[!!!][FEATURE] Support TYPO3 v8 & v9 by using DBAL

vertexvaar · vertexvaar · commit 0ef4f2e3e1c8 · 2019-03-27T16:02:32.000+01:00
diff --git a/Classes/SecurityService.php b/Classes/SecurityService.php
@@ -15,20 +15,22 @@
  * GNU General Public License for more details.
  */
 
-use TYPO3\CMS\Core\Database\DatabaseConnection;
+use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Database\ConnectionPool;
+use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\DataHandling\DataHandler;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
 
 /**
  * Class SecurityService
  */
 class SecurityService
 {
     /**
-     * @var DatabaseConnection
+     * @var ConnectionPool
      */
-    protected $database;
+    protected $connectionPool;
 
     /**
      * SecurityService constructor.
@@ -37,7 +39,7 @@ class SecurityService
      */
     public function __construct()
     {
-        $this->database = $GLOBALS['TYPO3_DB'];
+        $this->connectionPool = GeneralUtility::makeInstance(ConnectionPool::class);
     }
 
     /**
@@ -49,7 +51,7 @@ public function processDatamap_beforeStart(DataHandler $dataHandler)
             foreach (array_keys($dataHandler->datamap['tx_t3amserver_client']) as $uid) {
                 if (is_string($uid) && 0 === strpos($uid, 'NEW')) {
                     $dataHandler->datamap['tx_t3amserver_client'][$uid]['token'] = GeneralUtility::hmac(
-                        GeneralUtility::generateRandomBytes(256),
+                        GeneralUtility::makeInstance(Random::class)->generateRandomBytes(256),
                         'tx_t3amserver_client'
                     );
                 }
@@ -66,8 +68,17 @@ public function isValid($token)
         if (!is_string($token)) {
             return false;
         }
-        $where = 'token = ' . $this->database->fullQuoteStr($token, 'tx_t3amserver_client');
-        return (bool)$this->database->exec_SELECTcountRows('*', 'tx_t3amserver_client', $where);
+
+        $queryBuilder = $this->connectionPool->getQueryBuilderForTable('tx_t3amserver_client');
+
+        return (bool)$queryBuilder
+            ->count('*')
+            ->from('tx_t3amserver_client')
+            ->where($queryBuilder
+                ->expr()
+                ->eq('token', $queryBuilder->createNamedParameter($token)))
+            ->execute()
+            ->fetchColumn();
     }
 
     /**
@@ -85,29 +96,68 @@ public function createEncryptionKey()
         openssl_pkey_export($res, $privateKey);
         $pubKey = openssl_pkey_get_details($res);
 
-        $this->database->exec_INSERTquery('tx_t3amserver_keys', ['key_value' => base64_encode($privateKey)]);
-        return ['pubKey' => base64_encode($pubKey['key']), 'encryptionId' => $this->database->sql_insert_id()];
+        $this->getKeysQueryBuilder()
+            ->insert('tx_t3amserver_keys')
+            ->values(['key_value' => base64_encode($privateKey)])
+            ->execute();
+
+        return [
+            'pubKey' => base64_encode($pubKey['key']),
+            'encryptionId' => $this->connectionPool
+                ->getConnectionForTable('tx_t3amserver_keys')
+                ->lastInsertId()
+        ];
     }
 
     public function authUser($user, $password, $encryptionId)
     {
-        $where = 'uid = ' . (int)$encryptionId;
+        $queryBuilder = $this->getKeysQueryBuilder();
+
+        $where = $queryBuilder
+            ->expr()
+            ->eq('uid', $queryBuilder->createNamedParameter((int)$encryptionId));
 
