Finalized version 0.1.0 -- SSO for a single discourse server.
This commit is contained in:
@@ -70,38 +70,39 @@ class SsoController extends ActionController
|
||||
*/
|
||||
public function authenticateAction()
|
||||
{
|
||||
$extKey = $_EXTKEY; //'dj_discourse_sso';
|
||||
$extKey = 'dj_discourse_sso';
|
||||
|
||||
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
|
||||
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
|
||||
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
|
||||
|
||||
GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
|
||||
GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
|
||||
// GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
|
||||
// GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
|
||||
// Check mandatory settings.
|
||||
if (isset($extensionConfiguration['redirect_url']) === false) {
|
||||
if (is_array($extensionConfiguration['redirect_url']) === false) {
|
||||
$errorText = '<div><b>ERROR!</b> '
|
||||
.'You should not see this message!<br />'
|
||||
.'Could not find extension configuration for parameter redirect_url! '
|
||||
.'Please configure the plugin.';
|
||||
return $errorText;
|
||||
} else {
|
||||
$redirectUrlRoot = $extensionConfiguration['redirect_url'];
|
||||
$redirectUrlRoot = $extensionConfiguration['redirect_url']['value'];
|
||||
}
|
||||
|
||||
if (isset($extensionConfiguration['shared_key']) === false) {
|
||||
if (is_array($extensionConfiguration['shared_key']) === false) {
|
||||
$errorText = '<div><b>ERROR!</b> '
|
||||
.'You should not see this message!<br />'
|
||||
.'Could not find extension configuration for parameter shared_key! '
|
||||
.'Please configure the plugin.';
|
||||
return $errorText;
|
||||
} else {
|
||||
$sharedKey = $extensionConfiguration['shared_key'];
|
||||
$sharedKey = $extensionConfiguration['shared_key']['value'];
|
||||
}
|
||||
|
||||
// Set some defaults.
|
||||
if (isset($extensionConfiguration['redirect_status']) === true) {
|
||||
$redirectStatus = $extensionConfiguration['redirect_status'];
|
||||
// Set redirect status.
|
||||
$redirectStatus = false;
|
||||
if (is_array($extensionConfiguration['redirect_status']) === true) {
|
||||
$redirectStatus = intval($extensionConfiguration['redirect_status']['value']);
|
||||
}
|
||||
|
||||
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
|
||||
@@ -113,12 +114,13 @@ class SsoController extends ActionController
|
||||
$sig = GeneralUtility::_GP('sig');
|
||||
$hmac = hash_hmac('sha256', $sso, $sharedKey);
|
||||
if ($this->_hashsAreEqual($hmac, $sig) === false) {
|
||||
GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac));
|
||||
GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac));
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
$this->throwStatus(403, 'Bad SSO request');
|
||||
} else {
|
||||
// Valid $sso string available, convert it.
|
||||
parse_str(base64_decode($sso), $receivedPayload);
|
||||
// GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload));
|
||||
$user = null;
|
||||
if (isset($GLOBALS['TSFE']) === true
|
||||
&& isset($GLOBALS['TSFE']->fe_user) === true
|
||||
@@ -127,7 +129,7 @@ class SsoController extends ActionController
|
||||
$user = $GLOBALS['TSFE']->fe_user->user;
|
||||
}
|
||||
|
||||
if (isset($user) === true) {
|
||||
if (is_array($user) === true) {
|
||||
$userId = $user['uid'];
|
||||
$userEmail = $user['email'];
|
||||
$userName = $user['username'];
|
||||
@@ -141,10 +143,10 @@ class SsoController extends ActionController
|
||||
'name' => $name,
|
||||
);
|
||||
$payload = base64_encode(http_build_query($parameters));
|
||||
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']);
|
||||
$signature = hash_hmac('sha256', $payload, $sharedKey);
|
||||
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
|
||||
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
|
||||
GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus));
|
||||
// GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters));
|
||||
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
|
||||
} else {
|
||||
// No user logged in.
|
||||
@@ -153,7 +155,7 @@ class SsoController extends ActionController
|
||||
.'You should not see this message!<br />'
|
||||
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
|
||||
.'Please change this in the setup of this content element.';
|
||||
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText));
|
||||
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText));
|
||||
return $errorText;
|
||||
}//end if
|
||||
}//end if
|
||||
|
||||
@@ -21,7 +21,7 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser
|
||||
'uploadfolder' => '0',
|
||||
'createDirs' => '',
|
||||
'clearCacheOnLoad' => 0,
|
||||
'version' => '0.0.1',
|
||||
'version' => '0.1.0',
|
||||
'constraints' => array(
|
||||
'depends' => array(
|
||||
'typo3' => '6.2.0-7.2.99',
|
||||
|
||||
Reference in New Issue
Block a user