From d92c3c6f70851a71c0f23e6be6204516a89f6c89 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Thu, 7 Mar 2024 16:18:25 +0100
Subject: [PATCH] [TASK] Streamline userid/username handling and
system-maintainer checks
The new methods AbstractUserAuthentication::getUserName() and
AbstractUserAuthentication::getUserId() can be used to resolve
the corresponding values (instead of using the $user->user array).
In addition, the pure system-maintainer checks have been moved into
to central BackendUserAuthentication::isSystemMaintainer(). The term
"pure" refers to ignoring the development context and not applying
any fallbacks in case the setting is empty.
Resolves: #103323
Releases: main, 12.4
Change-Id: Ia7db222dac32acc2ef13a34ded4545ba1aedefc3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83306
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
.../ItemProviders/RecordProvider.php | 3 +--
.../Controller/EditDocumentController.php | 5 ++--
.../Classes/Controller/MfaAjaxController.php | 15 +++++------
.../Classes/Controller/MfaController.php | 4 +--
.../Classes/Controller/MfaSetupController.php | 4 +--
.../RecordListDownloadController.php | 2 +-
.../Controller/SwitchUserController.php | 6 ++---
.../Classes/Form/Element/MfaInfoElement.php | 13 +++++----
.../AdminIsSystemMaintainer.php | 2 +-
.../AddLiveSearchResultActionsListener.php | 2 +-
.../ViewHelpers/SwitchUserViewHelper.php | 2 +-
.../AbstractUserAuthentication.php | 27 +++++++++++++++----
.../BackendUserAuthentication.php | 19 ++++++-------
.../Mfa/MfaProviderPropertyManager.php | 6 ++---
.../Classes/Hooks/TcaDisplayConditions.php | 2 +-
.../FrontendUserAuthentication.php | 4 +--
.../Controller/SetupModuleController.php | 5 ++--
.../Classes/Renderer/NoteRenderer.php | 4 +--
.../MfaVerificationErrorOccurredMessage.php | 4 +--
19 files changed, 71 insertions(+), 58 deletions(-)
diff --git a/typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php b/typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php
index 6f0254e29a1d..3e4b6491cae0 100644
--- a/typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php
+++ b/typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php
@@ -616,8 +616,7 @@ class RecordProvider extends AbstractProvider
*/
protected function isRecordCurrentBackendUser(): bool
{
- return $this->table === 'be_users'
- && (int)($this->record['uid'] ?? 0) === (int)$this->backendUser->user[$this->backendUser->userid_column];
+ return $this->table === 'be_users' && (int)($this->record['uid'] ?? 0) === $this->backendUser->getUserId();
}
/**
diff --git a/typo3/sysext/backend/Classes/Controller/EditDocumentController.php b/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
index 08a2cc1aa7c9..6f59a0771de7 100644
--- a/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
+++ b/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
@@ -523,7 +523,7 @@ class EditDocumentController
$tce->process_cmdmap();
// Update the module menu for the current backend user, as they updated their UI language
- $currentUserId = (int)($beUser->user[$beUser->userid_column] ?? 0);
+ $currentUserId = $beUser->getUserId();
if ($currentUserId
&& (string)($this->data['be_users'][$currentUserId]['lang'] ?? '') !== ''
&& $this->data['be_users'][$currentUserId]['lang'] !== $beUser->user['lang']
@@ -1846,8 +1846,7 @@ class EditDocumentController
protected function isRecordCurrentBackendUser(): bool
{
$backendUser = $this->getBackendUser();
- return $this->firstEl['table'] === 'be_users'
- && (int)($this->firstEl['uid'] ?? 0) === (int)$backendUser->user[$backendUser->userid_column];
+ return $this->firstEl['table'] === 'be_users' && (int)($this->firstEl['uid'] ?? 0) === $backendUser->getUserId();
}
/**
diff --git a/typo3/sysext/backend/Classes/Controller/MfaAjaxController.php b/typo3/sysext/backend/Classes/Controller/MfaAjaxController.php
index 5a7d6c059fcd..6061454191e6 100644
--- a/typo3/sysext/backend/Classes/Controller/MfaAjaxController.php
+++ b/typo3/sysext/backend/Classes/Controller/MfaAjaxController.php
@@ -83,7 +83,7 @@ class MfaAjaxController
protected function deactivateAction(ServerRequestInterface $request, AbstractUserAuthentication $user): array
{
$lang = $this->getLanguageService();
- $userName = (string)($user->user[$user->username_column] ?? '');
+ $userName = $user->getUserName() ?? '';
$providerToDeactivate = (string)($request->getParsedBody()['provider'] ?? '');
if ($providerToDeactivate === '') {
@@ -191,13 +191,12 @@ class MfaAjaxController
return false;
}
// Providers from system maintainers can only be deactivated by system maintainers.
