[!!!][TASK] Added TYPO3 12 compatibility

Signed-off-by: Torben Hansen <derhansen@gmail.com>

Author: derhansen

.github/workflows/CodeQuality.yml

@@ -10,9 +10,8 @@ jobs:
     strategy:
       matrix:
         env:
-          - { php: 7.4, coverage: 1}
-          - { php: 8.0, coverage: 0}
           - { php: 8.1, coverage: 0}
+          - { php: 8.2, coverage: 0}
 
     env: ${{ matrix.env }}
 
@@ -29,7 +28,7 @@ jobs:
         run: composer validate
 
       - name: Cache dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@v3
         with:
           path: ~/.composer/cache
           key: dependencies-composer-${{ hashFiles('composer.json') }}
@@ -40,12 +39,12 @@ jobs:
 
       - name: PHP lint
         run: |
-          .Build/bin/phplint 
+          .Build/bin/phplint
 
       - name: Validate PHP coding guidelines
         run: |
           .Build/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php -v --dry-run --stop-on-violation --using-cache=no
 
       - name: Run phpstan checks
         run: |
-          .Build/bin/phpstan
+          .Build/bin/phpstan

.github/workflows/ci.yml

@@ -10,9 +10,8 @@ jobs:
     strategy:
       matrix:
         env:
-          - { php: 7.4, coverage: 1}
-          - { php: 8.0, coverage: 0}
           - { php: 8.1, coverage: 0}
+          - { php: 8.2, coverage: 0}
 
     env: ${{ matrix.env }}
 
@@ -25,11 +24,6 @@ jobs:
           php-version: ${{ matrix.env.php }}
           tools: composer:v2
 
-      - name: Update Composer
-        run: |
-          sudo composer self-update
-          composer --version
-
       - name: Validate composer.json and composer.lock
         run: composer validate
 
@@ -39,4 +33,4 @@ jobs:
 
       - name: Unit Tests
         run: |
-          .Build/bin/phpunit
+          .Build/bin/phpunit

Classes/Authentication/YubikeyAuthService.php

@@ -35,9 +35,6 @@ public function __construct(YubikeyService $yubikeyService)
      *  - 0 - authentication failure
      *  - 100 - just go on. User is not authenticated but there is still no reason to stop
      *  - 200 - the service was able to authenticate the user
-     *
-     * @param array $user Array containing the userdata
-     * @return int authentication statuscode, one of 0, 100 and 200
      */
     public function authUser(array $user): int
     {
@@ -61,7 +58,7 @@ public function authUser(array $user): int
             );
 
             // Get Yubikey OTP
-            $yubikeyOtp = GeneralUtility::_GP('t3-yubikey');
+            $yubikeyOtp = (string)($_POST['t3-yubikey'] ?? $_GET['t3-yubikey'] ?? '');
             $this->logger->debug('Yubikey: ' . $yubikeyOtp);
             $tempYubiKeyIds = GeneralUtility::trimExplode(
                 chr(10),
@@ -73,7 +70,7 @@ public function authUser(array $user): int
                 $yubiKeyIds[] = substr($tempYubiKeyId, 0, 12);
             }
             // Check, if Yubikey-ID does match with users Yubikey-ID
-            if (in_array(substr($yubikeyOtp, 0, 12), $yubiKeyIds)) {
+            if (in_array(substr($yubikeyOtp, 0, 12), $yubiKeyIds, true)) {
                 $clientId = $this->extConf['yubikeyClientId'] ?? 'none';
                 $this->logger->debug('Yubikey config - ClientId: ' . $clientId);
 
@@ -135,7 +132,7 @@ private function isYubikeyCheckEnabled(): bool
             $yubikeyCheckEnabled = true;
         } elseif (isset($this->extConf['yubikeyEnableFE']) &&
             (bool)$this->extConf['yubikeyEnableFE'] &&
-            $this->pObj->loginType == 'FE'
+            $this->pObj->loginType === 'FE'
         ) {
             $yubikeyCheckEnabled = true;
         }

Classes/Command/CheckYubiKeyOtpCommand.php

@@ -11,7 +11,6 @@
 
 use Derhansen\SfYubikey\Service\YubikeyService;
 use Symfony\Component\Console\Command\Command;
-use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
@@ -29,38 +28,21 @@ public function __construct(YubikeyService $yubikeyService)
         parent::__construct();
     }
 
-    /**
-     * Configuring the command options
-     */
-    public function configure()
-    {
-        $this
-            ->setDescription('Checks the given OTP against the configured YubiKey endpoints')
-            ->addArgument(
-                'otp',
-                InputArgument::REQUIRED,
-                'The YubiKey OTP'
-            );
-    }
-
     /**
      * Execute the command
-     *
-     * @param InputInterface $input
-     * @param OutputInterface $output
-     * @return int|void|null
      */
-    protected function execute(InputInterface $input, OutputInterface $output)
+    protected function execute(InputInterface $input, OutputInterface $output): int
     {
         $io = new SymfonyStyle($input, $output);
         $io->title($this->getDescription());
 
