Fix broken Upgrade Wizards within Install Tool

An _events_ user will be created and used on demand in order to allow
execution of upgrade wizards within install tool.
This commit is contained in:
Daniel Siepmann 2023-08-09 12:12:17 +02:00
parent 00946af6ad
commit 15a654cb69
Signed by: Daniel Siepmann
GPG key ID: 33D6629915560EF4
9 changed files with 363 additions and 24 deletions

View file

@ -28,8 +28,10 @@ use TYPO3\CMS\Core\Database\Query\QueryBuilder;
use TYPO3\CMS\Core\DataHandling\DataHandler; use TYPO3\CMS\Core\DataHandling\DataHandler;
use TYPO3\CMS\Core\Log\Logger; use TYPO3\CMS\Core\Log\Logger;
use TYPO3\CMS\Core\Log\LogManager; use TYPO3\CMS\Core\Log\LogManager;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Updates\DatabaseUpdatedPrerequisite; use TYPO3\CMS\Install\Updates\DatabaseUpdatedPrerequisite;
use TYPO3\CMS\Install\Updates\UpgradeWizardInterface; use TYPO3\CMS\Install\Updates\UpgradeWizardInterface;
use Wrm\Events\Updates\UserAuthentication\User;
class MigrateOldLocations implements UpgradeWizardInterface class MigrateOldLocations implements UpgradeWizardInterface
{ {
@ -159,6 +161,11 @@ class MigrateOldLocations implements UpgradeWizardInterface
} }
$recordUid = 'NEW12121'; $recordUid = 'NEW12121';
$l10nParentUid = $this->uidsForTranslation[$event['l10n_parent'] . '-0'] ?? 0; $l10nParentUid = $this->uidsForTranslation[$event['l10n_parent'] . '-0'] ?? 0;
if (($GLOBALS['BE_USER'] ?? null) === null) {
$GLOBALS['BE_USER'] = GeneralUtility::makeInstance(User::class);
$GLOBALS['BE_USER']->authenticate();
}
$dataHandler = clone $this->dataHandler; $dataHandler = clone $this->dataHandler;
if ($event['sys_language_uid'] > 0 && $l10nParentUid > 0) { if ($event['sys_language_uid'] > 0 && $l10nParentUid > 0) {

View file

@ -0,0 +1,142 @@
<?php
declare(strict_types=1);
/*
* Copyright (C) 2023 Daniel Siepmann <coding@daniel-siepmann.de>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
namespace Wrm\Events\Updates\UserAuthentication;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use TYPO3\CMS\Core\Crypto\Random;
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* An backend user used by Update Wizards.
*
* That way they can use Data Handler no matter how they are executed, e.g. cli, or install tool.
* That way edits also always have this user assigned.
*
* This was mostly copied from TYPO3 core CommandLineUserAuthentication.
*/
class User extends BackendUserAuthentication
{
/**
* @var string
*/
protected $username = '_events_';
public function __construct()
{
if (!$this->isUserAllowedToLogin()) {
throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
}
$this->dontSetCookie = true;
parent::__construct();
}
public function start(ServerRequestInterface $request = null)
{
// do nothing
}
public function checkAuthentication(ServerRequestInterface $request = null)
{
// do nothing
}
public function authenticate()
{
// check if a _events_ user exists, if not, create one
$this->setBeUserByName($this->username);
if (!$this->user['uid']) {
// create a new BE user in the database
if (!$this->checkIfEventUserExists()) {
$this->createEventUser();
} else {
throw new \RuntimeException('No backend user named "_events_" could be authenticated, maybe this user is "hidden"?', 1484050401);
}
$this->setBeUserByName($this->username);
}
if (!$this->user['uid']) {
throw new \RuntimeException('No backend user named "_events_" could be created.', 1476107195);
}
// The groups are fetched and ready for permission checking in this initialization.
$this->fetchGroupData();
$this->backendSetUC();
// activate this functionality for DataHandler
$this->uc['recursiveDelete'] = true;
}
public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
{
$this->authenticate();
}
/**
* Determines whether a CLI backend user is allowed to access TYPO3.
* Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
*/
public function isUserAllowedToLogin()
{
return in_array((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
}
protected function checkIfEventUserExists(): bool
{
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
$queryBuilder->getRestrictions()
->removeAll()
->add(GeneralUtility::makeInstance(DeletedRestriction::class));
$count = $queryBuilder
->count('*')
->from('be_users')
->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_events_')))
->execute()
->fetchColumn(0);
return (bool)$count;
}
protected function createEventUser(): void
{
$userFields = [
'username' => $this->username,
'password' => $this->generateHashedPassword(),
'admin' => 1,
'tstamp' => $GLOBALS['EXEC_TIME'],
'crdate' => $GLOBALS['EXEC_TIME'],
];
$databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
->getConnectionForTable('be_users');
$databaseConnection->insert('be_users', $userFields);
}
protected function generateHashedPassword(): string
{
$cryptoService = GeneralUtility::makeInstance(Random::class);
$password = $cryptoService->generateRandomBytes(20);
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
return $hashInstance->getHashedPassword($password);
}
}

