diff --git a/Classes/Controller/SsoController.php b/Classes/Controller/SsoController.php index a687a2e..a708ef1 100644 --- a/Classes/Controller/SsoController.php +++ b/Classes/Controller/SsoController.php @@ -70,38 +70,39 @@ class SsoController extends ActionController */ public function authenticateAction() { - $extKey = $_EXTKEY; //'dj_discourse_sso'; + $extKey = 'dj_discourse_sso'; /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ $configurationUtility = $this->objectManager->get(ConfigurationUtility::class); $extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey); - GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); - GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); + // GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); + // GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); // Check mandatory settings. - if (isset($extensionConfiguration['redirect_url']) === false) { + if (is_array($extensionConfiguration['redirect_url']) === false) { $errorText = '
ERROR! ' .'You should not see this message!
' .'Could not find extension configuration for parameter redirect_url! ' .'Please configure the plugin.'; return $errorText; } else { - $redirectUrlRoot = $extensionConfiguration['redirect_url']; + $redirectUrlRoot = $extensionConfiguration['redirect_url']['value']; } - if (isset($extensionConfiguration['shared_key']) === false) { + if (is_array($extensionConfiguration['shared_key']) === false) { $errorText = '
ERROR! ' .'You should not see this message!
' .'Could not find extension configuration for parameter shared_key! ' .'Please configure the plugin.'; return $errorText; } else { - $sharedKey = $extensionConfiguration['shared_key']; + $sharedKey = $extensionConfiguration['shared_key']['value']; } - // Set some defaults. - if (isset($extensionConfiguration['redirect_status']) === true) { - $redirectStatus = $extensionConfiguration['redirect_status']; + // Set redirect status. + $redirectStatus = false; + if (is_array($extensionConfiguration['redirect_status']) === true) { + $redirectStatus = intval($extensionConfiguration['redirect_status']['value']); } if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) { @@ -113,12 +114,13 @@ class SsoController extends ActionController $sig = GeneralUtility::_GP('sig'); $hmac = hash_hmac('sha256', $sso, $sharedKey); if ($this->_hashsAreEqual($hmac, $sig) === false) { - GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac)); + GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac)); header('HTTP/1.1 403 Forbidden'); $this->throwStatus(403, 'Bad SSO request'); } else { // Valid $sso string available, convert it. parse_str(base64_decode($sso), $receivedPayload); + // GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload)); $user = null; if (isset($GLOBALS['TSFE']) === true && isset($GLOBALS['TSFE']->fe_user) === true @@ -127,7 +129,7 @@ class SsoController extends ActionController $user = $GLOBALS['TSFE']->fe_user->user; } - if (isset($user) === true) { + if (is_array($user) === true) { $userId = $user['uid']; $userEmail = $user['email']; $userName = $user['username']; @@ -141,10 +143,10 @@ class SsoController extends ActionController 'name' => $name, ); $payload = base64_encode(http_build_query($parameters)); - $signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']); + $signature = hash_hmac('sha256', $payload, $sharedKey); $query = http_build_query(array('sso' => $payload, 'sig' => $signature)); $redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query; - GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus)); + // GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters)); $this->redirectToUri($redirectUrl, 0, $redirectStatus); } else { // No user logged in. @@ -153,7 +155,7 @@ class SsoController extends ActionController .'You should not see this message!
' .'This plugin should be made available only, if a Frontend User is logged in.
' .'Please change this in the setup of this content element.'; - GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText)); + GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText)); return $errorText; }//end if }//end if diff --git a/ext_emconf.php b/ext_emconf.php index 1dfc195..180a607 100644 --- a/ext_emconf.php +++ b/ext_emconf.php @@ -21,7 +21,7 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser 'uploadfolder' => '0', 'createDirs' => '', 'clearCacheOnLoad' => 0, - 'version' => '0.0.1', + 'version' => '0.1.0', 'constraints' => array( 'depends' => array( 'typo3' => '6.2.0-7.2.99',