string $host, string $url): void
{
$_SERVER['HTTP_HOST'] = $host;
- self::assertFalse($this->accessibleFixture->_call('isInCurrentDomain', $url));
+
+ $request = ServerRequestFactory::fromGlobals();
+ $request = $request->withAttribute('applicationType', SystemEnvironmentBuilder::REQUESTTYPE_FE);
+ $normalizedParams = NormalizedParams::createFromRequest($request);
+ $request = $request->withAttribute('normalizedParams', $normalizedParams)->withAttribute('extbase', new ExtbaseRequestParameters());
+ $extbaseRequest = new Request($request);
+
+ self::assertFalse($this->accessibleFixture->_call('isInCurrentDomain', $extbaseRequest, $url));
}
/**************************************************