Fetching backend user in TYPO3 v9 not possible - typo3

I worked with older TYPO3 versions (< v9)
I am not able to fetch the logged in backend user in my frontend extension.
In earlier TYPO3 versions I was able to do that.
Now when I logged in in TYPO3 backend and ask for it now it won't work anymore.
My approach is:
$context = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\Context\Context::class);
$be_username = $context->getPropertyFromAspect('backend.user', 'username');
I am getting an empty string. I know that backend user might be not available for FE.
But I need to check on him.
Thank you for any suggestions.

If you want to find out if a Backend user is currently logged in, then the code is exactly right (you don't even need to check on the username).
$context = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\Context\Context::class);
$isLoggedIn = $context->getPropertyFromAspect('backend.user', 'isLoggedIn');
However, if you do this in your extension in a Plugin, that is cacheable ("USER" cObject, or a "non-cacheable action" in an Extbase Plugin), this information could be cached, which can lead to serious! sideffects.
In general, you should only check for a backend user in Frontend-related events, PSR-15 middlewares or hooks from TSFE, not in plugins/cObjects etc. unless you really know what you are doing.
All the best,
Benni-

Related

TYPO3: How to use an external PHP Script (in fileadmin), where i can check the cookie

I'm using TYPO3 11.3.3 for my server and i need a PHP Script, that can read and check the typo3_fe cookie. Are there any solutions? I can't use an extension and I have to keep it simple.
What exactly should the PHP script do apart from reading the cookie?
You can use a TypoScript condition to check if the cookie is present:
[request.getCookieParams()['foo'] == 1]
See the documentation for details.
The only way would be a content object USER. Check out the documentation.
Example
page = PAGE
page.10 = USER_INT
page.10 {
userFunc = Vendor\ExtensionName\ExampleTime->printTime
}
However the doc also states
The property includeLibs has been removed in TYPO3 8.0. In earlier
versions the userFunc classes were sometimes stored in fileadmin/ -
this is no longer possible out of the box and not recommended.
For the best result you should always, without exception, place your
class files in an extension, define composer class loading for this
extension and add this extension as a dependency of your project.
Then, your classes will load without issues when you refer to them by
their class name.
Cookies are being sent along with the request. With that being said, the best way to check for the cookies is Middlewares. With the middlewares you can check for the sent cookies and evaluate them with your script.
Here is the documentation about middlewares.
This might be helpful as well https://stackoverflow.com/a/63951593/7162477
Best regards

eID REST interface with authentication in Typo3

I'm providing an eID page as an REST interface. Now I want to protect this page with an API key or similar. How can this be achieved in Typo3 8.7?
Actually it looks like this can only be done by logging in via frontend (FE) or backend (BE) and check the login status in the eID controller class.
For TYPO3 v8, you should check out the EXT:restler extension instead of using eID.
eID is meant for calls where you have to do basically everything on your own.
For TYPO3 v9, the PSR-15 middleware concept allows to individually build custom REST APIs and integrations with other solutions like SlimPHP: https://github.com/b13/slimphp-bridge
You can expect a given URL-paramter, maybe even as a post param.
Put your eID-page-configuration (typoscript) in a condition requesting this paramter to be set. Otherwise genate an error-page.
If you want to handle multiple keys (maybe from a database table) you could use a userfunc for conditions.
If you want to handle a login in the call you need to initialize more from the TYPO3 frontend. then identify the paramters from the login form (some are hidden) and provide them. AFAIK POST and GEt paramaters work.

TYPO3 backend deeplink to page record

I am using version 8.7 of TYPO3 and intended to use a link that leads directly to the backend to edit a record (page). I tried anything like typo3/backend.php?edit=57 but got a error:
file not found
typo3/backend.php?edit=57 was the way to do it up until TYPO3 6.2, but the backend URL changed to typo3/index.php in TYPO3 7.6. It still works kind of, however you need a security token which is generated by the core. The URL now is typo3/index.php?route=%2Fmain&edit=57&token=.... There isn't really an easy way to generate URL with a valid token like that from outside TYPO3 though.
If you want to create a link inside a custom module to edit a record you can use \TYPO3\CMS\Backend\Utility\BackendUtility::editOnClick() or if you're using a Fluid template, the \TYPO3\CMS\Backend\ViewHelpers\Link\EditRecordViewHelper ViewHelper. More on that you can find here: https://docs.typo3.org/typo3cms/CoreApiReference/8.7/ApiOverview/Examples/EditLinks/
Using the extension pxa_siteimprove deep links are of the following form:
https://example.com/typo3/index.php?tx_siteimprove_goto=page:{page_uid}:{language_uid}
The parameter language_uid is optional. An example link to a page with uid 42 looks like this:
https://example.com/typo3/index.php?tx_siteimprove_goto=page:42
Optionally we can include a language uid (e.g. 1). Without a language uid set it defaults to 0:
https://example.com/typo3/index.php?tx_siteimprove_goto=page:42:1
If you want to create deep links for other purposes, you can look how this extension creates the deep link in Pixelant\PxaSiteimprove\Hooks\DeepLinkingHandler. In a first hook it just saves the page uid to the backend user session and in a later hook reuses this information to redirect to the desired page by setting the following global variable:
$GLOBALS['BE_USER']->uc['startModuleOnFirstLogin'] = 'web_layout->id=' . (int)$pageId . '&SET[language]=' . (int)$languageId;

How to use login sessions in Typo3 multiple subdomains?

I am using version 8 of TYPO3 and I ask your help to know if it is possible to use the login session of a domain in another subdomain, within the same installation?
For example, log in to www.example.com/login and use the session on a.example.com
Thanks.
You have to set the correct cookieDomain.
This example is for your suggested behaviour:
$GLOBALS['TYPO3_CONF_VARS']['FE']['cookieDomain'] = '.example.com';
You can set this with FE for frontend only, BE for backend only and SYS for the general behaviour (which will be overwritten by FE or BE).

TYPO3 fe_user: Log in as two different users at the same time possible?

One of our clients wants to FE log in as two different users at the same time, using one browser. I think this is only possible when using two different browser. IS there any workaround?
Background is this: We wrote a FE extension where user can login and update some of their data. One client is a kind of superuser/admin. He wants to compare and edit data of several users at once.
Authentication in TYPO3 is performed by cookie fe_typo_user and therefore it is not possible to have two users logged in at same time from same browser.
You may advise to use different browsers or virtual machines for your client.
As Viktor wrote - it's not possible. Here I should finish the answer.
Anyway... while you are creating your own plugin you can easily add 'simulate mode' using for an example custom cookies... Block schema is:
[IF isAdmin AND simulateMode == false] {
Display admin's version
} [ELSE] {
Display common user's version
}
You can go even farther and switch the admin to simulate some chosen 'common' user, anyway make sure that will not violate some privacy police.

Categories