fremo
/
dj_discourse_sso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

First version, ready for tests.

This commit is contained in:
Dirk Jahnke 2016-10-04 16:25:18 +02:00
parent 4734856dfc
commit 1d922de146
6 changed files with 223 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
.gitignore vendored Normal file
View File

@ -0,0 +1,89 @@
# Created by .ignore support plugin (hsz.mobi)
### OSX template
*.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### Vagrant template
.vagrant/
### Vim template
# swap
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
# session
Session.vim
# temporary
.netrwhist
*~
# auto-generated tag files
tags
### LibreOffice template
# LibreOffice locks
.~lock.*#
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff:
.idea/workspace.xml
.idea/tasks.xml
.idea/dictionaries
.idea/vcs.xml
.idea/jsLibraryMappings.xml
# Sensitive or high-churn files:
.idea/dataSources.ids
.idea/dataSources.xml
.idea/dataSources.local.xml
.idea/sqlDataSources.xml
.idea/dynamic.xml
.idea/uiDesigner.xml
# Gradle:
.idea/gradle.xml
.idea/libraries
# Mongo Explorer plugin:
.idea/mongoSettings.xml
## File-based project format:
*.iws
## Plugin-specific files:
# IntelliJ
/out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties

168
Classes/Controller/SsoController.php
View File

@ -26,70 +26,132 @@ namespace Jahnke\DiscourseSso\Controller;
***************************************************************/ ***************************************************************/
use TYPO3\CMS\Core\Utility\GeneralUtility; use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
use \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility;
/** /**
* Controller for the Member object * Controller for the Member object
*
* @version $Id$
* @copyright Copyright belongs to the respective authors
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
*/ */
class SsoController extends \TYPO3\CMS\Scheduler\Task\AbstractTask class SsoController extends ActionController
{ {
private function hashs_are_equal($data, $sig) {
if (!$data || !$sig || !is_string($data) || !is_string($sig))
return false;
if (strlen($data) != strlen($sig))
return false;
if (strcmp($data, $sig) === 0)
return true;
return false;
}
/** /**
* Compare if signed data matches given signature.
*
* @param string $data Signed data to be compared with.
* @param string $sig Signature to be compared with.
*
* @return boolean
*/ */
public function authenticateAction() { private function _hashsAreEqual($data, $sig)
$user = NULL; {
if (isset($GLOBALS['TSFE']) && isset($GLOBALS['TSFE']->fe_user) && isset($GLOBALS['TSFE']->fe_user->user)) { if ($data === null || $sig === null || is_string($data) === false || is_string($sig) === false) {
$user = $GLOBALS['TSFE']->fe_user->user; return false;
} }
if (isset($user)) {
$sso = urldecode(GeneralUtility::_GP('sso'));
$sig = GeneralUtility::_GP('sig');
$userId = $user['uid']; if (strlen($data) !== strlen($sig)) {
$userEmail = $user['email']; return false;
$userName = $user['username']; }
$name = $user['name'];
if (!$this->hashs_are_equal(hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']), $sig)) { if (strcmp($data, $sig) === 0) {
header("HTTP/1.1 403 Forbidden"); return true;
$this->throwStatus(403, "Bad SSO request"); }
} else {
// valid $sso string available, convert it return false;
parse_str(base64_decode($sso), $receivedPayload);
$nonce = $receivedPayload['nonce']; }//end _hashsAreEqual()
$parameters = array(
'nonce' => $nonce,
'external_id' => $userId, /**
'email' => $userEmail, * Authenticate action.
'username' => $userName, *
'name' => $name * @return string
); */
$payload = base64_encode(http_build_query($parameters)); public function authenticateAction()
$query = http_build_query(array('sso' => $payload, 'sig' => hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']))); {
$statusCode = $this->settings['discourse_sso_redirect_statuscode']; /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
if (!$statusCode || ($statusCode < 300 || $statusCode > 308)) { $configurationUtility = $this->objectManager->get(\TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility::class);
// set default: $extensionConfiguration = $configurationUtility->getCurrentConfiguration('tx_dj_discourse_sso');
$statusCode = 303;
} // Check mandatory settings.
$this->redirectToUri($this->settings['discourse_sso_redirect'] . '/session/sso_login?' . $query, 0, 302); if (isset($extensionConfiguration['redirect_url']) === false) {
} $errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />'
.'Could not find typoscript setting plugins.tx_dj_discourse_sso.redirect_url! '
.'Please configure the plugin.';
return $errorText;
} else { } else {
// no user logged in $redirectUrlRoot = $extensionConfiguration['redirect_url'];
// wrong setup! This plugin should be enabled only, if a user login exists
return "<div><b>ERROR!</b> You should not see this message! This plugin should be made available only, if a Frontend User is logged in! Please change this in the setup of this content element.";
} }
}
if (isset($extensionConfiguration['shared_key']) === false) {
$errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />'
.'Could not find typoscript setting plugins.tx_dj_discourse_sso.shared_key! '
.'Please configure the plugin.';
return $errorText;
} else {
$sharedKey = $extensionConfiguration['shared_key'];
}
// Set some defaults.
if (isset($extensionConfiguration['redirect_status']) === true) {
$redirectStatus = $extensionConfiguration['redirect_status'];
}
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
// Set default.
$redirectStatus = 303;
}
$hmac = hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']);
if ($this->_hashsAreEqual($hmac, $sig) === false) {
header('HTTP/1.1 403 Forbidden');
$this->throwStatus(403, 'Bad SSO request');
} else {
// Valid $sso string available, convert it.
parse_str(base64_decode($sso), $receivedPayload);
$user = null;
if (isset($GLOBALS['TSFE']) === true
&& isset($GLOBALS['TSFE']->fe_user) === true
&& isset($GLOBALS['TSFE']->fe_user->user) === true
) {
$user = $GLOBALS['TSFE']->fe_user->user;
}
if (isset($user) === true) {
$sso = urldecode(GeneralUtility::_GP('sso'));
$sig = GeneralUtility::_GP('sig');
$userId = $user['uid'];
$userEmail = $user['email'];
$userName = $user['username'];
$name = $user['name'];
$nonce = $receivedPayload['nonce'];
$parameters = array(
'nonce' => $nonce,
'external_id' => $userId,
'email' => $userEmail,
'username' => $userName,
'name' => $name,
);
$payload = base64_encode(http_build_query($parameters));
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']);
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
} else {
// No user logged in.
// Wrong setup! This plugin should be enabled only, if a user login exists.
$errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />'
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
.'Please change this in the setup of this content element.';
return $errorText;
}//end if
}//end if
}//end authenticateAction()
} }
?>

