[!!!][TASK] Migrate extbase HashService deprecation

Closes #1252
derhansen · Sep 24, 2024 · 1e6c9cc · 1e6c9cc
1 parent 978824f
commit 1e6c9cc
Show file tree

Hide file tree

Showing 8 changed files with 86 additions and 103 deletions.
diff --git a/Classes/Controller/EventController.php b/Classes/Controller/EventController.php
@@ -35,6 +35,7 @@
 use DERHANSEN\SfEventMgt\Event\ProcessRedirectToPaymentEvent;
 use DERHANSEN\SfEventMgt\Event\WaitlistMoveUpEvent;
 use DERHANSEN\SfEventMgt\Exception;
+use DERHANSEN\SfEventMgt\Security\HashScope;
 use DERHANSEN\SfEventMgt\Service\EventCacheService;
 use DERHANSEN\SfEventMgt\Utility\MessageType;
 use DERHANSEN\SfEventMgt\Utility\PageUtility;
@@ -584,7 +585,10 @@ public function saveRegistrationAction(Registration $registration, Event $event)
                 null,
                 [
                     'reguid' => $registration->getUid(),
-                    'hmac' => $this->hashService->generateHmac('reg-' . $registration->getUid()),
+                    'hmac' => $this->hashService->hmac(
+                        'reg-' . $registration->getUid(),
+                        HashScope::RegistrationUid->value
+                    ),
                 ]
             );
         }
@@ -597,7 +601,10 @@ public function saveRegistrationAction(Registration $registration, Event $event)
                 'result' => $result,
                 'eventuid' => $event->getUid(),
                 'reguid' => $registrationUid,
-                'hmac' => $this->hashService->generateHmac('event-' . $event->getUid() . '-reg-' . $registrationUid),
+                'hmac' => $this->hashService->hmac(
+                    'event-' . $event->getUid() . '-reg-' . $registrationUid,
+                    HashScope::SaveRegistrationResult->value
+                ),
             ]
         );
     }
@@ -661,7 +668,12 @@ public function saveRegistrationResultAction(int $result, int $eventuid, string
                 $titleKey = '';
         }
 
-        if (!$this->hashService->validateHmac('event-' . $eventuid . '-reg-' . $reguid, $hmac)) {
+        $isValidHmac = $this->hashService->validateHmac(
+            'event-' . $eventuid . '-reg-' . $reguid,
+            HashScope::SaveRegistrationResult->value,
+            $hmac
+        );
+        if (!$isValidHmac) {
             $messageKey = 'event.message.registrationsuccessfulwrongeventhmac';
             $titleKey = 'registrationResult.title.failed';
         } else {
@@ -804,7 +816,10 @@ private function getRedirectToPaymentResponse(int $paymentPid, Registration $reg
                 'redirect',
                 [
                     'registration' => $registration,
-                    'hmac' => $this->hashService->generateHmac('redirectAction-' . $registration->getUid()),
+                    'hmac' => $this->hashService->hmac(
+                        'redirectAction-' . $registration->getUid(),
+                        HashScope::PaymentAction->value
+                    ),
                 ],
                 'Payment',
                 'sfeventmgt',

