Important: #94246 - Generic sudo mode configuration¶
See forge#94246
Description¶
Sudo mode has been integrated since TYPO3 v9.5.x to protect only Install Tool components. With TYPO3 v12 it has been changed to a generic configuration for backend routes (and implicitly modules).
Besides that, access to the Extension Manager now needs to pass the sudo mode verification as well.
Process in a nutshell¶
All simplified classnames below are located in the namespace \TYPO3\
).
The low-level request orchestration happens in the middleware \TYPO3\
,
markup rendering and payload processing in controller \TYPO3\
.
- A backend route is processed, that requires sudo mode for route URI
/my/
inroute \TYPO3\
.CMS\ Backend\ Http\ Route Dispatcher - Using
Access
andFactory Access
, theStorage Route
tries to find a valid and not expiredDispatcher Access
item for the specificGrant Route
aspect in the current backend user session data.Access Subject ('/ my/ route') - In case no
Access
can be determined, a newGrant Access
is created for the specificClaim Route
instance and temporarily persisted in the current user session data - the claim also contains the originally requested route asAccess Subject Server
(a simplified representation of aRequest Instruction Server
).Request Interface - Next, the user is redirected to the user interface for providing either their own password, or the global install tool password as alternative.
- Given, the password was correct, the
Access
is "converted" to anClaim Access
, which is only valid for the specific subject (URIGrant /my/
) and for a limited lifetime.route
Configuration¶
In general, the configuration for a particular route or module looks like this:
<?php
// ...
'sudoMode' => [
'group' => 'individual-group-name',
'lifetime' => AccessLifetime::veryShort,
],
group
(optional): if given, grants access to other objects of the samegroup
without having to verify sudo mode again for a the given lifetime. Example: Admin Tool modules Maintainance and Settings are configured with the samesystem
group - having access to one (after sudo mode verification) grants access to the other automatically.Maintainer lifetime
: enum value of\TYPO3\
, defining the lifetime of a sudo mode verification, afterwards users have to go through the process again - cases areCMS\ Backend\ Security\ Sudo Mode\ Access\ Access Lifetime very
(5 minutes),Short short
(10 minutes),medium
(15 minutes),long
(30 minutes),very
(60 minutes)Long
For backend routes declared via Configuration/
, the
relevant configuration would look like this:
<?php
return [
'my-route' => [
'path' => '/my/route',
'target' => MyHandler::class . '::process',
'sudoMode' => [
'group' => 'mySudoModeGroup',
'lifetime' => AccessLifetime::short,
],
],
];
For backend modules declared via Configuration/
, the
relevant configuration would look like this:
<?php
return [
'tools_ExtensionmanagerExtensionmanager' => [
// ...
'routeOptions' => [
'sudoMode' => [
'group' => 'systemMaintainer',
'lifetime' => AccessLifetime::medium,
],
],
],
];