Finalized version 0.1.0 -- SSO for a single discourse server.

This commit is contained in:
Dirk Jahnke 2016-10-05 10:19:23 +02:00
parent eb5b75bcc5
commit 0b630fbbf8
2 changed files with 18 additions and 16 deletions

View File

@ -70,38 +70,39 @@ class SsoController extends ActionController
*/ */
public function authenticateAction() public function authenticateAction()
{ {
$extKey = $_EXTKEY; //'dj_discourse_sso'; $extKey = 'dj_discourse_sso';
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class); $configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey); $extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); // GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); // GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
// Check mandatory settings. // Check mandatory settings.
if (isset($extensionConfiguration['redirect_url']) === false) { if (is_array($extensionConfiguration['redirect_url']) === false) {
$errorText = '<div><b>ERROR!</b> ' $errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'Could not find extension configuration for parameter redirect_url! ' .'Could not find extension configuration for parameter redirect_url! '
.'Please configure the plugin.'; .'Please configure the plugin.';
return $errorText; return $errorText;
} else { } else {
$redirectUrlRoot = $extensionConfiguration['redirect_url']; $redirectUrlRoot = $extensionConfiguration['redirect_url']['value'];
} }
if (isset($extensionConfiguration['shared_key']) === false) { if (is_array($extensionConfiguration['shared_key']) === false) {
$errorText = '<div><b>ERROR!</b> ' $errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'Could not find extension configuration for parameter shared_key! ' .'Could not find extension configuration for parameter shared_key! '
.'Please configure the plugin.'; .'Please configure the plugin.';
return $errorText; return $errorText;
} else { } else {
$sharedKey = $extensionConfiguration['shared_key']; $sharedKey = $extensionConfiguration['shared_key']['value'];
} }
// Set some defaults. // Set redirect status.
if (isset($extensionConfiguration['redirect_status']) === true) { $redirectStatus = false;
$redirectStatus = $extensionConfiguration['redirect_status']; if (is_array($extensionConfiguration['redirect_status']) === true) {
$redirectStatus = intval($extensionConfiguration['redirect_status']['value']);
} }
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) { if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
@ -113,12 +114,13 @@ class SsoController extends ActionController
$sig = GeneralUtility::_GP('sig'); $sig = GeneralUtility::_GP('sig');
$hmac = hash_hmac('sha256', $sso, $sharedKey); $hmac = hash_hmac('sha256', $sso, $sharedKey);
if ($this->_hashsAreEqual($hmac, $sig) === false) { if ($this->_hashsAreEqual($hmac, $sig) === false) {
GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac)); GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac));
header('HTTP/1.1 403 Forbidden'); header('HTTP/1.1 403 Forbidden');
$this->throwStatus(403, 'Bad SSO request'); $this->throwStatus(403, 'Bad SSO request');
} else { } else {
// Valid $sso string available, convert it. // Valid $sso string available, convert it.
parse_str(base64_decode($sso), $receivedPayload); parse_str(base64_decode($sso), $receivedPayload);
// GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload));
$user = null; $user = null;
if (isset($GLOBALS['TSFE']) === true if (isset($GLOBALS['TSFE']) === true
&& isset($GLOBALS['TSFE']->fe_user) === true && isset($GLOBALS['TSFE']->fe_user) === true
@ -127,7 +129,7 @@ class SsoController extends ActionController
$user = $GLOBALS['TSFE']->fe_user->user; $user = $GLOBALS['TSFE']->fe_user->user;
} }
if (isset($user) === true) { if (is_array($user) === true) {
$userId = $user['uid']; $userId = $user['uid'];
$userEmail = $user['email']; $userEmail = $user['email'];
$userName = $user['username']; $userName = $user['username'];
@ -141,10 +143,10 @@ class SsoController extends ActionController
'name' => $name, 'name' => $name,
); );
$payload = base64_encode(http_build_query($parameters)); $payload = base64_encode(http_build_query($parameters));
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']); $signature = hash_hmac('sha256', $payload, $sharedKey);
$query = http_build_query(array('sso' => $payload, 'sig' => $signature)); $query = http_build_query(array('sso' => $payload, 'sig' => $signature));
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query; $redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus)); // GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters));
$this->redirectToUri($redirectUrl, 0, $redirectStatus); $this->redirectToUri($redirectUrl, 0, $redirectStatus);
} else { } else {
// No user logged in. // No user logged in.
@ -153,7 +155,7 @@ class SsoController extends ActionController
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'This plugin should be made available only, if a Frontend User is logged in.<br />' .'This plugin should be made available only, if a Frontend User is logged in.<br />'
.'Please change this in the setup of this content element.'; .'Please change this in the setup of this content element.';
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText)); GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText));
return $errorText; return $errorText;
}//end if }//end if
}//end if }//end if

View File

@ -21,7 +21,7 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser
'uploadfolder' => '0', 'uploadfolder' => '0',
'createDirs' => '', 'createDirs' => '',
'clearCacheOnLoad' => 0, 'clearCacheOnLoad' => 0,
'version' => '0.0.1', 'version' => '0.1.0',
'constraints' => array( 'constraints' => array(
'depends' => array( 'depends' => array(
'typo3' => '6.2.0-7.2.99', 'typo3' => '6.2.0-7.2.99',