diff --git a/Classes/Controller/PaymentController.php b/Classes/Controller/PaymentController.php
@@ -21,6 +21,7 @@
 use DERHANSEN\SfEventMgt\Event\ProcessPaymentSuccessEvent;
 use DERHANSEN\SfEventMgt\Exception;
 use DERHANSEN\SfEventMgt\Payment\Exception\PaymentException;
+use DERHANSEN\SfEventMgt\Security\HashScope;
 use Psr\Http\Message\ResponseInterface;
 use TYPO3\CMS\Extbase\Mvc\RequestInterface;
 use TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
@@ -318,8 +319,12 @@ protected function proceedWithAction(Registration $registration, string $actionN
      */
     protected function validateHmacForAction(Registration $registration, string $hmac, string $action): void
     {
-        $result = $this->hashService->validateHmac($action . '-' . $registration->getUid(), $hmac);
-        if (!$result) {
+        $isValidHmac = $this->hashService->validateHmac(
+            $action . '-' . $registration->getUid(),
+            HashScope::PaymentAction->value,
+            $hmac
+        );
+        if (!$isValidHmac) {
             $message = LocalizationUtility::translate('payment.messages.invalidHmac', 'SfEventMgt');
             throw new InvalidHashException($message, 1899934890);
         }
@@ -337,7 +342,10 @@ protected function getPaymentUriForAction(string $action, Registration $registra
             $action,
             [
                 'registration' => $registration,
-                'hmac' => $this->hashService->generateHmac($action . 'Action-' . $registration->getUid()),
+                'hmac' => $this->hashService->hmac(
+                    $action . 'Action-' . $registration->getUid(),
+                    HashScope::PaymentAction->value
+                ),
             ],
             'Payment',
             'sfeventmgt',

diff --git a/Classes/Controller/UserRegistrationController.php b/Classes/Controller/UserRegistrationController.php
@@ -17,7 +17,6 @@
 use TYPO3\CMS\Core\Context\Context;
 use TYPO3\CMS\Core\Http\PropagateResponseException;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
 use TYPO3\CMS\Frontend\Controller\ErrorController;
 
 class UserRegistrationController extends AbstractController

diff --git a/Classes/Security/HashScope.php b/Classes/Security/HashScope.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Extension "sf_event_mgt" for TYPO3 CMS.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ */
+
+namespace DERHANSEN\SfEventMgt\Security;
+
+/**
+ * Contains hashing specific scopes to be used as additional secret for HMACs.
+ */
+enum HashScope: string
+{
+    case PaymentAction = 'paymentAction';
+    case RegistrationUid = 'registrationUid';
+    case RegistrationHmac = 'registrationHmac';
+    case EventUid = 'eventUid';
+    case SaveRegistrationResult = 'saveRegistrationResult';
+    case SpamCheckChallenge = 'sf_event_mgt';
+}
diff --git a/Classes/Service/NotificationService.php b/Classes/Service/NotificationService.php
@@ -22,60 +22,28 @@
 use DERHANSEN\SfEventMgt\Event\ModifyCustomNotificationLogEvent;
 use DERHANSEN\SfEventMgt\Event\ModifyUserMessageAttachmentsEvent;
 use DERHANSEN\SfEventMgt\Event\ModifyUserMessageSenderEvent;
+use DERHANSEN\SfEventMgt\Security\HashScope;
 use DERHANSEN\SfEventMgt\Service\Notification\AttachmentService;
 use DERHANSEN\SfEventMgt\Utility\MessageRecipient;
 use DERHANSEN\SfEventMgt\Utility\MessageType;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use RuntimeException;
+use TYPO3\CMS\Core\Crypto\HashService;
 use TYPO3\CMS\Core\Http\ApplicationType;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Extbase\Security\Cryptography\HashService;
 
 class NotificationService
 {
-    protected RegistrationRepository $registrationRepository;
-    protected EmailService $emailService;
-    protected HashService $hashService;
-    protected FluidStandaloneService $fluidStandaloneService;
-    protected CustomNotificationLogRepository $customNotificationLogRepository;
-    protected AttachmentService $attachmentService;
-    protected EventDispatcherInterface $eventDispatcher;
-
-    public function injectAttachmentService(AttachmentService $attachmentService): void
-    {
-        $this->attachmentService = $attachmentService;
-    }
-
-    public function injectCustomNotificationLogRepository(
-        CustomNotificationLogRepository $customNotificationLogRepository
-    ): void {
-        $this->customNotificationLogRepository = $customNotificationLogRepository;
-    }
-
-    public function injectEmailService(EmailService $emailService): void
-    {
-        $this->emailService = $emailService;
-    }
-
-    public function injectFluidStandaloneService(FluidStandaloneService $fluidStandaloneService): void
-    {
-        $this->fluidStandaloneService = $fluidStandaloneService;
-    }
-
-    public function injectHashService(HashService $hashService): void
-    {
-        $this->hashService = $hashService;
-    }
-
-    public function injectRegistrationRepository(RegistrationRepository $registrationRepository): void
-    {
-        $this->registrationRepository = $registrationRepository;
-    }
-
-    public function injectEventDispatcher(EventDispatcherInterface $eventDispatcher): void
-    {
-        $this->eventDispatcher = $eventDispatcher;
+    public function __construct(
+        protected readonly RegistrationRepository $registrationRepository,
+        protected readonly EmailService $emailService,
+        protected readonly HashService $hashService,
+        protected readonly FluidStandaloneService $fluidStandaloneService,
+        protected readonly CustomNotificationLogRepository $customNotificationLogRepository,
+        protected readonly AttachmentService $attachmentService,
+        protected readonly EventDispatcherInterface $eventDispatcher
+    ) {
     }
 