- // This check is however only be necessary if the target is a backend user.
- if ($user instanceof BackendUserAuthentication) {
- $systemMaintainers = array_map(intval(...), $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? []);
- $isTargetUserSystemMaintainer = $user->isAdmin() && in_array((int)$user->user[$user->userid_column], $systemMaintainers, true);
- if ($isTargetUserSystemMaintainer && !$this->getBackendUser()->isSystemMaintainer()) {
- return false;
- }
+ // However, this check is only necessary if the target is a backend user.
+ if (($user instanceof BackendUserAuthentication)
+ && $user->isSystemMaintainer(true)
+ && !$this->getBackendUser()->isSystemMaintainer()
+ ) {
+ return false;
}
return true;
}
diff --git a/typo3/sysext/backend/Classes/Controller/MfaController.php b/typo3/sysext/backend/Classes/Controller/MfaController.php
index 9def44839699..a19527e64b85 100644
--- a/typo3/sysext/backend/Classes/Controller/MfaController.php
+++ b/typo3/sysext/backend/Classes/Controller/MfaController.php
@@ -194,10 +194,10 @@ class MfaController extends AbstractMfaController
int $error = SystemLogErrorClassification::MESSAGE
): void {
$user = $this->getBackendUser();
- $username = $user->user[$user->username_column];
+ $username = $user->getUserName();
$context = [
'user' => [
- 'uid' => $user->user[$user->userid_column],
+ 'uid' => $user->getUserId(),
'username' => $username,
],
];
diff --git a/typo3/sysext/backend/Classes/Controller/MfaSetupController.php b/typo3/sysext/backend/Classes/Controller/MfaSetupController.php
index 9a8b11b6ec66..cc7e3ca4ffbb 100644
--- a/typo3/sysext/backend/Classes/Controller/MfaSetupController.php
+++ b/typo3/sysext/backend/Classes/Controller/MfaSetupController.php
@@ -264,8 +264,8 @@ class MfaSetupController extends AbstractMfaController
$user = $this->getBackendUser();
$context = [
'user' => [
- 'uid' => $user->user[$user->userid_column],
- 'username' => $user->user[$user->username_column],
+ 'uid' => $user->getUserId(),
+ 'username' => $user->getUserName(),
],
];
if ($mfaProvider !== null) {
diff --git a/typo3/sysext/backend/Classes/Controller/RecordListDownloadController.php b/typo3/sysext/backend/Classes/Controller/RecordListDownloadController.php
index 77569709878c..3cf994b485d2 100644
--- a/typo3/sysext/backend/Classes/Controller/RecordListDownloadController.php
+++ b/typo3/sysext/backend/Classes/Controller/RecordListDownloadController.php
@@ -226,7 +226,7 @@ class RecordListDownloadController
'table' => $this->table,
'page' => $this->id,
'timestamp' => GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('date', 'timestamp'),
- 'user' => $user->user[$user->username_column] ?? '',
