[BUGFIX] Create backend users via CLI respects TCA default options

This change introduces the use of the DataHandler instead of the QueryBuilder when creating backend users via CLI command `backend:user:create`. This ensures that the user is initialized with TCA default options and the creation and history of the new user is logged to the TYPO3 log. Resolves: #102062 Releases: main, 12.4 Change-Id: I78f7093108d1df3c6d37ab7545911365d3c846bb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83688 Tested-by: core-ci <typo3@b13.com> Tested-by: Stefan Bürk <stefan@buerk.tech> Reviewed-by: Stefan Bürk <stefan@buerk.tech>
TYPO3 · Apr 7, 2024 · 7279f63 · 7279f63
1 parent a1edae0
commit 7279f63
Show file tree

Hide file tree

Showing 6 changed files with 274 additions and 15 deletions.
diff --git a/typo3/sysext/backend/Classes/Command/CreateBackendUserCommand.php b/typo3/sysext/backend/Classes/Command/CreateBackendUserCommand.php
@@ -26,13 +26,15 @@
 use Symfony\Component\Console\Question\ConfirmationQuestion;
 use Symfony\Component\Console\Question\Question;
 use TYPO3\CMS\Core\Configuration\ConfigurationManager;
-use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
+use TYPO3\CMS\Core\Core\Bootstrap;
 use TYPO3\CMS\Core\Database\ConnectionPool;
+use TYPO3\CMS\Core\DataHandling\DataHandler;
 use TYPO3\CMS\Core\Localization\LanguageServiceFactory;
 use TYPO3\CMS\Core\PasswordPolicy\PasswordPolicyAction;
 use TYPO3\CMS\Core\PasswordPolicy\PasswordPolicyValidator;
 use TYPO3\CMS\Core\PasswordPolicy\Validator\Dto\ContextData;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\StringUtility;
 
 /**
  * Create a new backend user
@@ -43,7 +45,6 @@ public function __construct(
         private readonly ConnectionPool $connectionPool,
         private readonly ConfigurationManager $configurationManager,
         private readonly LanguageServiceFactory $languageServiceFactory,
-        private readonly PasswordHashFactory $passwordHashFactory,
     ) {
         parent::__construct();
     }
@@ -336,24 +337,33 @@ private function getBackendUserPasswordValidationErrors(string $password): array
      */
     private function createUser(string $username, string $password, string $email = '', bool $admin = false, bool $maintainer = false, array $groups = []): void
     {
-        $adminUserFields = [
-            'username' => $username,
-            'password' => $this->passwordHashFactory->getDefaultHashInstance('BE')->getHashedPassword($password),
-            'email' => GeneralUtility::validEmail($email) ? $email : '',
-            'admin' => $admin ? 1 : 0,
-            'usergroup' => empty($groups) ? null : implode(',', $groups),
-            'tstamp' => $GLOBALS['EXEC_TIME'],
-            'crdate' => $GLOBALS['EXEC_TIME'],
+        // Initialize backend user authentication to ensure the new backend user can be created with proper permissions
+        Bootstrap::initializeBackendAuthentication();
+
+        $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
+        $backendUserId = StringUtility::getUniqueId('NEW');
+        $data = [
+            'be_users' => [
+                $backendUserId => [
+                    'pid' => 0,
+                    'username' => $username,
+                    'password' => $password,
+                    'email' => $email,
+                    'admin' => $admin ? 1 : 0,
+                    'usergroup' => $groups,
+                    'disable' => 0,
+                ],
+            ],
         ];
 
-        $databaseConnection = $this->connectionPool->getConnectionForTable('be_users');
-        $databaseConnection->insert('be_users', $adminUserFields);
-        $adminUserUid = (int)$databaseConnection->lastInsertId('be_users');
+        $dataHandler->start($data, []);
+        $dataHandler->process_datamap();
 
-        if ($maintainer) {
+        $backendUserId = $dataHandler->substNEWwithIDs[$backendUserId] ?? null;
+        if ($maintainer && $backendUserId) {
             $maintainerIds = $this->configurationManager->getConfigurationValueByPath('SYS/systemMaintainers') ?? [];
             sort($maintainerIds);
-            $maintainerIds[] = $adminUserUid;
+            $maintainerIds[] = $backendUserId;
             $this->configurationManager->setLocalConfigurationValuesByPathValuePairs([
                 'SYS/systemMaintainers' => array_unique($maintainerIds),
             ]);

