[TASK] Provide public method to create anonymous user session

derhansen · bmack · commit 3fce9f6f52ce · 2025-02-05T08:29:43.000+01:00
With #100307 new PSR-14 events have been introduced to allow implementation of custom logic for classes extending `\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication`. The PSR-14 event `BeforeUserLogoutEvent` allows to control, if the logout process should be handled by `AbstractUserAuthentication`. If an extension author decides to implement a custom logout process by using the PSR-14 event `AfterUserLoggedOutEvent`, it is currently not possible to use a public API method to create an anonymous user session. Instead, extension authors can use the internal method `initializeUserSessionManager` to. In order to provide a public API method to create an anonymous user session, this change adds the method `createAnonymousSession` to `AbstractUserAuthentication`. The method is now additionally used internally in the class to create an anonymous user session where required. Resolves: #106052 Releases: main, 13.4 Signed-off-by: Torben Hansen <derhansen@gmail.com> Change-Id: I7957d177d98c49ff10bb896e9c85466dcc8c0710 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/87979 Tested-by: Benni Mack <benni@typo3.org> Tested-by: core-ci <typo3@b13.com> Tested-by: Garvin Hicking <gh@faktor-e.de> Reviewed-by: Benni Mack <benni@typo3.org> Reviewed-by: Garvin Hicking <gh@faktor-e.de> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -240,7 +240,19 @@ public function __construct()
     public function initializeUserSessionManager(?UserSessionManager $userSessionManager = null): void
     {
         $this->userSessionManager = $userSessionManager ?? UserSessionManager::create($this->loginType);
-        $this->userSession = $this->userSessionManager->createAnonymousSession();
+        $this->createAnonymousSession();
+    }
+
+    /**
+     * Creates an anonymous user session.
+     * This method should be avoided, as it is only a workaround due to the ugly setup of this class
+     * and the authentication / logout behavior.
+     */
+    public function createAnonymousSession(): void
+    {
+        if (!empty($this->userSessionManager)) {
+            $this->userSession = $this->userSessionManager->createAnonymousSession();
+        }
     }
 
     /**
@@ -800,7 +812,7 @@ protected function fetchValidUserFromSessionOrDestroySession(bool $skipSessionUp
                 // Delete any user set...
                 $this->logoff();
                 $userRecord = false;
-                $this->userSession = $this->userSessionManager->createAnonymousSession();
+                $this->createAnonymousSession();
             }
         }
         return is_array($userRecord) ? $userRecord : null;
@@ -848,7 +860,7 @@ protected function performLogoff()
         if ($this->userSession) {
             $this->userSessionManager->removeSession($this->userSession);
         }
-        $this->userSession = $this->userSessionManager->createAnonymousSession();
+        $this->createAnonymousSession();
         $this->user = null;
         if ($this->isCookieSet()) {
             $this->removeCookie();
