From 21d70d3c9958383d33f9f3dcaa988c4328fe0f1a Mon Sep 17 00:00:00 2001
From: Benjamin Franzke <ben@bnf.dev>
Date: Mon, 27 Nov 2023 09:00:00 +0100
Subject: [PATCH] [BUGFIX] Add safeguard in case normalizedParams are missing

With #100885 the availability of the normalizedParams request attribute
became a requirement for user sessions initialized with a custom PSR-7
request. Extensions like EXT:container relied on the fact that a plain
request object could be passed to `Bootstrap::initializeBackendUser()`.

This will be fixed in EXT:container[1] but in case other extensions
relied on this as well, a fallback is now provided.

[1] https://github.com/b13/container/pull/461

Resolves: #102520
Related: #100885
Releases: main, 12.4
Change-Id: Idbf5a6b3d72ecab4a9943d7bb2febf41fa4b6635
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81969
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
---
 Classes/Session/UserSessionManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Classes/Session/UserSessionManager.php b/Classes/Session/UserSessionManager.php
index 65209e97ba..59d13b1cd3 100644
--- a/Classes/Session/UserSessionManager.php
+++ b/Classes/Session/UserSessionManager.php
@@ -23,6 +23,7 @@
 use TYPO3\CMS\Core\Authentication\IpLocker;
 use TYPO3\CMS\Core\Crypto\Random;
 use TYPO3\CMS\Core\Http\CookieScopeTrait;
+use TYPO3\CMS\Core\Http\NormalizedParams;
 use TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException;
 use TYPO3\CMS\Core\Session\Backend\SessionBackendInterface;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -95,7 +96,7 @@ public function createFromRequestOrAnonymous(ServerRequestInterface $request, st
     {
         try {
             $cookieValue = (string)($request->getCookieParams()[$cookieName] ?? '');
-            $scope = $this->getCookieScope($request->getAttribute('normalizedParams'));
+            $scope = $this->getCookieScope($request->getAttribute('normalizedParams') ?? NormalizedParams::createFromRequest($request));
             $sessionId = UserSession::resolveIdentifierFromJwt($cookieValue, $scope);
         } catch (\Exception $exception) {
             $this->logger->debug('Could not resolve session identifier from JWT', ['exception' => $exception]);