in2code-de / t3am Goto Github PK

View Code? Open in Web Editor NEW

8.0 5.0 3.0 225 KB

TYPO3 Authentication Manager: T3AM is a tiny extension which adds another TYPO3 as a source of backend user accounts.

Home Page: https://www.in2code.de/agentur/typo3-extensions/t3am/

PHP 100.00%

typo3 typo3-extension

t3am's Introduction

T3AM - TYPO3 Authentication Manager

(Pron.: /tiːm/)

What does it do?

T3AM is a tiny extension which adds another TYPO3 as a source of backend user accounts. This means you can log into any configured TYPO3 with T3AM using your account and password. T3AM is intended for teams and agencies where many people work on many projects and need a backend account on any of these systems. If installed and configured you will no longer need to create accounts for your colleagues.

t3am_server is deprecated replaced with t3am 4.0 and later.

Installation & Configuration

You need one TYPO3 to be configured as a server and one as a client.

Server installation

Install T3AM in the TYPO3 instance you want to use as your authentication management system. (e.g. auth.acme.inc) a) Composer: composer require in2code/t3am:^4.0 b) TER download: extensions.typo3.org c) github dowload https://github.com/in2code-de/t3am
Activate T3AM in the Extension Manager.
Activate isServer in the T3AM extension settings

Your instance can now be used as T3AM server. For each client that should be able to connect to your server you need to create an access token.

Create a new T3AM Client record on the root page (ID 0)
Enter a name and description for the client instance (e.g. www.example.com)
Click on save. You can now copy the generated token from the token field and configure your client with it.

Client installation

Install T3AM in the TYPO3 instance you want to T3AM-enable. (e.g. www.example.com) a) Composer: composer require in2code/t3am:^4.0 b) TER download: extensions.typo3.org c) github dowload https://github.com/in2code-de/t3am
Activate T3AM in the Extension Manager.
Configure the T3AM extension settings: 1.1. Leave isServer unchecked 1.2. Enter the full T3AM server url with scheme in server (e.g. https://auth.acme.inc) 1.3. Get the generated token for this client from your T3AM server instance and paste it into token 1.4. If you want to synchronize avatars you can define a location where they should be saved on the local file system in avatarFolder 1.5. Leave selfSigned unchecked. This is a development option. Check only if you know what you are doing.

T3am Version 4.0 (Server) supports all

User synchronizing

Backend Users are synchronized by their username. This means that any user that logs in to the backend will be primarily fetched from the T3AM Server instance. If the user does not exist TYPO3 will fall back to its own authentication mechanism (you can still log in with any other account that exists in the system).

If the account got deleted in T3AM Server it will be removed from the client upon login attempt.

To enable avatar synchronization you have to configure T3AM.

Got to the extension manager
Click on T3AM
Enter a valid "combined folder identifier", which is the UID of the FAL Storage (in most cases "1" for fileadmin) followed by a colon ":" and the path to the folder where the image should be stored (e.g. "/avatars/"). The full configuration value should look like this: "1:/avatars/".
Log out and in again and your backend user avatar should be synchronized.

Additional Information

When a user is deleted on the client, there will be created a new user the next time the user logs in with a valid result from the server. If you want to remove the user completely you have to remove the user first from server and then from all clients. The recommendation is to deactivate the user on the server.

Compatibility

Version 4.0 supports TYPO3 11 as Server version.

T3AM Clients are available for:

TYPO3 7 and 8: Version 1.0
TYPO3 9: Version 2.0
TYPO3 10: Version 3.0
TYPO3 11: Version 4.0

Changelog

v4.0.2

Specify PHP constraints

v4.0.1

Provide support for older versions of t3am, if version 4 is used as server

v4.0.0

TYPO3 v11 support
Feature: t3am_server is obsolte - t3am can be server and client now

V3.0.2

Support for T3am Server 4.ß

V3.0.0

Support TYPO3 V10

v2.0.2

Support TYPO3 V8 & 9
Various Bugfixes

v2.0

Support for TYPO3 9.0

v1.2

show message, if t3am is active on login error

v1.1

Synchronize only relevant fields
Synchronize the user's avatar

v1.0:

Synchronize the full user record

Credits

Resources/Public/Icons/Extension.svg:
Icons made by Freepik from www.flaticon.com is licensed by CC 3.0 BY
Resources/Public/Icons/tx_t3am_client.svg: Icons made by Smashicons from www.flaticon.com is licensed by CC 3.0 BY

t3am's People

Contributors

Stargazers

Watchers

Forkers

devmes scheibome

t3am's Issues

New user cannot logged in on client system

If a new user is created on the t3am server, it cannot make a login on the client system.

The reason for this is an incorrect comparison in the file "Classes\UserRepository.php" on line 293.
(The QueryBuilder always returns the counter as a string)

Add rat documentation

As a user i want to read the documentation rendered via rest at docs.typo3.org.

Admin field not syncronized

Short description

The admin field is completely ignored by clients and while logins work all the user have access to is the logout button.
Not sure why this issue hasn't cropped up before I suspect it may be down to mysql version or driver.

