[FEATURE] Reintroduce option to modify FE groups w/o auth

In TYPO3 v11.0 the "getGroupsFE" Authentication chain was removed
for FrontendUserAuthentication, so it is not possible for extensions
to add groups to anonymous user sessions anymore.

A newly introduced Event is now introduced to replace the getGroupsFE
authentication subservice.

Resolves: #95364
Related: #93108
Releases: master
Change-Id: Ib981f4c53041f014932df5575cae79446e6fbf34
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71235
Tested-by: core-ci <typo3@b13.com>
Tested-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

typo3/sysext/core/Documentation/Changelog/master/Feature-95364-EventToModifyFrontendUserGroupsWithoutAuthentication.rst

@@ -0,0 +1,33 @@
+.. include:: ../../Includes.txt
+
+=============================================================================
+Feature: #95364 - Event to modify frontend user groups without authentication
+=============================================================================
+
+See :issue:`95364`
+
+Description
+===========
+
+Prior to TYPO3 v11.0, the "getGroupsFE" authentication service
+allowed to add and manipulate Frontend User Groups to be attached
+to a FrontendUserAuthentication request during runtime.
+
+Extensions use this approach to attach certain properties for
+customization (e.g. country or region of a website user) dynamically for a specific request.
+
+This functionality was removed during the refactoring of the
+authentication services (see #93108).
+
+A new Event "ModifyResolvedFrontendGroupsEvent" has now been
+introduced to modify user groups, even if there is no
+authenticated user in place.
+
+
+Impact
+======
+
+Use the new PSR-14 event to attach Frontend User Groups dynamically
+during a frontend request.
+
+.. index:: Frontend, PHP-API, ext:frontend

typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php

@@ -15,6 +15,8 @@
 
 namespace TYPO3\CMS\Frontend\Authentication;
 
+use Psr\EventDispatcher\EventDispatcherInterface;
+use Psr\Http\Message\ServerRequestInterface;
 use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
 use TYPO3\CMS\Core\Authentication\GroupResolver;
 use TYPO3\CMS\Core\Context\UserAspect;
@@ -262,8 +264,10 @@ public function createUserSession(array $tempuser): UserSession
      * Will select all fe_groups records that the current fe_user is member of.
      *
      * It also accumulates the TSconfig for the fe_user/fe_groups in ->TSdataArray
+     *
+     * @param ServerRequestInterface|null $request (will become a requirement in v12.0)
      */
-    public function fetchGroupData()
+    public function fetchGroupData(ServerRequestInterface $request = null)
     {
         $this->TSdataArray = [];
         $this->userTS = [];
@@ -284,6 +288,10 @@ public function fetchGroupData()
             ]);
             $groupDataArr = GeneralUtility::makeInstance(GroupResolver::class)->resolveGroupsForUser($this->user, $this->usergroup_table);
         }
+        // Fire an event for any kind of user (even when no specific user is here, using hideLogin feature)
+        $dispatcher = GeneralUtility::getContainer()->get(EventDispatcherInterface::class);
+        $event = $dispatcher->dispatch(new ModifyResolvedFrontendGroupsEvent($this, $groupDataArr, $request ?? $GLOBALS['TYPO3_REQUEST'] ?? null));
+        $groupDataArr = $event->getGroups();
 
         if (empty($groupDataArr)) {
             $this->logger->debug('No usergroups found');

typo3/sysext/frontend/Classes/Authentication/ModifyResolvedFrontendGroupsEvent.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+namespace TYPO3\CMS\Frontend\Authentication;
+
+use Psr\Http\Message\ServerRequestInterface;
+
+/**
+ * Event listener to allow to add custom Frontend Groups to a (frontend) request
+ * regardless if a user is logged in or not.
+ */
+final class ModifyResolvedFrontendGroupsEvent
+{
+    private FrontendUserAuthentication $user;
+    private array $groups;
+    private ?ServerRequestInterface $request;
+
+    public function __construct(FrontendUserAuthentication $user, array $groups, ?ServerRequestInterface $request)
+    {
+        $this->user = $user;
+        $this->groups = $groups;
+        $this->request = $request;
+    }
+
+    public function getRequest(): ?ServerRequestInterface
+    {
+        return $this->request;
+    }
+
+    public function getUser(): FrontendUserAuthentication
+    {
+        return $this->user;
+    }
+
+    public function getGroups(): array
+    {
+        return $this->groups;
+    }
+
+    public function setGroups(array $groups): void
+    {
+        $this->groups = $groups;
+    }
+}

typo3/sysext/frontend/Classes/Middleware/FrontendUserAuthenticator.php

@@ -77,7 +77,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $frontendUser->unpack_uc();
         // no matter if we have an active user we try to fetch matching groups which can
         // be set without an user (simulation for instance!)
-        $frontendUser->fetchGroupData();
+        $frontendUser->fetchGroupData($request);
 
         // Register the frontend user as aspect and within the request
         $userAspect = $frontendUser->createUserAspect();