Finalized version 0.1.0 -- SSO for a single discourse server.
This commit is contained in:
parent
eb5b75bcc5
commit
310467b07f
|
@ -70,38 +70,39 @@ class SsoController extends ActionController
|
||||||
*/
|
*/
|
||||||
public function authenticateAction()
|
public function authenticateAction()
|
||||||
{
|
{
|
||||||
$extKey = $_EXTKEY; //'dj_discourse_sso';
|
$extKey = 'dj_discourse_sso';
|
||||||
|
|
||||||
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
|
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
|
||||||
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
|
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
|
||||||
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
|
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
|
||||||
|
|
||||||
GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
|
// GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
|
||||||
GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
|
// GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
|
||||||
// Check mandatory settings.
|
// Check mandatory settings.
|
||||||
if (isset($extensionConfiguration['redirect_url']) === false) {
|
if (is_array($extensionConfiguration['redirect_url']) === false) {
|
||||||
$errorText = '<div><b>ERROR!</b> '
|
$errorText = '<div><b>ERROR!</b> '
|
||||||
.'You should not see this message!<br />'
|
.'You should not see this message!<br />'
|
||||||
.'Could not find extension configuration for parameter redirect_url! '
|
.'Could not find extension configuration for parameter redirect_url! '
|
||||||
.'Please configure the plugin.';
|
.'Please configure the plugin.';
|
||||||
return $errorText;
|
return $errorText;
|
||||||
} else {
|
} else {
|
||||||
$redirectUrlRoot = $extensionConfiguration['redirect_url'];
|
$redirectUrlRoot = $extensionConfiguration['redirect_url']['value'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($extensionConfiguration['shared_key']) === false) {
|
if (is_array($extensionConfiguration['shared_key']) === false) {
|
||||||
$errorText = '<div><b>ERROR!</b> '
|
$errorText = '<div><b>ERROR!</b> '
|
||||||
.'You should not see this message!<br />'
|
.'You should not see this message!<br />'
|
||||||
.'Could not find extension configuration for parameter shared_key! '
|
.'Could not find extension configuration for parameter shared_key! '
|
||||||
.'Please configure the plugin.';
|
.'Please configure the plugin.';
|
||||||
return $errorText;
|
return $errorText;
|
||||||
} else {
|
} else {
|
||||||
$sharedKey = $extensionConfiguration['shared_key'];
|
$sharedKey = $extensionConfiguration['shared_key']['value'];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set some defaults.
|
// Set redirect status.
|
||||||
if (isset($extensionConfiguration['redirect_status']) === true) {
|
$redirectStatus = false;
|
||||||
$redirectStatus = $extensionConfiguration['redirect_status'];
|
if (is_array($extensionConfiguration['redirect_status']) === true) {
|
||||||
|
$redirectStatus = intval($extensionConfiguration['redirect_status']['value']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
|
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
|
||||||
|
@ -113,12 +114,13 @@ class SsoController extends ActionController
|
||||||
$sig = GeneralUtility::_GP('sig');
|
$sig = GeneralUtility::_GP('sig');
|
||||||
$hmac = hash_hmac('sha256', $sso, $sharedKey);
|
$hmac = hash_hmac('sha256', $sso, $sharedKey);
|
||||||
if ($this->_hashsAreEqual($hmac, $sig) === false) {
|
if ($this->_hashsAreEqual($hmac, $sig) === false) {
|
||||||
GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac));
|
GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac));
|
||||||
header('HTTP/1.1 403 Forbidden');
|
header('HTTP/1.1 403 Forbidden');
|
||||||
$this->throwStatus(403, 'Bad SSO request');
|
$this->throwStatus(403, 'Bad SSO request');
|
||||||
} else {
|
} else {
|
||||||
// Valid $sso string available, convert it.
|
// Valid $sso string available, convert it.
