diff --git a/typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php b/typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
index dbaca5da8c49c85650a41dddc69dcd86020a1184..759ea51a934f078cbe9363c5bba5010c13f47fe4 100644
--- a/typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
+++ b/typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
@@ -98,32 +98,32 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
/**
* Initializes the admin panel.
*
- * @deprecated since TYPO3 v9 - rewritten as middleware
+ * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0 - rewritten as middleware
*/
public function initializeAdminPanel()
{
- trigger_error('Method will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
+ trigger_error('FrontendBackendUserAuthentication->initializeAdminPanel() will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
}
/**
* Initializes frontend editing.
*
- * @deprecated since TYPO3 v9 - rewritten as middleware
+ * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0 - rewritten as middleware
*/
public function initializeFrontendEdit()
{
- trigger_error('Method will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
+ trigger_error('FrontendBackendUserAuthentication->initializeFrontendEdit() will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
}
/**
* Determines whether frontend editing is currently active.
*
- * @deprecated since TYPO3 v9 - see ext "feedit" for API
+ * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0 - see ext "feedit" for API
* @return bool Whether frontend editing is active
*/
public function isFrontendEditingActive()
{
- trigger_error('Method will be removed in TYPO3 v10 - use underlying TSFE directly.', E_USER_DEPRECATED);
+ trigger_error('FrontendBackendUserAuthentication->isFrontendEditingActive() will be removed in TYPO3 v10 - use underlying TSFE directly.', E_USER_DEPRECATED);
return $this->extAdmEnabled && (
$this->adminPanel->isAdminModuleEnabled('edit') ||
(int)$GLOBALS['TSFE']->displayEditIcons === 1 ||
@@ -139,7 +139,7 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
*/
public function displayAdminPanel()
{
- trigger_error('Method will be removed in TYPO3 v10 - use MainController of adminpanel extension.', E_USER_DEPRECATED);
+ trigger_error('FrontendBackendUserAuthentication->displayAdminPanel() will be removed in TYPO3 v10 - use MainController of adminpanel extension.', E_USER_DEPRECATED);
return $this->adminPanel->display();
}
@@ -151,7 +151,7 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
*/
public function isAdminPanelVisible()
{
- trigger_error('Method will be removed in TYPO3 v10 - use new adminpanel API instead.', E_USER_DEPRECATED);
+ trigger_error('FrontendBackendUserAuthentication->isAdminPanelVisible() will be removed in TYPO3 v10 - use new adminpanel API instead.', E_USER_DEPRECATED);
return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel'];
}
@@ -165,9 +165,11 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
* Used in the frontend.
*
* @return bool Returns TRUE if access is OK
+ * @deprecated since TYPO3 v9.4, will be removed in TYPO3 v10.0.
*/
public function checkBackendAccessSettingsFromInitPhp()
{
+ trigger_error('FrontendBackendUserAuthentication->checkBackendAccessSettingsFromInitPhp() will be removed in TYPO3 v10.0. Use a PSR-15 middleware and backendCheckLogin() instead.', E_USER_DEPRECATED);
// Check Hardcoded lock on BE
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
return false;
@@ -190,6 +192,29 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
return $this->isUserAllowedToLogin();
}
+ /**
+ * Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
+ * Used in the frontend.
+ *
+ * @param bool $proceedIfNoUserIsLoggedIn
+ * @return bool Returns TRUE if access is OK
+ */
+ public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
+ {
+ if (empty($this->user['uid'])) {
+ return false;
+ }
+ // Check Hardcoded lock on BE
+ if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
+ return false;
+ }
+ // Check IP mask based on TSconfig
+ if (!$this->checkLockToIP()) {
+ return false;
+ }
+ return $this->isUserAllowedToLogin();
+ }
+
/**
* Evaluates if the Backend User has read access to the input page record.
* The evaluation is based on both read-permission and whether the page is found in one of the users webmounts.
@@ -201,9 +226,11 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
*
* @param array $pageRec The page record to evaluate for
* @return bool TRUE if read access
+ * @deprecated since TYPO3 v9.5, will be removed in TYPO3 v10.0. Use underlying calls directly.
*/
public function extPageReadAccess($pageRec)
{
+ trigger_error('FrontendBackendUserAuthentication->extPageReadAccess() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, Permission::PAGE_SHOW);
}
@@ -221,9 +248,11 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
* @param int $begin Is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
* @param string $perms_clause Perms clause
* @return string Returns the list with a comma in the end (if any pages selected!)
+ * @deprecated since TYPO3 v9.5, will be removed in TYPO3 v10.0.
*/
public function extGetTreeList($id, $depth, $begin = 0, $perms_clause)
{
+ trigger_error('FrontendBackendUserAuthentication->extGetTreeList() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
/** @var QueryBuilder $queryBuilder */
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
->getQueryBuilderForTable('pages');
@@ -387,9 +416,11 @@ class FrontendBackendUserAuthentication extends BackendUserAuthentication
*
* @param string $key Key for a label in the $GLOBALS['LOCAL_LANG'] array of "EXT:core/Resources/Private/Language/locallang_tsfe.xlf
* @return string The value for the $key
+ * @deprecated since TYPO3 v9.5, will be removed in TYPO3 v10.0.
