|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* TYPO3 Auth backend |
|
4
|
|
|
* |
|
5
|
|
|
* @author Tim Lochmüller |
|
6
|
|
|
*/ |
|
7
|
|
|
|
|
8
|
|
|
namespace HDNET\Calendarize\Service\CalDav; |
|
9
|
|
|
|
|
10
|
|
|
use HDNET\Calendarize\Domain\Repository\CalDavRepository; |
|
11
|
|
|
use HDNET\Calendarize\Service\CalDav; |
|
12
|
|
|
use HDNET\Calendarize\Utility\HelperUtility; |
|
13
|
|
|
use Sabre\DAV\Auth\Backend\AbstractBasic; |
|
14
|
|
|
use Sabre\DAV\Exception; |
|
15
|
|
|
use TYPO3\CMS\Backend\Utility\BackendUtility; |
|
16
|
|
|
use TYPO3\CMS\Core\Utility\GeneralUtility; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* TYPO3 Auth backend |
|
20
|
|
|
*/ |
|
21
|
|
|
class AuthBackendTypo3 extends AbstractBasic |
|
22
|
|
|
{ |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* PDO table name we'll be using |
|
26
|
|
|
* |
|
27
|
|
|
* @var string |
|
28
|
|
|
*/ |
|
29
|
|
|
public $tableName = 'fe_users'; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* Validates a username and password |
|
33
|
|
|
* |
|
34
|
|
|
* If the username and password were correct, this method must return |
|
35
|
|
|
* an array with at least a 'uri' key. |
|
36
|
|
|
* |
|
37
|
|
|
* If the credentials are incorrect, this method must return false. |
|
38
|
|
|
* |
|
39
|
|
|
* @param string $username |
|
40
|
|
|
* @param string $password |
|
41
|
|
|
* |
|
42
|
|
|
* @return array|bool |
|
43
|
|
|
*/ |
|
44
|
|
|
protected function validateUserPass($username, $password) |
|
45
|
|
|
{ |
|
46
|
|
|
$configuration = $this->findMatchingCalDavConfiguration($username); |
|
47
|
|
|
if ($configuration === false) { |
|
48
|
|
|
return false; |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
$_GET['logintype'] = 'login'; |
|
52
|
|
|
$_GET['user'] = $username; |
|
53
|
|
|
$_GET['pass'] = $password; |
|
54
|
|
|
$_GET['challenge'] = ''; |
|
55
|
|
|
$_GET['pid'] = $configuration['user_storage']; |
|
56
|
|
|
$GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] = 'normal'; |
|
57
|
|
|
|
|
58
|
|
|
/** @var CalDav $calDav */ |
|
59
|
|
|
$calDav = GeneralUtility::makeInstance(CalDav::class); |
|
60
|
|
|
$calDav->buildFrontend(); |
|
61
|
|
|
|
|
62
|
|
|
$feUserObj = $GLOBALS['TSFE']->fe_user; |
|
63
|
|
|
|
|
64
|
|
|
if (is_array($feUserObj->user) && $feUserObj->user['uid'] && $feUserObj->user['is_online']) { |
|
65
|
|
|
$user = [ |
|
66
|
|
|
'uri' => 'principals/' . $username, |
|
67
|
|
|
'digestHash' => md5($username . ':' . 'SabreDAV' . ':' . $username), |
|
68
|
|
|
'calendar_id' => $configuration['uid'] |
|
69
|
|
|
]; |
|
70
|
|
|
|
|
71
|
|
|
if ($feUserObj->user['email']) { |
|
72
|
|
|
$user['{http://sabredav.org/ns}email-address'] = $feUserObj->user['email']; |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
return $user; |
|
76
|
|
|
} else { |
|
77
|
|
|
return false; |
|
78
|
|
|
} |
|
79
|
|
|
} |
|
80
|
|
|
|
|
81
|
|
|
/** |
|
82
|
|
|
* Find matching against CalDav configuration |
|
83
|
|
|
* |
|
84
|
|
|
* @param string $username |
|
85
|
|
|
* |
|
86
|
|
|
* @return bool|\HDNET\Calendarize\Domain\Model\CalDav |
|
87
|
|
|
*/ |
|
88
|
|
|
protected function findMatchingCalDavConfiguration($username) |
|
89
|
|
|
{ |
|
90
|
|
|
$userRecord = $this->getUserRow($username); |
|
91
|
|
|
if (!isset($userRecord['pid'])) { |
|
92
|
|
|
return false; |
|
93
|
|
|
} |
|
94
|
|
|
/** @var CalDavRepository $repository */ |
|
95
|
|
|
$repository = HelperUtility::create(CalDavRepository::class); |
|
96
|
|
|
return $repository->findByUserStorage($userRecord['pid']); |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
/** |
|
100
|
|
|
* Returns a users' information |
|
101
|
|
|
* |
|
102
|
|
|
* @param string $realm |
|
103
|
|
|
* @param string $username |
|
104
|
|
|
* |
|
105
|
|
|
* @return string |
|
106
|
|
|
*/ |
|
107
|
|
|
public function getUserInfo($realm, $username) |
|
108
|
|
|
{ |
|
109
|
|
|
$configuration = $this->findMatchingCalDavConfiguration($username); |
|
110
|
|
|
if ($configuration === false) { |
|
111
|
|
|
return false; |
|
112
|
|
|
} |
|
113
|
|
|
$userRow = $this->getUserRow($username); |
|
114
|
|
|
if (!isset($userRecord['pid'])) { |
|
|
|
|
|
|
115
|
|
|
return false; |
|
116
|
|
|
} |
|
117
|
|
|
$user = [ |
|
118
|
|
|
'uri' => 'principals/' . $userRow['username'], |
|
119
|
|
|
'digestHash' => md5($userRow['username'] . ':' . 'SabreDAV' . ':' . $userRow['password']), |
|
120
|
|
|
'calendar_id' => $configuration['uid'] |
|
121
|
|
|
]; |
|
122
|
|
|
$this->username = $username; |
|
123
|
|
|
if ($userRow['email']) { |
|
124
|
|
|
$user['{http://sabredav.org/ns}email-address'] = $userRow['email']; |
|
125
|
|
|
} |
|
126
|
|
|
return $user; |
|
127
|
|
|
} |
|
128
|
|
|
|
|
129
|
|
|
/** |
|
130
|
|
|
* Get the user record |
|
131
|
|
|
* |
|
132
|
|
|
* @param string $userName |
|
133
|
|
|
* |
|
134
|
|
|
* @return array|FALSE|NULL |
|
135
|
|
|
*/ |
|
136
|
|
|
protected function getUserRow($userName) |
|
137
|
|
|
{ |
|
138
|
|
|
$dbConnection = HelperUtility::getDatabaseConnection(); |
|
139
|
|
|
$where = 'username = ' . $dbConnection->fullQuoteStr( |
|
140
|
|
|
$userName, |
|
141
|
|
|
'fe_users' |
|
142
|
|
|
) . BackendUtility::deleteClause($this->tableName) . BackendUtility::BEenableFields($this->tableName); |
|
143
|
|
|
return $dbConnection->exec_SELECTgetSingleRow('*', 'fe_users', $where); |
|
144
|
|
|
} |
|
145
|
|
|
} |
|
146
|
|
|
|
lochmueller /
calendarize
This check looks for calls to
isset(...)orempty()on variables that are yet undefined. These calls will always produce the same result and can be removed.This is most likely caused by the renaming of a variable or the removal of a function/method parameter.