View file

@ -0,0 +1,142 @@
<?php
declare(strict_types=1);
/*
* Copyright (C) 2023 Daniel Siepmann <coding@daniel-siepmann.de>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
namespace Wrm\Events\Updates\UserAuthentication;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use TYPO3\CMS\Core\Crypto\Random;
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Utility\VersionNumberUtility;
/**
* An backend user used by Update Wizards.
*
* That way they can use Data Handler no matter how they are executed, e.g. cli, or install tool.
* That way edits also always have this user assigned.
*
* This was mostly copied from TYPO3 core CommandLineUserAuthentication.
*/
class UserV10 extends BackendUserAuthentication
{
/**
* @var string
*/
protected $username = '_events_';
public function __construct()
{
if (!$this->isUserAllowedToLogin()) {
throw new \RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.', 1483971855);
}
$this->dontSetCookie = true;
parent::__construct();
}
public function start()
{
// do nothing
}
public function checkAuthentication()
{
// do nothing
}
public function authenticate()
{
// check if a _events_ user exists, if not, create one
$this->setBeUserByName($this->username);
if (!$this->user['uid']) {
// create a new BE user in the database
if (!$this->checkIfCliUserExists()) {
$this->createCliUser();
} else {
throw new \RuntimeException('No backend user named "_events_" could be authenticated, maybe this user is "hidden"?', 1484050401);
}
$this->setBeUserByName($this->username);
}
if (!$this->user['uid']) {
throw new \RuntimeException('No backend user named "_events_" could be created.', 1476107195);
}
// The groups are fetched and ready for permission checking in this initialization.
$this->fetchGroupData();
$this->backendSetUC();
// activate this functionality for DataHandler
$this->uc['recursiveDelete'] = true;
}
public function backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
{
$this->authenticate();
}
/**
* Determines whether a CLI backend user is allowed to access TYPO3.
* Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
*/
protected function isUserAllowedToLogin(): bool
{
return in_array((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'], [0, 2], true);
}
protected function checkIfCliUserExists(): bool
{
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
$queryBuilder->getRestrictions()
->removeAll()
->add(GeneralUtility::makeInstance(DeletedRestriction::class));
$count = $queryBuilder
->count('*')
->from('be_users')
->where($queryBuilder->expr()->eq('username', $queryBuilder->createNamedParameter('_events_')))
->execute()
->fetchColumn(0);
return (bool)$count;
}
protected function createCliUser(): void
{
$userFields = [
'username' => $this->username,
'password' => $this->generateHashedPassword(),
'admin' => 1,
'tstamp' => $GLOBALS['EXEC_TIME'],
'crdate' => $GLOBALS['EXEC_TIME'],
];
$databaseConnection = GeneralUtility::makeInstance(ConnectionPool::class)
->getConnectionForTable('be_users');
$databaseConnection->insert('be_users', $userFields);
}
protected function generateHashedPassword(): string
{
$cryptoService = GeneralUtility::makeInstance(Random::class);
$password = $cryptoService->generateRandomBytes(20);
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('BE');
return $hashInstance->getHashedPassword($password);
}
}

