First version, ready for tests.
This commit is contained in:
parent
4734856dfc
commit
1d922de146
|
@ -0,0 +1,89 @@
|
||||||
|
# Created by .ignore support plugin (hsz.mobi)
|
||||||
|
### OSX template
|
||||||
|
*.DS_Store
|
||||||
|
.AppleDouble
|
||||||
|
.LSOverride
|
||||||
|
|
||||||
|
# Icon must end with two \r
|
||||||
|
Icon
|
||||||
|
|
||||||
|
# Thumbnails
|
||||||
|
._*
|
||||||
|
|
||||||
|
# Files that might appear in the root of a volume
|
||||||
|
.DocumentRevisions-V100
|
||||||
|
.fseventsd
|
||||||
|
.Spotlight-V100
|
||||||
|
.TemporaryItems
|
||||||
|
.Trashes
|
||||||
|
.VolumeIcon.icns
|
||||||
|
.com.apple.timemachine.donotpresent
|
||||||
|
|
||||||
|
# Directories potentially created on remote AFP share
|
||||||
|
.AppleDB
|
||||||
|
.AppleDesktop
|
||||||
|
Network Trash Folder
|
||||||
|
Temporary Items
|
||||||
|
.apdisk
|
||||||
|
### Vagrant template
|
||||||
|
.vagrant/
|
||||||
|
### Vim template
|
||||||
|
# swap
|
||||||
|
[._]*.s[a-w][a-z]
|
||||||
|
[._]s[a-w][a-z]
|
||||||
|
# session
|
||||||
|
Session.vim
|
||||||
|
# temporary
|
||||||
|
.netrwhist
|
||||||
|
*~
|
||||||
|
# auto-generated tag files
|
||||||
|
tags
|
||||||
|
### LibreOffice template
|
||||||
|
# LibreOffice locks
|
||||||
|
.~lock.*#
|
||||||
|
### JetBrains template
|
||||||
|
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
|
||||||
|
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
|
||||||
|
|
||||||
|
# User-specific stuff:
|
||||||
|
.idea/workspace.xml
|
||||||
|
.idea/tasks.xml
|
||||||
|
.idea/dictionaries
|
||||||
|
.idea/vcs.xml
|
||||||
|
.idea/jsLibraryMappings.xml
|
||||||
|
|
||||||
|
# Sensitive or high-churn files:
|
||||||
|
.idea/dataSources.ids
|
||||||
|
.idea/dataSources.xml
|
||||||
|
.idea/dataSources.local.xml
|
||||||
|
.idea/sqlDataSources.xml
|
||||||
|
.idea/dynamic.xml
|
||||||
|
.idea/uiDesigner.xml
|
||||||
|
|
||||||
|
# Gradle:
|
||||||
|
.idea/gradle.xml
|
||||||
|
.idea/libraries
|
||||||
|
|
||||||
|
# Mongo Explorer plugin:
|
||||||
|
.idea/mongoSettings.xml
|
||||||
|
|
||||||
|
## File-based project format:
|
||||||
|
*.iws
|
||||||
|
|
||||||
|
## Plugin-specific files:
|
||||||
|
|
||||||
|
# IntelliJ
|
||||||
|
/out/
|
||||||
|
|
||||||
|
# mpeltonen/sbt-idea plugin
|
||||||
|
.idea_modules/
|
||||||
|
|
||||||
|
# JIRA plugin
|
||||||
|
atlassian-ide-plugin.xml
|
||||||
|
|
||||||
|
# Crashlytics plugin (for Android Studio and IntelliJ)
|
||||||
|
com_crashlytics_export_strings.xml
|
||||||
|
crashlytics.properties
|
||||||
|
crashlytics-build.properties
|
||||||
|
fabric.properties
|
||||||
|
|
|
@ -26,70 +26,132 @@ namespace Jahnke\DiscourseSso\Controller;
|
||||||
***************************************************************/
|
***************************************************************/
|
||||||
|
|
||||||
use TYPO3\CMS\Core\Utility\GeneralUtility;
|
use TYPO3\CMS\Core\Utility\GeneralUtility;
|
||||||
|
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
|
||||||
|
use \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Controller for the Member object
|
* Controller for the Member object
|
||||||
*
|
|
||||||
* @version $Id$
|
|
||||||
* @copyright Copyright belongs to the respective authors
|
|
||||||
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
|
|
||||||
*/
|
*/
|
||||||
class SsoController extends \TYPO3\CMS\Scheduler\Task\AbstractTask
|
class SsoController extends ActionController
|
||||||
{
|
{
|
||||||
private function hashs_are_equal($data, $sig) {
|
|
||||||
if (!$data || !$sig || !is_string($data) || !is_string($sig))
|
|
||||||
return false;
|
|
||||||
if (strlen($data) != strlen($sig))
|
|
||||||
return false;
|
|
||||||
if (strcmp($data, $sig) === 0)
|
|
||||||
return true;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Compare if signed data matches given signature.