         $otp = $input->getArgument('otp');
         if ($this->yubikeyService->verifyOtp($otp) === true) {
             $io->success('OK: ' . $otp . ' has been successfully validated.');
-            return 0;
+            return self::SUCCESS;
         }
+
         $io->error($otp . '  could not be validated. Reasons: ' . implode(' / ', $this->yubikeyService->getErrors()));
-        return 1;
+        return self::FAILURE;
     }
 }

Classes/Hooks/UserSettings.php

@@ -9,29 +9,27 @@
  * LICENSE.txt file that was distributed with this source code.
  */
 
+use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+
 /**
  * User Settings class
  */
 class UserSettings
 {
     /**
      * Returns a textarea with the YubiKey IDs
-     *
-     * @return string
      */
     public function userYubikeyId(): string
     {
         return '<textarea id="field_tx_sfyubikey_yubikey_id" name="data[be_users][tx_sfyubikey_yubikey_id]"
             rows="5"  class="form-control t3js-formengine-textarea formengine-textarea">' .
-            htmlspecialchars($GLOBALS['BE_USER']->user['tx_sfyubikey_yubikey_id'] ?? '') . '</textarea>';
+            htmlspecialchars($this->getBackendUser()->user['tx_sfyubikey_yubikey_id'] ?? '') . '</textarea>';
     }
 
     /**
      * Returns the current BE user.
-     *
-     * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
      */
-    protected function getBackendUser()
+    protected function getBackendUser(): BackendUserAuthentication
     {
         return $GLOBALS['BE_USER'];
     }

Classes/LoginProvider/YubikeyLoginProvider.php

@@ -22,12 +22,8 @@ class YubikeyLoginProvider extends UsernamePasswordLoginProvider
 {
     /**
      * Renders the login fields
-     *
-     * @param StandaloneView $view
-     * @param PageRenderer $pageRenderer
-     * @param LoginController $loginController
      */
-    public function render(StandaloneView $view, PageRenderer $pageRenderer, LoginController $loginController)
+    public function render(StandaloneView $view, PageRenderer $pageRenderer, LoginController $loginController): void
     {
         parent::render($view, $pageRenderer, $loginController);
         $view->setTemplatePathAndFilename(

Classes/Service/YubikeyService.php

@@ -16,10 +16,11 @@
 use Psr\Http\Client\NetworkExceptionInterface;
 use Psr\Http\Message\RequestFactoryInterface;
 use TYPO3\CMS\Core\Configuration\ExtensionConfiguration;
+use TYPO3\CMS\Core\Crypto\Random;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
- * Provides YubiKey authentication using the yubico YubiCloud
+ * Provides YubiKey authentication using the Yubico YubiCloud
  */
 class YubikeyService
 {
@@ -49,10 +50,6 @@ public function __construct(
 
     /**
      * Verify HMAC-SHA1 signature on result received from Yubico server
-     *
-     * @param string $response
-     * @param string $yubicoClientKey
-     * @return bool
      */
     public function verifyHmac(string $response, string $yubicoClientKey): bool
     {
@@ -92,15 +89,12 @@ public function verifyHmac(string $response, string $yubicoClientKey): bool
 
     /**
      * Call the Auth API at Yubico server
-     *
-     * @param string $otp
-     * @return bool
      */
     public function verifyOtp(string $otp): bool
     {
         $requestParams['id'] = $this->yubikeyClientId;
         $requestParams['otp'] = trim($otp);
-        $requestParams['nonce'] = md5(uniqid((string)rand()));
+        $requestParams['nonce'] = md5((new Random())->generateRandomHexString(32));
         ksort($requestParams);
         $parameters = '';
         foreach ($requestParams as $p => $v) {

Configuration/Services.yaml

@@ -13,5 +13,6 @@ services:
   Derhansen\SfYubikey\Command\CheckYubiKeyOtpCommand:
     tags:
       - name: 'console.command'
+        description: 'Checks the given OTP against the configured YubiKey endpoints'
         command: 'sf_yubikey:checkyubikeyotp'
-        schedulable: false
+        schedulable: false

Configuration/TCA/Overrides/be_users.php

@@ -2,6 +2,8 @@
 
 defined('TYPO3') or die();
 
+use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
+
 // Prepare new columns for be_users table
 $tempColumns = [
     'tx_sfyubikey_yubikey_enable' => [
@@ -28,11 +30,11 @@
     ],
 ];
 
-\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns(
+ExtensionManagementUtility::addTCAcolumns(
     'be_users',
     $tempColumns
 );
-\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes(
+ExtensionManagementUtility::addToAllTCAtypes(
     'be_users',
     '--div--;YubiKey,tx_sfyubikey_yubikey_enable, tx_sfyubikey_yubikey_id'
 );

Configuration/TCA/Overrides/fe_users.php

@@ -2,6 +2,8 @@
 
 defined('TYPO3') or die();
 
+use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
+
 // Prepare new columns for fe_users table
 $tempColumns = [
     'tx_sfyubikey_yubikey_enable' => [
@@ -28,11 +30,11 @@
     ],
 ];
 
-\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns(
+ExtensionManagementUtility::addTCAcolumns(
     'fe_users',
     $tempColumns
 );
-\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes(
+ExtensionManagementUtility::addToAllTCAtypes(
     'fe_users',
     '--div--;YubiKey,tx_sfyubikey_yubikey_enable, tx_sfyubikey_yubikey_id'
 );