From 310467b07fbf659bbe220a2b5411c8fccc538f57 Mon Sep 17 00:00:00 2001 From: Dirk Jahnke Date: Wed, 5 Oct 2016 10:19:23 +0200 Subject: [PATCH] Finalized version 0.1.0 -- SSO for a single discourse server. --- Classes/Controller/SsoController.php | 32 +++++++++++----------- ext_emconf.php | 40 ++++++++++++---------------- 2 files changed, 34 insertions(+), 38 deletions(-) diff --git a/Classes/Controller/SsoController.php b/Classes/Controller/SsoController.php index a687a2e..a708ef1 100644 --- a/Classes/Controller/SsoController.php +++ b/Classes/Controller/SsoController.php @@ -70,38 +70,39 @@ class SsoController extends ActionController */ public function authenticateAction() { - $extKey = $_EXTKEY; //'dj_discourse_sso'; + $extKey = 'dj_discourse_sso'; /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ $configurationUtility = $this->objectManager->get(ConfigurationUtility::class); $extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey); - GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); - GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); + // GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); + // GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); // Check mandatory settings. - if (isset($extensionConfiguration['redirect_url']) === false) { + if (is_array($extensionConfiguration['redirect_url']) === false) { $errorText = '
ERROR! ' .'You should not see this message!
' .'Could not find extension configuration for parameter redirect_url! ' .'Please configure the plugin.'; return $errorText; } else { - $redirectUrlRoot = $extensionConfiguration['redirect_url']; + $redirectUrlRoot = $extensionConfiguration['redirect_url']['value']; } - if (isset($extensionConfiguration['shared_key']) === false) { + if (is_array($extensionConfiguration['shared_key']) === false) { $errorText = '
ERROR! ' .'You should not see this message!
' .'Could not find extension configuration for parameter shared_key! ' .'Please configure the plugin.'; return $errorText; } else { - $sharedKey = $extensionConfiguration['shared_key']; + $sharedKey = $extensionConfiguration['shared_key']['value']; } - // Set some defaults. - if (isset($extensionConfiguration['redirect_status']) === true) { - $redirectStatus = $extensionConfiguration['redirect_status']; + // Set redirect status. + $redirectStatus = false; + if (is_array($extensionConfiguration['redirect_status']) === true) { + $redirectStatus = intval($extensionConfiguration['redirect_status']['value']); } if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) { @@ -113,12 +114,13 @@ class SsoController extends ActionController $sig = GeneralUtility::_GP('sig'); $hmac = hash_hmac('sha256', $sso, $sharedKey); if ($this->_hashsAreEqual($hmac, $sig) === false) { - GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac)); + GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac)); header('HTTP/1.1 403 Forbidden'); $this->throwStatus(403, 'Bad SSO request'); } else { // Valid $sso string available, convert it. parse_str(base64_decode($sso), $receivedPayload); + // GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload)); $user = null; if (isset($GLOBALS['TSFE']) === true && isset($GLOBALS['TSFE']->fe_user) === true @@ -127,7 +129,7 @@ class SsoController extends ActionController $user = $GLOBALS['TSFE']->fe_user->user; } - if (isset($user) === true) { + if (is_array($user) === true) { $userId = $user['uid']; $userEmail = $user['email']; $userName = $user['username']; @@ -141,10 +143,10 @@ class SsoController extends ActionController 'name' => $name, ); $payload = base64_encode(http_build_query($parameters)); - $signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']); + $signature = hash_hmac('sha256', $payload, $sharedKey); $query = http_build_query(array('sso' => $payload, 'sig' => $signature)); $redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query; - GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus)); + // GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters)); $this->redirectToUri($redirectUrl, 0, $redirectStatus); } else { // No user logged in. @@ -153,7 +155,7 @@ class SsoController extends ActionController .'You should not see this message!
' .'This plugin should be made available only, if a Frontend User is logged in.
' .'Please change this in the setup of this content element.'; - GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText)); + GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText)); return $errorText; }//end if }//end if diff --git a/ext_emconf.php b/ext_emconf.php index 1dfc195..a5bb549 100644 --- a/ext_emconf.php +++ b/ext_emconf.php @@ -10,26 +10,20 @@ ***************************************************************/ $EM_CONF[$_EXTKEY] = array( - 'title' => 'Discourse SSO', - 'description' => 'This is an SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s n -ame, login and email address is passed to discourse, allowing easy setup o fusers.', - 'category' => 'plugin', - 'author' => 'Dirk Jahnke', - 'author_email' => 'dirk.jahnke@mailbox.org', - 'state' => 'experimental', - 'internal' => '', - 'uploadfolder' => '0', - 'createDirs' => '', - 'clearCacheOnLoad' => 0, - 'version' => '0.0.1', - 'constraints' => array( - 'depends' => array( - 'typo3' => '6.2.0-7.2.99', - ), - 'conflicts' => array( - ), - 'suggests' => array( - ), - ), -); -?> + 'title' => 'Discourse SSO', + 'description' => 'This is a SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s name, login and email address is passed to discourse, allowing easy setup of users.', + 'category' => 'plugin', + 'author' => 'Dirk Jahnke', + 'author_email' => 'dirk.jahnke@mailbox.org', + 'state' => 'experimental', + 'internal' => '', + 'uploadfolder' => '0', + 'createDirs' => '', + 'clearCacheOnLoad' => 0, + 'version' => '0.1.0', + 'constraints' => array( + 'depends' => array('typo3' => '6.2.0-7.2.99'), + 'conflicts' => array(), + 'suggests' => array(), + ), + );