View file

@ -7,8 +7,11 @@ namespace Wrm\Events;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use TYPO3\CMS\Core\Utility\VersionNumberUtility;
use Wrm\Events\Service\DestinationDataImportService\Slugger\Registry; use Wrm\Events\Service\DestinationDataImportService\Slugger\Registry;
use Wrm\Events\Service\DestinationDataImportService\Slugger\SluggerType; use Wrm\Events\Service\DestinationDataImportService\Slugger\SluggerType;
use Wrm\Events\Updates\UserAuthentication\User;
use Wrm\Events\Updates\UserAuthentication\UserV10;
return static function (ContainerConfigurator $container, ContainerBuilder $containerBuilder) { return static function (ContainerConfigurator $container, ContainerBuilder $containerBuilder) {
$containerBuilder->registerForAutoconfiguration(SluggerType::class)->addTag('tx_events.slugger_type'); $containerBuilder->registerForAutoconfiguration(SluggerType::class)->addTag('tx_events.slugger_type');
@ -21,4 +24,8 @@ return static function (ContainerConfigurator $container, ContainerBuilder $cont
} }
} }
}); });
if (version_compare(VersionNumberUtility::getNumericTypo3Version(), '11.0', '<')) {
$container->services()->set(User::class, UserV10::class);
}
}; };

View file

@ -6,6 +6,7 @@ services:
Wrm\Events\: Wrm\Events\:
resource: '../Classes/*' resource: '../Classes/*'
exclude: '../Classes/Updates/UserAuthentication*'
Wrm\Events\Command\ImportDestinationDataViaConfigruationCommand: Wrm\Events\Command\ImportDestinationDataViaConfigruationCommand:
tags: tags:

View file

@ -0,0 +1,32 @@
3.4.1
=====
Breaking
--------
Nothing
Features
--------
Nothing
Fixes
-----
* Do not break Upgrade Wizards in install tool.
TYPO3 does not provide a BE_USER within install tool.
That will break the Upgrade Wizards as they use DataHandler that relies on an existing backend user.
This was not an issue on command line where _cli_ user will be created and used by TYPO3.
The extension now adds an _events_ user as admin as well when necessary.
Tasks
-----
Nothing
Deprecation
-----------
Nothing

View file

@ -3,9 +3,14 @@ TYPO3 V10
Changes that should happen once we drop TYPO3 v10. Changes that should happen once we drop TYPO3 v10.
Remove fetching cached page stage from body from tests Remove fetching cached page stage from body from tests
------------------------------------------------------ ------------------------------------------------------
We have different assertions based on TYPO3 version, due to how TYPO3 exposes the info. We have different assertions based on TYPO3 version, due to how TYPO3 exposes the info.
We can remove the condition with its content once we drop v10. We can remove the condition with its content once we drop v10.
Remove UserAuthenticationV10
----------------------------
TYPO3 has different signatures for AbstractUserAuthentication class.
There is an implementation for v10 that can be removed once we drop v10.

View file

@ -9,7 +9,7 @@ $EM_CONF['events'] = [
'state' => 'alpha', 'state' => 'alpha',
'createDirs' => '', 'createDirs' => '',
'clearCacheOnLoad' => 0, 'clearCacheOnLoad' => 0,
'version' => '3.4.0', 'version' => '3.4.1',
'constraints' => [ 'constraints' => [
'depends' => [ 'depends' => [
'typo3' => '10.4.00-11.5.99', 'typo3' => '10.4.00-11.5.99',

View file

@ -5,6 +5,9 @@ parameters:
paths: paths:
- Classes - Classes
- Configuration - Configuration
excludePaths:
analyseAndScan:
- Classes/Updates/UserAuthentication/
checkMissingIterableValueType: false checkMissingIterableValueType: false
checkGenericClassInNonGenericObjectType: false checkGenericClassInNonGenericObjectType: false
reportUnmatchedIgnoredErrors: false reportUnmatchedIgnoredErrors: false