*/
public function extGetLL($key)
{
+ trigger_error('FrontendBackendUserAuthentication->extGetLL() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
if (!is_array($GLOBALS['LOCAL_LANG'])) {
$this->getLanguageService()->includeLLFile('EXT:core/Resources/Private/Language/locallang_tsfe.xlf');
if (!is_array($GLOBALS['LOCAL_LANG'])) {
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst
new file mode 100644
index 0000000000000000000000000000000000000000..da29ee18bb18b0ef4562567b044e9545911fab57
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst
@@ -0,0 +1,40 @@
+.. include:: ../../Includes.txt
+
+===============================================================
+Deprecation: #86288 - FrontendBackendUserAuthentication methods
+===============================================================
+
+See :issue:`86288`
+
+Description
+===========
+
+Due to refactorings within AdminPanel, EXT:feedit and via PSR-15 middlewares, the extension class
+:php:`TYPO3\CMS\Backend\FrontendBackendUserAuthentication`, which is instantiated in Frontend
+Requests as :php:`$GLOBALS['BE_USER']` has some unused methods which are now deprecated:
+
+* :php:`checkBackendAccessSettingsFromInitPhp()`
+* :php:`extPageReadAccess()`
+* :php:`extGetTreeList()`
+* :php:`extGetLL()`
+
+
+Impact
+======
+
+Calling any of the methods above will trigger a deprecation warning.
+
+
+Affected Installations
+======================
+
+Any TYPO3 installation with custom PHP code accessing at least one of the methods above.
+
+
+Migration
+=========
+
+Use either methods from :php:`BackendUserAuthentication` directly, or - if in context of Admin Panel or
+Frontend Editing - use the API methods within these modules directly, if necessary.
+
+.. index:: FullyScanned
\ No newline at end of file
diff --git a/typo3/sysext/frontend/Classes/Middleware/BackendUserAuthenticator.php b/typo3/sysext/frontend/Classes/Middleware/BackendUserAuthenticator.php
index 90b9a05f6fab2a40cd60e8dc75841481fcaadfe7..a48ef99542adeda2dae060cb061e07168ca8437d 100644
--- a/typo3/sysext/frontend/Classes/Middleware/BackendUserAuthenticator.php
+++ b/typo3/sysext/frontend/Classes/Middleware/BackendUserAuthenticator.php
@@ -26,6 +26,7 @@ use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
use TYPO3\CMS\Core\Context\WorkspaceAspect;
use TYPO3\CMS\Core\Core\Bootstrap;
+use TYPO3\CMS\Core\Http\NormalizedParams;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
@@ -65,7 +66,7 @@ class BackendUserAuthenticator implements MiddlewareInterface
// we proceed and check if a backend user is logged in.
$backendUserObject = null;
if (isset($request->getCookieParams()[BackendUserAuthentication::getCookieName()])) {
- $backendUserObject = $this->initializeBackendUser();
+ $backendUserObject = $this->initializeBackendUser($request);
}
$GLOBALS['BE_USER'] = $backendUserObject;
@@ -97,9 +98,11 @@ class BackendUserAuthenticator implements MiddlewareInterface
/**
* Creates the backend user object and returns it.
*
+ * @param ServerRequestInterface $request
* @return FrontendBackendUserAuthentication|null the backend user object or null if there was no valid user found
+ * @throws \TYPO3\CMS\Core\Exception
*/
- protected function initializeBackendUser()
+ protected function initializeBackendUser(ServerRequestInterface $request)
{
// New backend user object
$backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
@@ -109,12 +112,33 @@ class BackendUserAuthenticator implements MiddlewareInterface
$backendUserObject->fetchGroupData();
}
// Unset the user initialization if any setting / restriction applies
- if (!$backendUserObject->checkBackendAccessSettingsFromInitPhp() || empty($backendUserObject->user['uid'])) {
+ if (!$this->isAuthenticated($backendUserObject, $request->getAttribute('normalizedParams'))) {
$backendUserObject = null;
}
return $backendUserObject;
}
+ /**
+ * Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
+ *
+ * @param FrontendBackendUserAuthentication $user
+ * @param NormalizedParams $normalizedParams
+ * @return bool Returns TRUE if access is OK
+ */
+ protected function isAuthenticated(FrontendBackendUserAuthentication $user, NormalizedParams $normalizedParams)
+ {
+ // Check IP
+ $ipMask = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'] ?? '');
+ if ($ipMask && !GeneralUtility::cmpIP($normalizedParams->getRemoteAddress(), $ipMask)) {
+ return false;
+ }
+ // Check SSL (https)
+ if ((bool)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !$normalizedParams->isHttps()) {
+ return false;
+ }
+ return $user->backendCheckLogin();
+ }
+
/**
* Register the backend user as aspect
*
diff --git a/typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php b/typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php
index fd22e7ac00431d079affa9a82488d843294cffbc..080dda070ae6a62dd567b7d74f7b5b0be9d4bf23 100644
--- a/typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php
+++ b/typo3/sysext/install/Configuration/ExtensionScanner/Php/MethodCallMatcher.php
@@ -3404,4 +3404,32 @@ return [
'Deprecation-86270-ExtbaseXclassViaTypoScriptSettings.rst',
],
],
+ 'TYPO3\CMS\Backend\FrontendBackendUserAuthentication->checkBackendAccessSettingsFromInitPhp' => [
+ 'numberOfMandatoryArguments' => 0,
+ 'maximumNumberOfArguments' => 0,
+ 'restFiles' => [
+ 'Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst'
+ ],
+ ],
+ 'TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extPageReadAccess' => [
+ 'numberOfMandatoryArguments' => 1,
+ 'maximumNumberOfArguments' => 1,
+ 'restFiles' => [
+ 'Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst'
+ ],
+ ],
+ 'TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extGetTreeList' => [
+ 'numberOfMandatoryArguments' => 3,
+ 'maximumNumberOfArguments' => 4,
+ 'restFiles' => [
+ 'Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst'
+ ],
+ ],
+ 'TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extGetLL' => [
+ 'numberOfMandatoryArguments' => 1,
+ 'maximumNumberOfArguments' => 1,
+ 'restFiles' => [
+ 'Deprecation-86288-FrontendBackendUserAuthenticationMethods.rst'
+ ],
+ ],
];