+ 'user' => $user->getUserName() ?? '',
'site' => $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] ?? '',
'options' => [
'columns' => array_values($headerRow),
diff --git a/typo3/sysext/backend/Classes/Controller/SwitchUserController.php b/typo3/sysext/backend/Classes/Controller/SwitchUserController.php
index c7a821689788..4b61dc8abc96 100644
--- a/typo3/sysext/backend/Classes/Controller/SwitchUserController.php
+++ b/typo3/sysext/backend/Classes/Controller/SwitchUserController.php
@@ -65,8 +65,8 @@ class SwitchUserController
$targetUserId = (int)($request->getParsedBody()['targetUser'] ?? 0);
if (!$targetUserId
- || $targetUserId === (int)($currentUser->user[$currentUser->userid_column] ?? 0)
|| !$currentUser->isAdmin()
+ || $targetUserId === $currentUser->getUserId()
|| $currentUser->getOriginalUserIdWhenInSwitchUserMode() !== null
) {
return $this->jsonResponse(['success' => false]);
@@ -86,13 +86,13 @@ class SwitchUserController
// Write user switch to log
$currentUser->writelog(Type::LOGIN, 2, 0, 1, 'User %s switched to user %s (be_users:%s)', [
- $currentUser->user[$currentUser->username_column] ?? '',
+ $currentUser->getUserName() ?? '',
$targetUser['username'] ?? '',
$targetUserId,
]);
$sessionObject = $currentUser->getSession();
- $sessionObject->set('backuserid', (int)($currentUser->user[$currentUser->userid_column] ?? 0));
+ $sessionObject->set('backuserid', $currentUser->getUserId() ?? 0);
$sessionRecord = $sessionObject->toArray();
$sessionRecord['ses_userid'] = $targetUserId;
$this->sessionBackend->update($sessionObject->getIdentifier(), $sessionRecord);
diff --git a/typo3/sysext/backend/Classes/Form/Element/MfaInfoElement.php b/typo3/sysext/backend/Classes/Form/Element/MfaInfoElement.php
index 3f377542340f..bbce9d7aad5f 100644
--- a/typo3/sysext/backend/Classes/Form/Element/MfaInfoElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/MfaInfoElement.php
@@ -65,13 +65,12 @@ class MfaInfoElement extends AbstractFormElement
$isDeactivationAllowed = true;
// Providers from system maintainers can only be deactivated by system maintainers.
- // This check is however only be necessary if the target is a backend user.
- if ($targetUser instanceof BackendUserAuthentication) {
- $systemMaintainers = array_map(intval(...), $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? []);
- $isTargetUserSystemMaintainer = $targetUser->isAdmin() && in_array($userId, $systemMaintainers, true);
- if ($isTargetUserSystemMaintainer && !$currentBackendUser->isSystemMaintainer()) {
- $isDeactivationAllowed = false;
- }
+ // However, this check is only necessary if the target is a backend user.