|
||||||
|
*
|
||||||
|
* @param string $data Signed data to be compared with.
|
||||||
|
* @param string $sig Signature to be compared with.
|
||||||
|
*
|
||||||
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function authenticateAction() {
|
private function _hashsAreEqual($data, $sig)
|
||||||
$user = NULL;
|
{
|
||||||
if (isset($GLOBALS['TSFE']) && isset($GLOBALS['TSFE']->fe_user) && isset($GLOBALS['TSFE']->fe_user->user)) {
|
if ($data === null || $sig === null || is_string($data) === false || is_string($sig) === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strlen($data) !== strlen($sig)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strcmp($data, $sig) === 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}//end _hashsAreEqual()
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Authenticate action.
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function authenticateAction()
|
||||||
|
{
|
||||||
|
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
|
||||||
|
$configurationUtility = $this->objectManager->get(\TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility::class);
|
||||||
|
$extensionConfiguration = $configurationUtility->getCurrentConfiguration('tx_dj_discourse_sso');
|
||||||
|
|
||||||
|
// Check mandatory settings.
|
||||||
|
if (isset($extensionConfiguration['redirect_url']) === false) {
|
||||||
|
$errorText = '<div><b>ERROR!</b> '
|
||||||
|
.'You should not see this message!<br />'
|
||||||
|
.'Could not find typoscript setting plugins.tx_dj_discourse_sso.redirect_url! '
|
||||||
|
.'Please configure the plugin.';
|
||||||
|
return $errorText;
|
||||||
|
} else {
|
||||||
|
$redirectUrlRoot = $extensionConfiguration['redirect_url'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($extensionConfiguration['shared_key']) === false) {
|
||||||
|
$errorText = '<div><b>ERROR!</b> '
|
||||||
|
.'You should not see this message!<br />'
|
||||||
|
.'Could not find typoscript setting plugins.tx_dj_discourse_sso.shared_key! '
|
||||||
|
.'Please configure the plugin.';
|
||||||
|
return $errorText;
|
||||||
|
} else {
|
||||||
|
$sharedKey = $extensionConfiguration['shared_key'];
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set some defaults.
|
||||||
|
if (isset($extensionConfiguration['redirect_status']) === true) {
|
||||||
|
$redirectStatus = $extensionConfiguration['redirect_status'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
|
||||||
|
// Set default.
|
||||||
|
$redirectStatus = 303;
|
||||||
|
}
|
||||||
|
|
||||||
|
$hmac = hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']);
|
||||||
|
if ($this->_hashsAreEqual($hmac, $sig) === false) {
|
||||||
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
$this->throwStatus(403, 'Bad SSO request');
|
||||||
|
} else {
|
||||||
|
// Valid $sso string available, convert it.
|
||||||
|
parse_str(base64_decode($sso), $receivedPayload);
|
||||||
|
$user = null;
|
||||||
|
if (isset($GLOBALS['TSFE']) === true
|
||||||
|
&& isset($GLOBALS['TSFE']->fe_user) === true
|
||||||
|
&& isset($GLOBALS['TSFE']->fe_user->user) === true
|
||||||
|
) {
|
||||||
$user = $GLOBALS['TSFE']->fe_user->user;
|
$user = $GLOBALS['TSFE']->fe_user->user;
|
||||||
}
|
}
|
||||||
if (isset($user)) {
|
|
||||||
|
if (isset($user) === true) {
|
||||||
$sso = urldecode(GeneralUtility::_GP('sso'));
|
$sso = urldecode(GeneralUtility::_GP('sso'));
|
||||||
$sig = GeneralUtility::_GP('sig');
|
$sig = GeneralUtility::_GP('sig');
|
||||||
|
|
||||||
$userId = $user['uid'];
|
$userId = $user['uid'];
|
||||||
$userEmail = $user['email'];
|
$userEmail = $user['email'];
|
||||||
$userName = $user['username'];
|
$userName = $user['username'];
|
||||||
$name = $user['name'];
|
$name = $user['name'];
|
||||||
|
|
||||||
if (!$this->hashs_are_equal(hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']), $sig)) {
|
|
||||||
header("HTTP/1.1 403 Forbidden");
|
|
||||||
$this->throwStatus(403, "Bad SSO request");
|
|
||||||
} else {
|
|
||||||
// valid $sso string available, convert it
|
|
||||||
parse_str(base64_decode($sso), $receivedPayload);
|
|
||||||
$nonce = $receivedPayload['nonce'];
|
$nonce = $receivedPayload['nonce'];
|
||||||
$parameters = array(
|
$parameters = array(
|
||||||
'nonce' => $nonce,
|
'nonce' => $nonce,
|
||||||
'external_id' => $userId,
|
'external_id' => $userId,
|
||||||
'email' => $userEmail,
|
'email' => $userEmail,
|
||||||
'username' => $userName,
|
'username' => $userName,
|
||||||
'name' => $name
|
'name' => $name,
|
||||||
);
|
);
|
||||||
$payload = base64_encode(http_build_query($parameters));
|
$payload = base64_encode(http_build_query($parameters));
|
||||||
$query = http_build_query(array('sso' => $payload, 'sig' => hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key'])));
|
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']);
|
||||||
$statusCode = $this->settings['discourse_sso_redirect_statuscode'];
|
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
|
||||||
if (!$statusCode || ($statusCode < 300 || $statusCode > 308)) {
|
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
|
||||||
// set default:
|
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
|
||||||
$statusCode = 303;
|
|
||||||
}
|
|
||||||
$this->redirectToUri($this->settings['discourse_sso_redirect'] . '/session/sso_login?' . $query, 0, 302);
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
// no user logged in
|
// No user logged in.
