Bug #100704
closed
FrontEnd MfaProviderPropertyManager storeProperties fails if no logger available
0%
Description
I'm using the Typo3 providers for TOTP in frontend.
MfaProviderPropertyManager function storeProperties fails in frontend without logger. Data is stored!
protected function storeProperties(): bool
{
// encode the mfa properties to store them in the database and the user array
$mfa = json_encode($this->mfa, JSON_THROW_ON_ERROR) ?: '';
// Write back the updated mfa properties to the user array
$this->user->user[self::DATABASE_FIELD_NAME] = $mfa;
// Log MFA update
$this->logger->debug('MFA properties updated', [
'provider' => $this->providerIdentifier,
'user' => [
'uid' => $this->user->user[$this->user->userid_column],
'username' => $this->user->user[$this->user->username_column],
],
]);
// Store updated mfa properties in the database
return (bool)GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user->user_table)->update(
$this->user->user_table,
[self::DATABASE_FIELD_NAME => $mfa],
[$this->user->userid_column => (int)$this->user->user[$this->user->userid_column]],
[self::DATABASE_FIELD_NAME => Connection::PARAM_LOB]
);
}
Failure near //Log MFA update
Both typo3 11 and 12
Updated by Frank Buijze over 1 year ago
Data is not stored, but exception is thrown that debug is called on null.
Updated by Garvin Hicking 4 months ago
- Category set to Authentication
- Status changed from New to Needs Feedback
Do you maybe still have the stacktrace available? Which error happens exactly?
The $this->logger object should always be available actually, the core utilizes it at many places, and there's a something like a "NullLogger" that should be available.
Updated by Frank Buijze 4 months ago
The $this->logger is not initiated.
Resulting in an error that debug is called on an instance of null.
My workaround for now is to remove the logger line, but I need to do that after every update op typo3.
Updated by Markus Klein 4 months ago
How do you use this in Frontend?
Core does not provide this for FE by default.
I suspect that your code using this in FE makes some mistake during initialization of the class.
Updated by
Updated by Frank Buijze 4 months ago
@GeorgRinger @MarkusKLein
The problem occurs when a user activates mfa.
$provider = new \TYPO3\CMS\Core\Authentication\Mfa\Provider\TotpProvider($context);
$fe = $this->request->getAttribute('frontend.user');
$mfapm = new \TYPO3\CMS\Core\Authentication\Mfa\MfaProviderPropertyManager($fe,'totp');
$bActivated = $provider->activate($this->request,$mfapm);
The activate function triggers the internal storage function. After activation the mfa session variable is set or unset depending on the result.
This works as long as the logger line is removed.
The bug is one year old and maybe another update has solved the issue, by calling different functions. Documentation is limited.
Updated by Markus Klein 4 months ago
Your problem is that you are not using correct API to retrieve services.
When using new for the MfaProviderPropertyManager the logger is not initialized as this is done by the Container.
Change this to:
$mfapm = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Authentication\Mfa\MfaProviderPropertyManager::class, $fe,'totp');
and you should be good to go.