-        $keyRow = $this->database->exec_SELECTgetSingleRow('*', 'tx_t3amserver_keys', $where);
-        if (!is_array($keyRow)) {
+        $keyRow = $queryBuilder
+            ->select('*')
+            ->from('tx_t3amserver_keys')
+            ->where($where)
+            ->execute()
+            ->fetch();
+
+        if (empty($keyRow) || !is_array($keyRow)) {
             return false;
         }
-        $this->database->exec_DELETEquery('tx_t3amserver_keys', $where);
+
+        $queryBuilder = $this->getKeysQueryBuilder();
+
+        $where = $queryBuilder
+            ->expr()
+            ->eq('uid', $queryBuilder->createNamedParameter((int)$encryptionId));
+
+        $queryBuilder
+            ->delete('tx_t3amserver_keys')
+            ->where($where)
+            ->execute();
 
         $privateKey = base64_decode($keyRow['key_value']);
         $password = base64_decode(urldecode($password));
+
         if (!@openssl_private_decrypt($password, $decryptedPassword, $privateKey)) {
             return false;
         }
 
         $userRow = GeneralUtility::makeInstance(UserRepository::class)->getUser($user);
 
-        $saltingInstance = SaltFactory::getSaltingInstance($userRow['password']);
-        return $saltingInstance->checkPassword($decryptedPassword, $userRow['password']);
+        return GeneralUtility::makeInstance(PasswordHashFactory::class)
+            ->get($userRow['password'], 'BE')
+            ->checkPassword($decryptedPassword, $userRow['password']);
+    }
+
+    /**
+     * @return QueryBuilder
+     */
+    private function getKeysQueryBuilder()
+    {
+        return $this->connectionPool->getQueryBuilderForTable('tx_t3amserver_keys');
     }
 }
diff --git a/Classes/UserRepository.php b/Classes/UserRepository.php
@@ -15,21 +15,23 @@
  * GNU General Public License for more details.
  */
 
-use TYPO3\CMS\Backend\Utility\BackendUtility;
-use TYPO3\CMS\Core\Database\DatabaseConnection;
+use TYPO3\CMS\Core\Database\ConnectionPool;
+use TYPO3\CMS\Core\Database\Query\QueryBuilder;
+use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
 use TYPO3\CMS\Core\Resource\File;
 use TYPO3\CMS\Core\Resource\ResourceFactory;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * Class UserRepository
  */
 class UserRepository
 {
     /**
-     * @var DatabaseConnection
+     * @var ConnectionPool
      */
-    protected $connection = null;
+    protected $connectionPool;
 
     /**
      * @var array
@@ -59,7 +61,7 @@ class UserRepository
      */
     public function __construct()
     {
-        $this->connection = $GLOBALS['TYPO3_DB'];
+        $this->connectionPool = GeneralUtility::makeInstance(ConnectionPool::class);
     }
 
     /**
@@ -69,16 +71,40 @@ public function __construct()
      */
     public function getUserState($user)
     {
-        $where = 'username = ' . $this->connection->fullQuoteStr($user, 'be_users');
-        $whereActive = $where . BackendUtility::deleteClause('be_users') . BackendUtility::BEenableFields('be_users');
+        $queryBuilder = $this->getBeUserQueryBuilder();
 
-        if ($this->connection->exec_SELECTcountRows('*', 'be_users', $whereActive)) {
+        $count = $queryBuilder
+            ->count('*')
+            ->from('be_users')
+            ->where($this->getWhereForUserName($queryBuilder, $user))
+            ->execute()
+            ->fetchColumn();
+
+        /** @var DeletedRestriction $restriction */
+        $restriction = GeneralUtility::makeInstance(DeletedRestriction::class);
+
+        $queryBuilder = $this->getBeUserQueryBuilder();
+
+        $queryBuilder
+            ->getRestrictions()
+            ->removeAll()
+            ->add($restriction);
+
+        $countActive = $queryBuilder
+            ->count('*')
+            ->from('be_users')
+            ->where($this->getWhereForUserName($queryBuilder, $user))
+            ->execute()
+            ->fetchColumn();
+
+        if ($countActive) {
             return 'okay';
         }
 
-        if ($this->connection->exec_SELECTcountRows('*', 'be_users', $where)) {
+        if ($count) {
             return 'deleted';
         }
+
         return 'unknown';
     }
 