diff --git a/typo3/sysext/backend/Tests/Functional/Command/CreateBackendUserCommandTest.php b/typo3/sysext/backend/Tests/Functional/Command/CreateBackendUserCommandTest.php
@@ -0,0 +1,209 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+namespace TYPO3\CMS\Backend\Tests\Functional\Command;
+
+use PHPUnit\Framework\Attributes\Test;
+use TYPO3\CMS\Core\Tests\Functional\Command\AbstractCommandTestCase;
+
+final class CreateBackendUserCommandTest extends AbstractCommandTestCase
+{
+    /**
+     * @var array{
+     *     username: string,
+     *     password: string,
+     *     email: string,
+     *     groups: string,
+     * }
+     */
+    protected array $userDefaults = [
+        'username' => 'picard',
+        'password' => 'Engage1701D!',
+        'email' => 'starcommand@example.com',
+        'groups' => '4,8,16',
+    ];
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->importCSVDataSet(__DIR__ . '/Fixtures/be_groups_multiple.csv');
+        $this->importCSVDataSet(__DIR__ . '/../Fixtures/be_users.csv');
+    }
+
+    #[Test]
+    public function userCanBeCreatedWithShortcuts(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create -u %s -p %s -e %s -g %s --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_normal.csv');
+    }
+
+    #[Test]
+    public function userCanBeCreatedWithLongOptions(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --email %s --groups %s --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_normal.csv');
+    }
+
+    #[Test]
+    public function adminUserCanBeCreatedWithShortcuts(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create -u %s -p %s -e %s -g %s -a --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_admin.csv');
+    }
+
+    #[Test]
+    public function adminUserCanBeCreatedWithLongOptions(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --email %s --groups %s --admin --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_admin.csv');
+    }
+
+    #[Test]
+    public function maintainerUserCanBeCreatedWithShortcuts(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create -u %s -p %s -e %s -g %s -m --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_maint.csv');
+    }
+
+    #[Test]
+    public function maintainerUserCanBeCreatedWithLongOptions(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --email %s --groups %s --maintainer --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+            $this->userDefaults['email'],
+            $this->userDefaults['groups'],
+        );
+
+        self::assertEquals(0, $result['status']);
+        $this->assertCSVDataSet(__DIR__ . '/Fixtures/Expected/be_users_after_maint.csv');
+    }
+
+    #[Test]
+    public function emptyUsernameFails(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username "" --password %s --no-interaction',
+            $this->userDefaults['password'],
+        );
+
+        self::assertEquals(255, $result['status']);
+    }
+
+    #[Test]
+    public function existingUsernameFails(): void
+    {
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --no-interaction',
+            '--username=admin',
+            $this->userDefaults['password'],
+        );
+
+        self::assertEquals(1, $result['status']);
+    }
+
+    #[Test]
+    public function weakPasswordFails(): void
+    {
+        // Insert first time
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password "yes" --no-interaction',
+            $this->userDefaults['username'],
+        );
+
+        self::assertEquals(255, $result['status']);
+    }
+
+    #[Test]
+    public function emptyPasswordFails(): void
+    {
+        // Insert first time
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password "" --no-interaction',
+            $this->userDefaults['username'],
+        );
+
+        self::assertEquals(255, $result['status']);
+    }
+
+    #[Test]
+    public function invalidEmailFails(): void
+    {
+        // Insert first time
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --email "nobody" --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+        );
+
+        self::assertEquals(255, $result['status']);
+    }
+
+    #[Test]
+    public function invalidGroupIdFails(): void
+    {
+        // Insert first time
+        $result = $this->executeConsoleCommand(
+            'backend:user:create --username %s --password %s --groups "4711" --no-interaction',
+            $this->userDefaults['username'],
+            $this->userDefaults['password'],
+        );
+
+        self::assertEquals(255, $result['status']);
+    }
+}
diff --git a/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_admin.csv b/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_admin.csv
@@ -0,0 +1,11 @@
+"be_users",,,,,,,
+,"uid","pid","username","usergroup","deleted","admin","options","disable","email"
+,1,0,"admin",,0,1,0,0,""
+,2,0,"_cli_","",0,1,0,0,""
+,3,0,"picard","",0,1,3,0,"starcommand@example.com"
+be_groups,,,,,,,,
+,uid,pid,title,deleted,db_mountpoints,tables_select,tables_modify,non_exclude_fields
+,4,0,editors,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,8,0,admins,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,15,0,engineering,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,16,0,medical,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
diff --git a/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_maint.csv b/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_maint.csv
@@ -0,0 +1,11 @@
+"be_users",,,,,,,
+,"uid","pid","username","usergroup","deleted","admin","options","disable","email"
+,1,0,"admin",,0,1,0,0,""
+,2,0,"_cli_","",0,1,0,0,""
+,3,0,"picard","",0,1,3,0,"starcommand@example.com"
+be_groups,,,,,,,,
+,uid,pid,title,deleted,db_mountpoints,tables_select,tables_modify,non_exclude_fields
+,4,0,editors,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,8,0,admins,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,15,0,engineering,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,16,0,medical,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
diff --git a/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_normal.csv b/typo3/sysext/backend/Tests/Functional/Command/Fixtures/Expected/be_users_after_normal.csv
@@ -0,0 +1,11 @@
+"be_users",,,,,,,
+,"uid","pid","username","usergroup","deleted","admin","options","disable","email"
+,1,0,"admin",,0,1,0,0,""
+,2,0,"_cli_","",0,1,0,0,""
+,3,0,"picard","4,8,16",0,0,3,0,"starcommand@example.com"
+be_groups,,,,,,,,
+,uid,pid,title,deleted,db_mountpoints,tables_select,tables_modify,non_exclude_fields
+,4,0,editors,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,8,0,admins,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,15,0,engineering,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,16,0,medical,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
diff --git a/typo3/sysext/backend/Tests/Functional/Command/Fixtures/be_groups_multiple.csv b/typo3/sysext/backend/Tests/Functional/Command/Fixtures/be_groups_multiple.csv
@@ -0,0 +1,7 @@
+be_groups,,,,,,,,
+,uid,pid,title,deleted,db_mountpoints,tables_select,tables_modify,non_exclude_fields
+,4,0,editors,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,8,0,admins,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,15,0,engineering,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+,16,0,medical,0,1,"pages,tt_content","pages,tt_content","pages:title,pages:TSconfig,tt_content:header,tt_content:CType,tt_content:bodytext"
+