     /**
@@ -458,8 +426,8 @@ protected function getNotificationBody(
             'event' => $event,
             'registration' => $registration,
             'settings' => $settings,
-            'hmac' => $this->hashService->generateHmac('reg-' . $registration->getUid()),
-            'reghmac' => $this->hashService->appendHmac((string)$registration->getUid()),
+            'hmac' => $this->hashService->hmac('reg-' . $registration->getUid(), HashScope::RegistrationUid->value),
+            'reghmac' => $this->hashService->appendHmac((string)$registration->getUid(), HashScope::RegistrationHmac->value),
             'confirmAction' => $this->getTargetLinkAction('confirmAction', $settings),
             'cancelAction' => $this->getTargetLinkAction('cancelAction', $settings),
         ];

diff --git a/Classes/Service/RegistrationService.php b/Classes/Service/RegistrationService.php
@@ -20,62 +20,31 @@
 use DERHANSEN\SfEventMgt\Event\AfterRegistrationMovedFromWaitlist;
 use DERHANSEN\SfEventMgt\Event\ModifyCheckRegistrationSuccessEvent;
 use DERHANSEN\SfEventMgt\Payment\AbstractPayment;
+use DERHANSEN\SfEventMgt\Security\HashScope;
 use DERHANSEN\SfEventMgt\Utility\MessageType;
 use DERHANSEN\SfEventMgt\Utility\RegistrationResult;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use TYPO3\CMS\Core\Context\Context;
+use TYPO3\CMS\Core\Crypto\HashService;
 use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Extbase\Mvc\RequestInterface;
 use TYPO3\CMS\Extbase\Reflection\ObjectAccess;
-use TYPO3\CMS\Extbase\Security\Cryptography\HashService;
 
 class RegistrationService
 {
-    protected EventDispatcherInterface $eventDispatcher;
-    protected RegistrationRepository $registrationRepository;
-    protected FrontendUserRepository $frontendUserRepository;
-    protected HashService $hashService;
-    protected PaymentService $paymentService;
-    protected NotificationService $notificationService;
-
-    public function injectFrontendUserRepository(FrontendUserRepository $frontendUserRepository): void
-    {
-        $this->frontendUserRepository = $frontendUserRepository;
-    }
-
-    public function injectHashService(HashService $hashService): void
-    {
-        $this->hashService = $hashService;
-    }
-
-    public function injectNotificationService(NotificationService $notificationService): void
-    {
-        $this->notificationService = $notificationService;
-    }
-
-    public function injectEventDispatcher(EventDispatcherInterface $eventDispatcher): void
-    {
-        $this->eventDispatcher = $eventDispatcher;
+    public function __construct(
+        protected readonly Context $context,
+        protected readonly EventDispatcherInterface $eventDispatcher,
+        protected readonly RegistrationRepository $registrationRepository,
+        protected readonly FrontendUserRepository $frontendUserRepository,
+        protected readonly HashService $hashService,
+        protected readonly PaymentService $paymentService,
+        protected readonly NotificationService $notificationService,
+    ) {
     }
 