@@ -89,8 +115,30 @@ public function getUserState($user)
      */
     public function getUser($user)
     {
-        $where = 'username = ' . $this->connection->fullQuoteStr($user, 'be_users');
-        return $this->connection->exec_SELECTgetSingleRow(implode(',', $this->fields), 'be_users', $where);
+        $queryBuilder = $this->getBeUserQueryBuilder();
+
+        return $queryBuilder
+            ->select(...$this->fields)
+            ->from('be_users')
+            ->where($this->getWhereForUserName($queryBuilder, $user))
+            ->execute()
+            ->fetch();
+    }
+
+    /**
+     * @param $queryBuilder QueryBuilder
+     * @param $userName
+     * @return String
+     */
+    protected function getWhereForUserName($queryBuilder, $userName)
+    {
+        $queryBuilder
+            ->getRestrictions()
+            ->removeAll();
+
+        return $queryBuilder
+            ->expr()
+            ->eq('username', $queryBuilder->createNamedParameter($userName));
     }
 
     /**
@@ -100,19 +148,45 @@ public function getUser($user)
      */
     public function getUserImage($user)
     {
-        $sql = '
-        SELECT sys_file.* FROM sys_file
-        RIGHT JOIN sys_file_reference ON sys_file.uid = sys_file_reference.uid_local
-        RIGHT JOIN be_users ON sys_file_reference.uid_foreign = be_users.uid 
-            WHERE be_users.username = ' . $this->connection->fullQuoteStr($user, 'be_users') . '
-            AND sys_file_reference.deleted = 0
-            AND sys_file_reference.tablenames = "be_users"
-            AND sys_file_reference.fieldname = "avatar"';
-
-        $file = $this->connection->admin_query($sql)->fetch_assoc();
+        /** @var QueryBuilder $queryBuilder */
+        $queryBuilder = $this->connectionPool->getQueryBuilderForTable('sys_file');
+
+        $file = $queryBuilder
+            ->select('sys_file.*')
+            ->from('sys_file')
+            ->rightJoin(
+                'sys_file',
+                'sys_file_reference',
+                'sys_file_reference',
+                $queryBuilder
+                    ->expr()
+                    ->eq('sys_file_reference.uid_local', $queryBuilder->quoteIdentifier('sys_file.uid')))
+            ->rightJoin(
+                'sys_file',
+                'be_users',
+                'be_users',
+                $queryBuilder
+                    ->expr()
+                    ->eq('be_users.uid', $queryBuilder->quoteIdentifier('sys_file_reference.uid_foreign')))
+            ->where(
+                $queryBuilder
+                    ->expr()
+                    ->eq('be_users.username', $queryBuilder->createNamedParameter($user)))
+            ->andWhere(
+                $queryBuilder
+                    ->expr()
+                    ->eq('sys_file_reference.tablenames', $queryBuilder->createNamedParameter('be_users')))
+            ->andWhere(
+                $queryBuilder
+                    ->expr()
+                    ->eq('sys_file_reference.fieldname', $queryBuilder->createNamedParameter('avatar')))
+            ->execute()
+            ->fetch();
+
         if (!empty($file['uid'])) {
             try {
                 $resource = ResourceFactory::getInstance()->getFileObject($file['uid'], $file);
+
                 if ($resource instanceof File && $resource->exists()) {
                     return [
                         'identifier' => $resource->getName(),
@@ -122,6 +196,14 @@ public function getUserImage($user)
             } catch (FileDoesNotExistException $e) {
             }
         }
+
         return null;
     }
+
+    /**
+     * @return QueryBuilder
+     */
+    private function getBeUserQueryBuilder() {
+        return $this->connectionPool->getQueryBuilderForTable('be_users');
+    }
 }
diff --git a/composer.json b/composer.json
@@ -11,9 +11,9 @@
     ],
     "minimum-stability": "stable",
     "require": {
-        "php": "^5.5 || ^7.0",
+        "php": "^5.6 || ^7.0",
         "ext-openssl": "*",
-        "typo3/cms-core": "^7.6 || ^8.7"
+        "typo3/cms-core": "^8.7 || ^9.5"
     },
     "autoload": {
         "psr-4": {
