diff --git a/Classes/Controller/SsoController.php b/Classes/Controller/SsoController.php index c46dae0..8adc214 100644 --- a/Classes/Controller/SsoController.php +++ b/Classes/Controller/SsoController.php @@ -35,6 +35,13 @@ use \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility; class SsoController extends ActionController { + /** + * Configuration Utility (see definitions in ext_conf_template.txt). + * + * @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility + * @inject + */ + public $configurationUtility; /** * Compare if signed data matches given signature. @@ -70,10 +77,12 @@ class SsoController extends ActionController */ public function authenticateAction() { - /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ - $configurationUtility = $this->objectManager->get(\TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility::class); - $extensionConfiguration = $configurationUtility->getCurrentConfiguration('tx_dj_discourse_sso'); + $extKey = 'dj_discourse_sso'; + /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ + $extensionConfiguration = $this->configurationUtility->getCurrentConfiguration($extKey); + + GeneralUtility::devLog('authenticateAction', $extKey, 0, array('config' => $extensionConfiguration)); // Check mandatory settings. if (isset($extensionConfiguration['redirect_url']) === false) { $errorText = '
ERROR! ' @@ -105,8 +114,11 @@ class SsoController extends ActionController $redirectStatus = 303; } - $hmac = hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']); + $sso = urldecode(GeneralUtility::_GP('sso')); + $sig = GeneralUtility::_GP('sig'); + $hmac = hash_hmac('sha256', $sso, $sharedKey); if ($this->_hashsAreEqual($hmac, $sig) === false) { + GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac)); header('HTTP/1.1 403 Forbidden'); $this->throwStatus(403, 'Bad SSO request'); } else { @@ -121,8 +133,6 @@ class SsoController extends ActionController } if (isset($user) === true) { - $sso = urldecode(GeneralUtility::_GP('sso')); - $sig = GeneralUtility::_GP('sig'); $userId = $user['uid']; $userEmail = $user['email']; $userName = $user['username']; @@ -139,6 +149,7 @@ class SsoController extends ActionController $signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']); $query = http_build_query(array('sso' => $payload, 'sig' => $signature)); $redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query; + GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus)); $this->redirectToUri($redirectUrl, 0, $redirectStatus); } else { // No user logged in. @@ -147,6 +158,7 @@ class SsoController extends ActionController .'You should not see this message!
' .'This plugin should be made available only, if a Frontend User is logged in.
' .'Please change this in the setup of this content element.'; + GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText)); return $errorText; }//end if }//end if