Setup:

Server:

TYPO3 Version		12.4.10
Webserver		Apache
PHP Version		8.2.15
Database (Default)	MySQL 8.0.35-27 / pdo_mysql
Application Context	Production
Operating System	Linux 5.14.0-362.13.1.el9_3.x86_64
T3AM			5.0.0 (default.isServer=1)

Client:

TYPO3 Version		12.4.10
Webserver		Apache
PHP Version		8.2.15
Database (Default)	MySQL 8.0.35-27 / pdo_mysql
Application Context	Production
Operating System	Linux 5.14.0-362.13.1.el9_3.x86_64
Bootstrap Package	14.0.7
T3AM			5.0.0

Problem location

In the function:
typo3conf/ext/t3am/Classes/Domain/Factory/UserFactory.php :: toDatabaseConformArray

The database columns are compared to the JSON keys of the user object.

This works for every field except admin due to it's array key being stored escaped:

var_dump($columns):

array(31) {
 ....
["avatar"]=>
  object(Doctrine\DBAL\Schema\Column)#1356 (16) {
  ....
 }
["password"]=>
  object(Doctrine\DBAL\Schema\Column)#1355 (16) {
...
 }
  ["`admin`"]=>
  object(Doctrine\DBAL\Schema\Column)#1367 (16) {
    ["_name":protected]=>
    string(5) "admin"
    ["_namespace":protected]=>
    NULL
    ["_quoted":protected]=>
    bool(false)
    ["_type":protected]=>
    object(Doctrine\DBAL\Types\SmallIntType)#1282 (0) {
    }
    ["_length":protected]=>
    NULL
    ["_precision":protected]=>
    int(10)
    ["_scale":protected]=>
    int(0)
    ["_unsigned":protected]=>
    bool(true)
    ["_fixed":protected]=>
    bool(false)
    ["_notnull":protected]=>
    bool(true)
    ["_default":protected]=>
    string(1) "0"
    ["_autoincrement":protected]=>
    bool(false)
    ["_platformOptions":protected]=>
    array(0) {
    }
    ["_columnDefinition":protected]=>
    NULL
    ["_comment":protected]=>
    NULL
    ["_customSchemaOptions":protected]=>
    array(0) {
    }
  }
  ["usergroup"]=>
  object(Doctrine\DBAL\Schema\Column)#1363 (16) {
    ....
  }

( the "..." above is just me cropping out irelevant info. )

The problem is that the json object contains the key "admin" where as $columns only contains "`admin`" ( mysql escape )

The quick & dirty solutions would be to loop over the $columns array like so:

        foreach ( $columns as $key=>$val ){
          $columns[trim($key,'`')]=$val;
       }

Which would effectively create a duplicate for escaped keys - not a pretty solution by any means, but it works (tested).

Any better way to fix it?

TYPO3 V12 compatibility

There will be an EXT:t3am version, which is compatible with TYPO3 core V12. It is currently under development and testing.

If you need early access to this version, please head over to https://www.in2code.de/agentur/typo3-extensions/early-access-programm/ and support our work.

Local users cannot work, if T3AM-Server is not available

If the team server is not available to a client instance, even local users cannot work any more.

There should be a time-out if the instance is not available . Other solution could be to "ping" the server (similar how EXT:solr checks the availability of the solr server )

[FEATURE] Limit users to instances

It would be absolutely great, a killer-feature so to say, if it would be possible to limit users to certain client-instances.

add rst documentation

As a user i want to read the documentation rendered via rest at docs.typo3.org.

[TASK] TYPO3 v11 compatibility

Is it already compatible with TYPO3 v11 LTS? If so, version information should get updated.

Ping on every request causes the backend to be slow

Please remove the ping() on every request in the backend (service 'isAvailable'). This causes the backend to do a ping on every single request and causes the backend to be super slow and unresponsive in a lot of scenarios..

I don't even think the ping is neccesary as the authentication service tries to connect on auth anyways and falls back to the other services if it times out..

Can not login, if be_users table is extended

Can not login, if be_users table is extended.
Reason: If a column is edit with no default value, the insert statement in 't3am/Classes/UserRepository.php' in line 82 fails with Errormessage 'Field 'tx_mydashboard_config' doesn't have a default value'.

The field tx_mydashboard_config is in this case of type text wich can't have a default value.

Display T3AM installation info

As an editor, I like to get an info, if T3AM is active

show an additional login failure message, if T3AM is active, with text "T3AM installation is active".

Instance overview

As an admin, I like to get an overview, at which installations, T3AM is active.

AC:

A list of instances is in an own BE Module
List shows: URL, Installation name, last login (list of logins in detail), used token (edit link to token)

Allow TYPO3 version 9

As a user, i want to be able, to login at TYPO3 version 9 installations

authentication is possible, via TYPO3 version 9
resolve #81536 - MoveOfServicesListReportFromSvToReports in Authenticator
resolve #80929 - TYPO3_DB moved to extension in UserRespository
resolve #82254 - Deprecate $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'] in extConf
resolve #82254 - Deprecate $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'] in classes/Config.php