+ if (($targetUser instanceof BackendUserAuthentication)
+ && $targetUser->isSystemMaintainer(true)
+ && !$currentBackendUser->isSystemMaintainer()
+ ) {
+ $isDeactivationAllowed = false;
}
// Fetch providers from the mfa field
diff --git a/typo3/sysext/backend/Classes/Form/FieldInformation/AdminIsSystemMaintainer.php b/typo3/sysext/backend/Classes/Form/FieldInformation/AdminIsSystemMaintainer.php
index c5f91171f306..303bfc412fb1 100644
--- a/typo3/sysext/backend/Classes/Form/FieldInformation/AdminIsSystemMaintainer.php
+++ b/typo3/sysext/backend/Classes/Form/FieldInformation/AdminIsSystemMaintainer.php
@@ -49,7 +49,7 @@ class AdminIsSystemMaintainer extends AbstractNode
return $resultArray;
}
- // False if current user is not in system maintainer list or if switch to user mode is active
+ // False, if the current user is not in the list of system maintainers, or if the switch to user mode is active
$isCurrentUserSystemMaintainer = $this->getBackendUser()->isSystemMaintainer();
$systemMaintainers = array_map(intval(...), $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? []);
$isTargetUserInSystemMaintainerList = in_array((int)$this->data['vanillaUid'], $systemMaintainers, true);
diff --git a/typo3/sysext/backend/Classes/Search/EventListener/AddLiveSearchResultActionsListener.php b/typo3/sysext/backend/Classes/Search/EventListener/AddLiveSearchResultActionsListener.php
index 6a0a2e7a5e2e..96af58956494 100644
--- a/typo3/sysext/backend/Classes/Search/EventListener/AddLiveSearchResultActionsListener.php
+++ b/typo3/sysext/backend/Classes/Search/EventListener/AddLiveSearchResultActionsListener.php
@@ -67,9 +67,9 @@ final class AddLiveSearchResultActionsListener
if (
$backendUserIsActive
- && (int)(($currentUser->user[$currentUser->userid_column] ?? 0) !== $resultItem->getExtraData()['uid'])
&& $currentUser->isAdmin()
&& $currentUser->getOriginalUserIdWhenInSwitchUserMode() === null
+ && (int)$currentUser->getUserId() !== (int)$resultItem->getExtraData()['uid']
) {
$switchUserAction = (new ResultItemAction('switch_backend_user'))
->setLabel($this->languageService->sL('LLL:EXT:beuser/Resources/Private/Language/locallang.xlf:switchBackMode'))
diff --git a/typo3/sysext/beuser/Classes/ViewHelpers/SwitchUserViewHelper.php b/typo3/sysext/beuser/Classes/ViewHelpers/SwitchUserViewHelper.php
index e153a6826682..a9b09b9e2c2f 100644
--- a/typo3/sysext/beuser/Classes/ViewHelpers/SwitchUserViewHelper.php
+++ b/typo3/sysext/beuser/Classes/ViewHelpers/SwitchUserViewHelper.php
@@ -52,7 +52,7 @@ final class SwitchUserViewHelper extends AbstractTagBasedViewHelper
$currentUser = self::getBackendUserAuthentication();
$iconFactory = GeneralUtility::makeInstance(IconFactory::class);
- if ((int)$targetUser->getUid() === (int)($currentUser->user[$currentUser->userid_column] ?? 0)
+ if ((int)$targetUser->getUid() === (int)$currentUser->getUserId()
|| !$targetUser->isActive()
|| !$currentUser->isAdmin()
|| $currentUser->getOriginalUserIdWhenInSwitchUserMode() !== null
diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index 81c6ce791321..ce4066b8a20b 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -557,8 +557,8 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
// The login session is started.
$this->loginSessionStarted = true;
$this->logger->debug('User session finally read', [
- $this->userid_column => $this->user[$this->userid_column],
- $this->username_column => $this->user[$this->username_column],
+ $this->userid_column => $this->getUserId(),
+ $this->username_column => $this->getUserName(),
]);
} else {
// if we come here the current session is for sure not anonymous as this is a pre-condition for $authenticated = true
@@ -941,15 +941,16 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
*/
public function writeUC()
{
- if (is_array($this->user) && $this->user[$this->userid_column]) {
+ $userId = $this->getUserId();
+ if ($userId) {
$this->logger->debug('writeUC: {userid_column}={value}', [
'userid_column' => $this->userid_column,
- 'value' => $this->user[$this->userid_column],
+ 'value' => $userId,
]);
GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table)->update(
$this->user_table,
['uc' => serialize($this->uc)],
- [$this->userid_column => (int)$this->user[$this->userid_column]],
+ [$this->userid_column => $userId],
['uc' => Connection::PARAM_LOB]
);
}
@@ -1253,6 +1254,22 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
return $query->executeQuery()->fetchAssociative();
}
+ public function getUserId(): ?int
+ {
+ if (isset($this->user[$this->userid_column])) {
+ return (int)$this->user[$this->userid_column];
+ }
+ return null;
+ }
+
+ public function getUserName(): ?string
+ {
+ if (isset($this->user[$this->username_column])) {
+ return (string)$this->user[$this->username_column];
+ }
+ return null;
+ }
+
public function getSession(): UserSession
{
return $this->userSession;
diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index 1dafb4d0b6ba..c6a15ca09306 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -375,17 +375,19 @@ class BackendUserAuthentication extends AbstractUserAuthentication
* Checks if the user is in the valid list of allowed system maintainers. if the list is not set,
* then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production
* systems). If the currently logged in user is in "switch user" mode, this method will return false.
