AuthenticationController.php 3.8 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php

namespace SGalinski\SgRest\Controller\Rest\Authentication;

/***************************************************************
 *  Copyright notice
 *
 *  (c) 2020 Fabio Stegmeyer <fabio.stegmeyer@sgalinski.de>
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
 *
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/

Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
28
29
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
30
use SGalinski\SgRest\Controller\AbstractRestController;
31
32
33
34
use SGalinski\SgRest\Service\BearerTokenService;
use TYPO3\CMS\Core\Configuration\ExtensionConfiguration;
use TYPO3\CMS\Core\Log\LogLevel;
use TYPO3\CMS\Core\Utility\GeneralUtility;
35
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
36
37
38
39

/**
 * Class AuthenticationController
 */
Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
40
41
42
class AuthenticationController extends AbstractRestController implements LoggerAwareInterface {

	use LoggerAwareTrait;
43

44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
	/**
	 * @var  BearerTokenService
	 */
	protected $bearerTokenService;

	/**
	 * @param BearerTokenService $bearerTokenService
	 */
	public function injectBearerTokenService(BearerTokenService $bearerTokenService): void {
		$this->bearerTokenService = $bearerTokenService;
	}

	/**
	 * Checks if there is a logged in frontend user and gives out a token
	 */
59
	public function postGetbearertokenAction(): void {
60

61
62
63
64
65
		$loggedInUser = $GLOBALS['TSFE']->fe_user->user;

		if ($loggedInUser !== NULL) {
			$accessGroups = $loggedInUser['tx_sgrest_access_groups'];

66
			// if the user doesn't have permission for any access group, no need for him to get a token
67
			if ($accessGroups !== '') {
68

69
70
71
72
73
74
75
76
77
78
79
80
81
				$extConf = GeneralUtility::makeInstance(ExtensionConfiguration::class)->get('sg_rest');

				$expirationTime = $extConf['tokenExpirationTime'];
				$expires = time() + $expirationTime;
				$userId = $loggedInUser['uid'];

				$payload = [
					'user' => $userId,
					'exp' => $expires,
				];

				$token = $this->bearerTokenService->encode($payload, 'HS256');

Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
82
83
84
				if ($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['sg_rest']['enableLogging'] === 1) {
					$this->logger->log(
						LogLevel::INFO,
85
						'User "' . $loggedInUser['username'] . '" [' . $loggedInUser['uid'] . '] successfully authenticated for a bearer token',
Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
86
87
88
						[]
					);
				}
89

90
91
92
93
94
95
				// Clear the session of the logged in user again
				if($GLOBALS['TSFE']->fe_user instanceof FrontendUserAuthentication){
					$GLOBALS['TSFE']->fe_user->removeSessionData();
					$GLOBALS['TSFE']->fe_user = NULL;
				}

96
97
98
99
100
				$this->returnData(['bearerToken' => $token]);

				return;
			}

Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
101
102
103
			if ($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['sg_rest']['enableLogging'] === 1) {
				$this->logger->log(
					LogLevel::ERROR,
104
					'User "' . $loggedInUser['username'] . '" [' . $loggedInUser['uid'] . '] isn\'t allowed to access the API.',
Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
105
106
107
					['user' => $loggedInUser]
				);
			}
108

109
110
111
112
113
114
		} else if ($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['sg_rest']['enableLogging'] === 1) {
			$this->logger->log(
				LogLevel::ERROR,
				'No authenticated user found while trying to retrieve a bearer token.',
				[]
			);
115
116
117
		}

		throw new \Exception(
Fabio Stegmeyer's avatar
Fabio Stegmeyer committed
118
			'Something went wrong in the authentication process. Please check the logs or contact your website provider for more information.',
119
120
121
122
123
			403
		);
	}

}