|
||||||
parse_str(base64_decode($sso), $receivedPayload);
|
parse_str(base64_decode($sso), $receivedPayload);
|
||||||
|
// GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload));
|
||||||
$user = null;
|
$user = null;
|
||||||
if (isset($GLOBALS['TSFE']) === true
|
if (isset($GLOBALS['TSFE']) === true
|
||||||
&& isset($GLOBALS['TSFE']->fe_user) === true
|
&& isset($GLOBALS['TSFE']->fe_user) === true
|
||||||
|
@ -127,7 +129,7 @@ class SsoController extends ActionController
|
||||||
$user = $GLOBALS['TSFE']->fe_user->user;
|
$user = $GLOBALS['TSFE']->fe_user->user;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($user) === true) {
|
if (is_array($user) === true) {
|
||||||
$userId = $user['uid'];
|
$userId = $user['uid'];
|
||||||
$userEmail = $user['email'];
|
$userEmail = $user['email'];
|
||||||
$userName = $user['username'];
|
$userName = $user['username'];
|
||||||
|
@ -141,10 +143,10 @@ class SsoController extends ActionController
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
);
|
);
|
||||||
$payload = base64_encode(http_build_query($parameters));
|
$payload = base64_encode(http_build_query($parameters));
|
||||||
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']);
|
$signature = hash_hmac('sha256', $payload, $sharedKey);
|
||||||
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
|
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
|
||||||
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
|
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
|
||||||
GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus));
|
// GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters));
|
||||||
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
|
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
|
||||||
} else {
|
} else {
|
||||||
// No user logged in.
|
// No user logged in.
|
||||||
|
@ -153,7 +155,7 @@ class SsoController extends ActionController
|
||||||
.'You should not see this message!<br />'
|
.'You should not see this message!<br />'
|
||||||
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
|
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
|
||||||
.'Please change this in the setup of this content element.';
|
.'Please change this in the setup of this content element.';
|
||||||
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText));
|
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText));
|
||||||
return $errorText;
|
return $errorText;
|
||||||
}//end if
|
}//end if
|
||||||
}//end if
|
}//end if
|
||||||
|
|
|
@ -11,8 +11,7 @@
|
||||||
|
|
||||||
$EM_CONF[$_EXTKEY] = array(
|
$EM_CONF[$_EXTKEY] = array(
|
||||||
'title' => 'Discourse SSO',
|
'title' => 'Discourse SSO',
|
||||||
'description' => 'This is an SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s n
|
'description' => 'This is a SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s name, login and email address is passed to discourse, allowing easy setup of users.',
|
||||||
ame, login and email address is passed to discourse, allowing easy setup o fusers.',
|
|
||||||
'category' => 'plugin',
|
'category' => 'plugin',
|
||||||
'author' => 'Dirk Jahnke',
|
'author' => 'Dirk Jahnke',
|
||||||
'author_email' => 'dirk.jahnke@mailbox.org',
|
'author_email' => 'dirk.jahnke@mailbox.org',
|
||||||
|
@ -21,15 +20,10 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser
|
||||||
'uploadfolder' => '0',
|
'uploadfolder' => '0',
|
||||||
'createDirs' => '',
|
'createDirs' => '',
|
||||||
'clearCacheOnLoad' => 0,
|
'clearCacheOnLoad' => 0,
|
||||||
'version' => '0.0.1',
|
'version' => '0.1.0',
|
||||||
'constraints' => array(
|
'constraints' => array(
|
||||||
'depends' => array(
|
'depends' => array('typo3' => '6.2.0-7.2.99'),
|
||||||
'typo3' => '6.2.0-7.2.99',
|
'conflicts' => array(),
|
||||||
),
|
'suggests' => array(),
|
||||||
'conflicts' => array(
|
|
||||||
),
|
|
||||||
'suggests' => array(
|
|
||||||
),
|
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
?>
|
|
||||||
|
|
Loading…
Reference in New Issue