8
Configuration/TypoScript/setup.txt
View File

@ -1,8 +0,0 @@
plugin.tx_discoursesso {
settings {
# Discourse SSO
# discourse_sso_shared_key = MyFavKey
# discourse_sso_redirect = https://my.discourse.site
# discourse_sso_redirect = 302
}
}

8
ext_conf_template.txt Normal file
View File

@ -0,0 +1,8 @@
# cat=basic/links; type=string; label=Redirect URL:URL to the discourse instance e.g. https://my.discourse.net
redirect_url =
# cat=basic/enable; type=string; label=Shared Key:The shared key as entered in the discourse configuration
shared_key =
# cat=basic/enable; type=int [300-399]; label=Http Status:The SSO status to be sent back on successful authentication. Typically do not change this value.
redirect_status = 303

20
ext_localconf.php
View File

@ -1,19 +1,13 @@
<?php <?php
if (!defined ('TYPO3_MODE')) { if (defined('TYPO3_MODE') === false) {
die ('Access denied.'); die('Access denied.');
} }
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin( \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
'Jahnke.' . $_EXTKEY, 'Jahnke.'.$_EXTKEY,
'Sso', 'Sso',
array( array('Sso' => 'authenticate'),
'Sso' => 'authenticate', array('Sso' => 'authenticate'),
), \TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN
array(
'Sso' => 'authenticate',
),
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN
); );
?>

11
ext_tables.php
View File

@ -1,11 +1,8 @@
<?php <?php
if (!defined ('TYPO3_MODE')) die ('Access denied.'); if (defined('TYPO3_MODE') === false) {
die('Access denied.');
}
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerPlugin( \TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerPlugin('Jahnke.'.$_EXTKEY, 'Sso', 'Discourse SSO Authentication');
'Jahnke.' . $_EXTKEY,
'Sso',
'Discourse SSO Authentication'
);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile($_EXTKEY, 'Configuration/TypoScript', 'Discourse SSO'); \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile($_EXTKEY, 'Configuration/TypoScript', 'Discourse SSO');
?>