+ *
+ * @param bool $pure Whether to apply pure behavior (ignore development & skip fallback for empty setting)
*/
- public function isSystemMaintainer(): bool
+ public function isSystemMaintainer(bool $pure = false): bool
{
if (!$this->isAdmin()) {
return false;
}
- if ($GLOBALS['BE_USER']->getOriginalUserIdWhenInSwitchUserMode()) {
+ if (!$pure && $GLOBALS['BE_USER']->getOriginalUserIdWhenInSwitchUserMode()) {
return false;
}
- if (Environment::getContext()->isDevelopment()) {
+ if (!$pure && Environment::getContext()->isDevelopment()) {
return true;
}
$systemMaintainers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? [];
@@ -396,11 +398,10 @@ class BackendUserAuthentication extends AbstractUserAuthentication
// No system maintainers set up yet, so any admin is allowed to access the modules
// but explicitly no system maintainers allowed (empty string in TYPO3_CONF_VARS).
// @todo: this needs to be adjusted once system maintainers can log into the install tool with their credentials
- if (isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'])
- && empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'])) {
- return false;
+ if (!$pure && !isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'])) {
+ return true;
}
- return true;
+ return false;
}
/**
@@ -2045,8 +2046,8 @@ class BackendUserAuthentication extends AbstractUserAuthentication
// In case the current session is a "switch-user" session, MFA is not required
if ($this->getOriginalUserIdWhenInSwitchUserMode() !== null) {
$this->logger->debug('MFA is skipped in switch user mode', [
- $this->userid_column => $this->user[$this->userid_column],
- $this->username_column => $this->user[$this->username_column],
+ $this->userid_column => $this->getUserId(),
+ $this->username_column => $this->getUserName(),
]);
return;
}
diff --git a/typo3/sysext/core/Classes/Authentication/Mfa/MfaProviderPropertyManager.php b/typo3/sysext/core/Classes/Authentication/Mfa/MfaProviderPropertyManager.php
index 751e6885cd68..ea96331a1142 100644
--- a/typo3/sysext/core/Classes/Authentication/Mfa/MfaProviderPropertyManager.php
+++ b/typo3/sysext/core/Classes/Authentication/Mfa/MfaProviderPropertyManager.php
@@ -157,8 +157,8 @@ class MfaProviderPropertyManager implements LoggerAwareInterface
$this->logger->debug('MFA properties updated', [
'provider' => $this->providerIdentifier,
'user' => [
- 'uid' => $this->user->user[$this->user->userid_column],
- 'username' => $this->user->user[$this->user->username_column],
+ 'uid' => $this->user->getUserId(),
+ 'username' => $this->user->getUserName(),
],
]);
@@ -166,7 +166,7 @@ class MfaProviderPropertyManager implements LoggerAwareInterface
return (bool)GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user->user_table)->update(
$this->user->user_table,
[self::DATABASE_FIELD_NAME => $mfa],
- [$this->user->userid_column => (int)$this->user->user[$this->user->userid_column]],
+ [$this->user->userid_column => (int)$this->user->getUserId()],
[self::DATABASE_FIELD_NAME => Connection::PARAM_LOB]
);
}
diff --git a/typo3/sysext/core/Classes/Hooks/TcaDisplayConditions.php b/typo3/sysext/core/Classes/Hooks/TcaDisplayConditions.php
index 21a66562f3b3..0d531b42fd6a 100644
--- a/typo3/sysext/core/Classes/Hooks/TcaDisplayConditions.php
+++ b/typo3/sysext/core/Classes/Hooks/TcaDisplayConditions.php
@@ -49,7 +49,7 @@ class TcaDisplayConditions
public function isRecordCurrentUser(array $parameters): bool
{
$backendUser = $this->getBackendUser();
