-
-
Save AlexKvrlp/48cce2dd7d137bcb2333bf29f5b1f77e to your computer and use it in GitHub Desktop.
Fixes missing pid restrictions for TYPO3 md_saml extension. See https://github.com/cdaecke/md_saml/pull/25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| defined('TYPO3') || die(); | |
| //Extends SamlAuthService | |
| $GLOBALS['TYPO3_CONF_VARS']['T3_SERVICES']['auth'][\Mediadreams\MdSaml\Authentication\SamlAuthService::class]['className'] = \Your\Namespace\Here\Authentication\SamlAuthService::class; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Your\Namespace\Here\Authentication; | |
| use TYPO3\CMS\Core\Database\ConnectionPool; | |
| use TYPO3\CMS\Core\Database\Query\Restriction\DefaultRestrictionContainer; | |
| use TYPO3\CMS\Core\Database\Query\Restriction\PageIdListRestriction; | |
| use TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionContainerInterface; | |
| use TYPO3\CMS\Core\Utility\GeneralUtility; | |
| class SamlAuthService extends \Mediadreams\MdSaml\Authentication\SamlAuthService | |
| { | |
| /** | |
| * creates the PidRestriction for a given table and pid | |
| * @param int $pid | |
| * @param string $table | |
| * @return QueryRestrictionContainerInterface | |
| */ | |
| protected function getDatabasePidRestriction(int $pid, string $table): QueryRestrictionContainerInterface { | |
| $restrictionContainer = GeneralUtility::makeInstance(DefaultRestrictionContainer::class); | |
| $restrictionContainer->add( | |
| GeneralUtility::makeInstance( | |
| PageIdListRestriction::class, | |
| [$table], | |
| [$pid] | |
| ) | |
| ); | |
| return $restrictionContainer; | |
| } | |
| /** | |
| * Extends fetchUserRecord to respects the configured fe_user pid. | |
| * | |
| * @param $username | |
| * @param $extraWhere | |
| * @param $dbUserSetup | |
| * @return false|mixed[] | |
| */ | |
| public function fetchUserRecord($username, $extraWhere = '', $dbUserSetup = '') | |
| { | |
| $dbUser = is_array($dbUserSetup) ? $dbUserSetup : $this->db_user; | |
| $loginType = $this->pObj->loginType; | |
| $extSettings = $this->settingsService->getSettings($loginType); | |
| if ($loginType === 'FE' && isset($extSettings['fe_users']['databaseDefaults']['pid'])) { | |
| $pid = (int)$extSettings['fe_users']['databaseDefaults']['pid']; | |
| $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('fe_users'); | |
| $expressionBuilder = $queryBuilder->expr(); | |
| $dbUser['enable_clause'] = $this->getDatabasePidRestriction($pid, 'fe_users')->buildExpression( | |
| ['fe_users' => 'fe_users'], | |
| $expressionBuilder | |
| ); | |
| } | |
| return parent::fetchUserRecord($username, $extraWhere, $dbUser); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment