[BUGFIX] Ensure UserAspect->isLoggedIn() checks for user only

isLoggedIn() is referring to the user, as Frontend sometimes needs "isUserOrGroupSet()" functionality for working with Admin Panel Previews or the infamous pages.fe_login_mode where the user log in is hidden but the group is still valid. Resolves: #90989 Releases: master, 10.4 Change-Id: Ib19dfbea6c355abe51507430fb03e247eb5c27bf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66113 Tested-by: TYPO3com <noreply@typo3.com> Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com> Tested-by: Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com> Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
TYPO3 · Oct 12, 2020 · 1c4c9cb · 1c4c9cb
1 parent dfd1762
commit 1c4c9cb
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/typo3/sysext/core/Classes/Context/UserAspect.php b/typo3/sysext/core/Classes/Context/UserAspect.php
@@ -95,16 +95,18 @@ public function get(string $name)
     }
 
     /**
-     * If a frontend user is checked, he/she also needs to have a group, otherwise it is only
-     * checked if the frontend user has a uid > 0
+     * A user is logged in if the user has a UID, but does not care about groups.
+     *
+     * For frontend purposes, it is possible to e.g. simulate groups, but this would still be defined as "not logged in".
+     * This is also possible in frontend where there are cases that a user can be marked as NOT logged IN, but
+     * be logged in but the groups are explicitly NOT defined (see pages.fe_login_mode)
+     *
+     * For backend, only the check on the user ID is used.
      *
      * @return bool
      */
     public function isLoggedIn(): bool
     {
-        if ($this->user instanceof FrontendUserAuthentication) {
-            return ($this->user->user[$this->user->userid_column ?? 'uid'] ?? 0) > 0 && !empty($this->user->groupData['uid'] ?? null);
-        }
         return ($this->user->user[$this->user->userid_column ?? 'uid'] ?? 0) > 0;
     }
 
@@ -182,7 +184,7 @@ public function isUserOrGroupSet(): bool
     {
         if ($this->user instanceof FrontendUserAuthentication) {
             $groups = $this->getGroupIds();
-            return is_array($this->user->user ?? null) || implode(',', $groups) !== '0,-1';
+            return $this->isLoggedIn() || implode(',', $groups) !== '0,-1';
         }
         return $this->isLoggedIn();
     }

diff --git a/typo3/sysext/core/Tests/Unit/Context/UserAspectTest.php b/typo3/sysext/core/Tests/Unit/Context/UserAspectTest.php
@@ -68,14 +68,14 @@ public function getterReturnsValidUsername()
     /**
      * @test
      */
-    public function isLoggedInReturnsFalseOnFrontendUserWithoutUserGroup()
+    public function isLoggedInReturnsTrueOnFrontendUserWithoutUserGroup()
     {
         $user = new FrontendUserAuthentication();
         $user->user = [
             'uid' => 13
         ];
         $subject = new UserAspect($user);
-        self::assertFalse($subject->isLoggedIn());
+        self::assertTrue($subject->isLoggedIn());
     }
 
     /**

diff --git a/...tend/Tests/Functional/Configuration/TypoScript/ConditionMatching/ConditionMatcherTest.php b/...tend/Tests/Functional/Configuration/TypoScript/ConditionMatching/ConditionMatcherTest.php
@@ -18,12 +18,12 @@
 namespace TYPO3\CMS\Frontend\Tests\Functional\Configuration\TypoScript\ConditionMatching;
 
 use Prophecy\Argument;
+use Psr\Log\NullLogger;
 use TYPO3\CMS\Core\Context\Context;
 use TYPO3\CMS\Core\Context\UserAspect;
 use TYPO3\CMS\Core\Context\WorkspaceAspect;
 use TYPO3\CMS\Core\Domain\Repository\PageRepository;
 use TYPO3\CMS\Core\Http\ServerRequest;
-use TYPO3\CMS\Core\Log\Logger;
 use TYPO3\CMS\Core\Routing\PageArguments;
 use TYPO3\CMS\Core\Site\Entity\Site;
 use TYPO3\CMS\Core\TypoScript\TemplateService;
@@ -485,7 +485,7 @@ public function siteDoesNotMatchCondition(): void
     protected function getConditionMatcher(): ConditionMatcher
     {
         $conditionMatcher = new ConditionMatcher();
-        $conditionMatcher->setLogger($this->prophesize(Logger::class)->reveal());
+        $conditionMatcher->setLogger(new NullLogger());
 
         return $conditionMatcher;
     }
@@ -496,7 +496,7 @@ protected function getConditionMatcher(): ConditionMatcher
     protected function setupFrontendUserContext(array $groups = []): void
     {
         $frontendUser = new FrontendUserAuthentication();
-        $frontendUser->user['uid'] = 13;
+        $frontendUser->user['uid'] = empty($groups) ? 0 : 13;
         $frontendUser->groupData['uid'] = $groups;
 
         GeneralUtility::makeInstance(Context::class)->setAspect('frontend.user', new UserAspect($frontendUser, $groups));