- $isCurrentUser = (int)($parameters['record']['uid'] ?? 0) === (int)$backendUser->user[$backendUser->userid_column];
+ $isCurrentUser = (int)($parameters['record']['uid'] ?? 0) === (int)$backendUser->getUserId();
return strtolower($parameters['conditionParameters'][0] ?? 'true') !== 'true' ? !$isCurrentUser : $isCurrentUser;
}
diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index 32ff2af66c12..164e64fe2f13 100644
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -268,8 +268,8 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
$groupDataArr = [];
if (is_array($this->user)) {
$this->logger->debug('Get usergroups for user', [
- $this->userid_column => $this->user[$this->userid_column],
- $this->username_column => $this->user[$this->username_column],
+ $this->userid_column => $this->getUserId(),
+ $this->username_column => $this->getUserName(),
]);
$groupDataArr = GeneralUtility::makeInstance(GroupResolver::class)->resolveGroupsForUser($this->user, $this->usergroup_table);
}
diff --git a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
index acf7e2da4e90..e8a627c3d206 100644
--- a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
+++ b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
@@ -774,9 +774,8 @@ class SetupModuleController
}
$backendUser = $this->getBackendUser();
- $systemMaintainers = array_map('intval', $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? []);
- if ($backendUser->getOriginalUserIdWhenInSwitchUserMode() && in_array((int)$backendUser->user['uid'], $systemMaintainers, true)) {
- // DataHandler denies changing password of system maintainer users in switch user mode.
+ if ($backendUser->getOriginalUserIdWhenInSwitchUserMode() && $backendUser->isSystemMaintainer(true)) {
+ // DataHandler denies changing the password of system maintainer users in switch user mode.
// Do not show the password fields is this case.
$key = array_search('password', $allowedFields);
if ($key !== false) {
diff --git a/typo3/sysext/sys_note/Classes/Renderer/NoteRenderer.php b/typo3/sysext/sys_note/Classes/Renderer/NoteRenderer.php
index 389a9eff6493..11d8e25cb14e 100644
--- a/typo3/sysext/sys_note/Classes/Renderer/NoteRenderer.php
+++ b/typo3/sysext/sys_note/Classes/Renderer/NoteRenderer.php
@@ -50,13 +50,13 @@ class NoteRenderer
{
$backendUser = $this->getBackendUser();
if ($pid <= 0
- || empty($backendUser->user[$backendUser->userid_column])
+ || empty($backendUser->getUserId())
|| !$backendUser->check('tables_select', 'sys_note')
) {
return '';
}
- $notes = $this->sysNoteRepository->findByPidAndAuthorId($pid, (int)$backendUser->user[$backendUser->userid_column], $position);
+ $notes = $this->sysNoteRepository->findByPidAndAuthorId($pid, (int)$backendUser->getUserId(), $position);
if (!$notes) {
return '';
}
diff --git a/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php b/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php
index a2ff91d179a5..6cef5314ea96 100644
--- a/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php
+++ b/typo3/sysext/webhooks/Classes/Message/MfaVerificationErrorOccurredMessage.php
@@ -55,8 +55,8 @@ final class MfaVerificationErrorOccurredMessage implements WebhookMessageInterfa
$event->getRequest()->getUri(),
[
'user' => [
- 'id' => $user->user[$user->userid_column],
- 'name' => $user->user[$user->username_column],
+ 'id' => $user->getUserId(),
+ 'name' => $user->getUserName(),
],
'provider' => $event->getProviderIdentifier(),
'isLocked' => $event->isProviderLocked(),
--
GitLab