-    public function injectPaymentService(PaymentService $paymentService): void
-    {
-        $this->paymentService = $paymentService;
-    }
-
-    public function injectRegistrationRepository(RegistrationRepository $registrationRepository): void
-    {
-        $this->registrationRepository = $registrationRepository;
-    }
-
-    /**
-     * @todo Use CPP for all other dependencies too
-     */
-    public function __construct(protected readonly Context $context) {}
-
     /**
      * Duplicates the given registration (all public accessible properties) the
      * amount of times configured in amountOfRegistrations
@@ -120,7 +89,8 @@ public function checkConfirmRegistration(int $regUid, string $hmac): array
         $messageKey = 'event.message.confirmation_successful';
         $titleKey = 'confirmRegistration.title.successful';
 
-        if (!$this->hashService->validateHmac('reg-' . $regUid, $hmac)) {
+        $isValidHmac = $this->hashService->validateHmac('reg-' . $regUid, HashScope::RegistrationUid->value, $hmac);
+        if (!$isValidHmac) {
             $failed = true;
             $messageKey = 'event.message.confirmation_failed_wrong_hmac';
             $titleKey = 'confirmRegistration.title.failed';
@@ -187,7 +157,8 @@ public function checkCancelRegistration(int $regUid, string $hmac): array
         $messageKey = 'event.message.cancel_successful';
         $titleKey = 'cancelRegistration.title.successful';
 
-        if (!$this->hashService->validateHmac('reg-' . $regUid, $hmac)) {
+        $isValidHmac = $this->hashService->validateHmac('reg-' . $regUid, HashScope::RegistrationUid->value, $hmac);
+        if (!$isValidHmac) {
             $failed = true;
             $messageKey = 'event.message.cancel_failed_wrong_hmac';
             $titleKey = 'cancelRegistration.title.failed';

diff --git a/Classes/Utility/MiscUtility.php b/Classes/Utility/MiscUtility.php
@@ -11,12 +11,10 @@
 
 namespace DERHANSEN\SfEventMgt\Utility;
 
+use DERHANSEN\SfEventMgt\Security\HashScope;
 use TYPO3\CMS\Core\Crypto\HashService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
-/**
- * Class MiscUtility
- */
 class MiscUtility
 {
     /**
@@ -26,7 +24,7 @@ public static function getSpamCheckChallenge(int $eventUid): string
     {
         /** @var HashService $hashService */
         $hashService = GeneralUtility::makeInstance(HashService::class);
-        $hmac = $hashService->hmac('event-' . $eventUid, 'sf_event_mgt');
+        $hmac = $hashService->hmac('event-' . $eventUid, HashScope::SpamCheckChallenge->value);
         $chars = preg_replace('/[0-9]+/', '', $hmac);
 
         return preg_replace_callback('/\w.?/', static function ($m) {

diff --git a/Classes/ViewHelpers/Registration/HmacViewHelper.php b/Classes/ViewHelpers/Registration/HmacViewHelper.php
@@ -12,7 +12,8 @@
 namespace DERHANSEN\SfEventMgt\ViewHelpers\Registration;
 
 use DERHANSEN\SfEventMgt\Domain\Model\Registration;
-use TYPO3\CMS\Extbase\Security\Cryptography\HashService;
+use DERHANSEN\SfEventMgt\Security\HashScope;
+use TYPO3\CMS\Core\Crypto\HashService;
 use TYPO3Fluid\Fluid\Core\ViewHelper\AbstractViewHelper;
 
 /**
@@ -42,7 +43,7 @@ public function render(): string
         $registration = $this->arguments['registration'];
         $result = '';
         if (is_a($registration, Registration::class)) {
-            $result = $this->hashService->generateHmac('reg-' . $registration->getUid());
+            $result = $this->hashService->hmac('reg-' . $registration->getUid(), HashScope::RegistrationUid->value);
         }
 
         return $result;