Skip to content

[FEATURE] Allow operations with basic HTTP authentication #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mabolek merged 4 commits into from
May 21, 2026
Merged

[FEATURE] Allow operations with basic HTTP authentication #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3968137
[FEATURE] Allow operations with basic HTTP authentication
mabolek Apr 26, 2026
be44b26
[TASK] Early returns instead of exceptions
mabolek May 21, 2026
0821f3e
[TASK] Fix non-admin permission handling
mabolek May 21, 2026
abec59e
[CLEANUP] CS fixes
mabolek May 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 15 additions & 19 deletions Classes/Authentication/HttpBackendUserAuthentication.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use FriendsOfTYPO3\Interest\RequestHandler\Exception\UnauthorizedAccessException;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Authentication\LoginType;
use TYPO3\CMS\Core\Utility\GeneralUtility;

class HttpBackendUserAuthentication extends BackendUserAuthentication
Expand Down Expand Up @@ -37,11 +38,21 @@ public function checkAuthentication(ServerRequestInterface $request): void
{
$this->authenticateBearerToken($request);

if ($this->isAuthenticated()) {
if (!$this->isAuthenticated()) {
// Check if the user is authenticated via basic HTTP authentication.
parent::checkAuthentication($request);
}

if (!$this->isAuthenticated()) {
return;
}

parent::checkAuthentication($request);
$this->unpack_uc();

$this->fetchGroupData();
$this->backendSetUC();

$this->workspaceInit();
}

/**
Expand All @@ -54,13 +65,6 @@ public function checkAuthentication(ServerRequestInterface $request): void
*/
public function getLoginFormData(ServerRequestInterface $request)
{
if (strtolower($request->getMethod()) !== 'post') {
throw new UnauthorizedAccessException(
'Authorization requires POST method.',
$request
);
}

$authorizationHeader = $this->resolveAuthorizationHeader($request);

[$scheme, $authorizationData] = GeneralUtility::trimExplode(' ', $authorizationHeader, true);
Expand All @@ -73,10 +77,7 @@ public function getLoginFormData(ServerRequestInterface $request)
}

if (strtolower($scheme) !== 'basic') {
throw new InvalidArgumentException(
'Unknown authorization scheme "' . $scheme . '".',
$request
);
return $this->processLoginData([], $request);
}

$authorizationData = base64_decode($authorizationData, true);
Expand All @@ -91,7 +92,7 @@ public function getLoginFormData(ServerRequestInterface $request)
[$username, $password] = explode(':', $authorizationData);

$loginData = [
'status' => 'login',
'status' => LoginType::LOGIN->value,
'uname' => $username,
'uident' => $password,
];
Expand Down Expand Up @@ -130,11 +131,6 @@ protected function authenticateBearerToken(ServerRequestInterface $request): voi
}

$this->setBeUserByUid($backendUserId);

$this->unpack_uc();

$this->fetchGroupData();
$this->backendSetUC();
}

/**
Expand Down
10 changes: 9 additions & 1 deletion Classes/Router/HttpRequestRouter.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use FriendsOfTYPO3\Interest\RequestHandler\CreateRequestHandler;
use FriendsOfTYPO3\Interest\RequestHandler\DeleteRequestHandler;
use FriendsOfTYPO3\Interest\RequestHandler\Exception\AbstractRequestHandlerException;
use FriendsOfTYPO3\Interest\RequestHandler\Exception\UnauthorizedAccessException;
use FriendsOfTYPO3\Interest\RequestHandler\ExceptionConverter\OperationToRequestHandlerExceptionConverter;
use FriendsOfTYPO3\Interest\RequestHandler\UpdateRequestHandler;
use FriendsOfTYPO3\Interest\Router\Event\HttpRequestRouterHandleByEvent;
Expand All @@ -33,7 +34,7 @@ class HttpRequestRouter
* Route the request to correct handler.
*
* @return ResponseInterface
* @throws \Throwable
* @throws UnauthorizedAccessException if the user can't be authenticated.
*/
public static function route(ServerRequestInterface $request): ResponseInterface
{
Expand All @@ -55,6 +56,13 @@ public static function route(ServerRequestInterface $request): ResponseInterface
self::initialize($request);

if (($entryPointParts[0] ?? null) === 'authenticate') {
if (strtolower($request->getMethod()) !== 'post') {
throw new UnauthorizedAccessException(
'Authorization endpoint requires POST method.',
$request
);
}

return GeneralUtility::makeInstance(
AuthenticateRequestHandler::class,
$entryPointParts,
Expand Down
Loading