|
||||||
// wrong setup! This plugin should be enabled only, if a user login exists
|
// Wrong setup! This plugin should be enabled only, if a user login exists.
|
||||||
return "<div><b>ERROR!</b> You should not see this message! This plugin should be made available only, if a Frontend User is logged in! Please change this in the setup of this content element.";
|
$errorText = '<div><b>ERROR!</b> '
|
||||||
}
|
.'You should not see this message!<br />'
|
||||||
}
|
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
|
||||||
|
.'Please change this in the setup of this content element.';
|
||||||
|
return $errorText;
|
||||||
|
}//end if
|
||||||
|
}//end if
|
||||||
|
|
||||||
|
}//end authenticateAction()
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
?>
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
plugin.tx_discoursesso {
|
|
||||||
settings {
|
|
||||||
# Discourse SSO
|
|
||||||
# discourse_sso_shared_key = MyFavKey
|
|
||||||
# discourse_sso_redirect = https://my.discourse.site
|
|
||||||
# discourse_sso_redirect = 302
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# cat=basic/links; type=string; label=Redirect URL:URL to the discourse instance e.g. https://my.discourse.net
|
||||||
|
redirect_url =
|
||||||
|
|
||||||
|
# cat=basic/enable; type=string; label=Shared Key:The shared key as entered in the discourse configuration
|
||||||
|
shared_key =
|
||||||
|
|
||||||
|
# cat=basic/enable; type=int [300-399]; label=Http Status:The SSO status to be sent back on successful authentication. Typically do not change this value.
|
||||||
|
redirect_status = 303
|
|
@ -1,19 +1,13 @@
|
||||||
<?php
|
<?php
|
||||||
if (!defined ('TYPO3_MODE')) {
|
if (defined('TYPO3_MODE') === false) {
|
||||||
die ('Access denied.');
|
die('Access denied.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
|
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
|
||||||
'Jahnke.' . $_EXTKEY,
|
'Jahnke.'.$_EXTKEY,
|
||||||
'Sso',
|
'Sso',
|
||||||
array(
|
array('Sso' => 'authenticate'),
|
||||||
'Sso' => 'authenticate',
|
array('Sso' => 'authenticate'),
|
||||||
),
|
|
||||||
array(
|
|
||||||
'Sso' => 'authenticate',
|
|
||||||
),
|
|
||||||
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN
|
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN
|
||||||
);
|
);
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
|
@ -1,11 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
if (!defined ('TYPO3_MODE')) die ('Access denied.');
|
if (defined('TYPO3_MODE') === false) {
|
||||||
|
die('Access denied.');
|
||||||
|
}
|
||||||
|
|
||||||
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerPlugin(
|
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerPlugin('Jahnke.'.$_EXTKEY, 'Sso', 'Discourse SSO Authentication');
|
||||||
'Jahnke.' . $_EXTKEY,
|
|
||||||
'Sso',
|
|
||||||
'Discourse SSO Authentication'
|
|
||||||
);
|
|
||||||
|
|
||||||
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile($_EXTKEY, 'Configuration/TypoScript', 'Discourse SSO');
|
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile($_EXTKEY, 'Configuration/TypoScript', 'Discourse SSO');
|
||||||
?>
|
|
||||||
|
|
Loading…
Reference in New Issue