[TASK] Reorganize & streamline sudo mode handling

:information_source: View this commit on Github :busts_in_silhouette: Authored by Oliver Hader oliver@typo3.org :heavy_check_mark: Merged by Benni Mack benni@typo3.org

Commit message

Issue #92836 introduced the "sudo mode" to all admin tool modules, but with using the session storage of the install tool (based on PHP native $_SESSION handling) - which is different to the usual behavior and session handling in the TYPO3 backend.

This change changes the session handling to backend user sessions, add a generic way to configure "sudo mode" per backend routes (not hardcoding its invocation in the admin tool controller anymore).

In addition, "sudo mode" is now enabled for the extension manager module as well - this was not possible before, due to the hardwired implementation to ext:install.

In developer context, "sudo mode" is granted automatically (#93160).

Resolves: #94246 Releases: main Change-Id: I4fee2b7da3da25c8c6479eab7478b38cdc3b5a4d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78546 Reviewed-by: Benni Mack benni@typo3.org Tested-by: Benni Mack benni@typo3.org Tested-by: core-ci typo3@b13.com Tested-by: Andreas Fernandez a.fernandez@scripting-base.de Reviewed-by: Andreas Fernandez a.fernandez@scripting-base.de

:heavy_plus_sign: Added files

12.4/Important-94246-GenericSudoModeConfiguration.rst

```rst .. include:: /Includes.rst.txt .. _important-94246-1681366863: ================================================ Important: #94246 - GenericSudoModeConfiguration ================================================ See :issue:`94246` Description =========== :doc:`Sudo Mode <../9.5.x/Important-92836-IntroduceSudoModeForInstallToolAccessedViaBackend>` has been integrated since TYPO3 v9.5.x to protect only Install Tool components. With TYPO3 v12 it has been changed to a generic configuration for backend routes (and implicitly modules). Besides that, access to the Extension Manager now needs to pass the sudo mode verification as well. Process in a nutshell --------------------- All simplified classnames below are located in the namespace :php:`\TYPO3\CMS\Backend\Security\SudoMode\Access`). The low-level request orchestration happens in the middleware :php:`\TYPO3\CMS\Backend\Middleware\SudoModeInterceptor`, markup rendering and payload processing in controller :php:`\TYPO3\CMS\Backend\Controller\Security\SudoModeController`. * a backend route is processed, that requires sudo mode for route URI `/my/route` in :php:`\TYPO3\CMS\Backend\Http\RouteDispatcher` * :php:`AccessHandler` tries to find a valid & not expired :php:`AccessGrant` item for the specific :php:`RouteAccessSubject('/my/route')` aspect in the current backend user session data * in case no :php:`AccessGrant` can be determined, a new :php:`AccessClaim` is created for the specific :php:`RouteAccessSubject` instance and temporarily persisted in the current user session data - the claim also contains the originally requested route as :php:`ServerRequestInstruction` (a simplified representation of a :php:`ServerRequestInterface`) * next, the user is redirected to the user-interface for providing either their own password, or the global install tool password as alternative * given, the password was correct, the :php:`AccessClaim` is "converted" to an :php:`AccessGrant`, which is only valid for the specific subject (URI `/my/route`) and for a limited lifetime Configuration ------------- In general the configuration for a particular route or module looks like this: .. code-block:: php [ 'group' => 'individual-group-name', 'lifetime' => AccessLifetime::XS, ], * `group` (optional): if given, grants access to other objects of the same `group` without having to verify sudo mode again for a the given lifetime. Example: Admin Tool modules "Maintainance" and "Settings" are configured with the same `systemMaintainer` group - having access to one (after sudo mode verification) grants access to the other automatically. * `lifetime`: enum value of :php:`\TYPO3\CMS\Backend\Security\SudoMode\Access\AccessLifetime`, defining the lifetime of a sudo mode verification, afterwards users have to go through the process again - cases are `XS` (5 minutes), `S` (10 minutes), `M` (15 minutes), `L` (30 minutes), `XL` (60 minutes) For backend routes declared via :file:`Configuration/Backend/Routes.php`, the relevant configuration would look like this: .. code-block:: php [ 'path' => '/my/route', 'target' => MyHandler::class . '::process', 'sudoMode' => [ 'group' => 'mySudoModeGroup', 'lifetime' => AccessLifetime::S, ], ], ]; For backend modules declared via :file:`Configuration/Backend/Modules.php`, the relevant configuration would look like this: .. code-block:: php [ // ... 'routeOptions' => [ 'sudoMode' => [ 'group' => 'systemMaintainer', 'lifetime' => AccessLifetime::M, ], ], ], ]; .. index:: Backend, ext:backend ```

:heavy_division_sign: Modified files

12.0/Feature-96733-NewBackendModuleRegistrationAPI.rst

```diff @@ -188,6 +188,11 @@ Module configuration options | | aliases can also be used for references in other modules, e.g. | | | to specify a modules' :php:`parent`. | +----------------------------------------------------------+------------------------------------------------------------------+ +| routeOptions (:php:`array`) | Generic side information that will be merged with each generated | +| | `\TYPO3\CMS\Backend\Routing\Route::$options` array. This can be | +| | used for information, that is not relevant for a module aspect, | +| | but more relevant for the routing aspect (e.g. sudo-mode). | ++----------------------------------------------------------+------------------------------------------------------------------+ Module-dependent configuration options -------------------------------------- ```

TYPO3-Documentation / Changelog-To-Doc