fremo
/
dj_discourse_sso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Finalized version 0.1.0 -- SSO for a single discourse server.

This commit is contained in:
Dirk Jahnke 2016-10-05 10:19:23 +02:00
parent eb5b75bcc5
commit 310467b07f
2 changed files with 34 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Classes/Controller/SsoController.php
View File

@ -70,38 +70,39 @@ class SsoController extends ActionController
*/ */
public function authenticateAction() public function authenticateAction()
{ {
$extKey = $_EXTKEY; //'dj_discourse_sso'; $extKey = 'dj_discourse_sso';
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */ /** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class); $configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey); $extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey)); // GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration)); // GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
// Check mandatory settings. // Check mandatory settings.
if (isset($extensionConfiguration['redirect_url']) === false) { if (is_array($extensionConfiguration['redirect_url']) === false) {
$errorText = '<div><b>ERROR!</b> ' $errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'Could not find extension configuration for parameter redirect_url! ' .'Could not find extension configuration for parameter redirect_url! '
.'Please configure the plugin.'; .'Please configure the plugin.';
return $errorText; return $errorText;
} else { } else {
$redirectUrlRoot = $extensionConfiguration['redirect_url']; $redirectUrlRoot = $extensionConfiguration['redirect_url']['value'];
} }
if (isset($extensionConfiguration['shared_key']) === false) { if (is_array($extensionConfiguration['shared_key']) === false) {
$errorText = '<div><b>ERROR!</b> ' $errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'Could not find extension configuration for parameter shared_key! ' .'Could not find extension configuration for parameter shared_key! '
.'Please configure the plugin.'; .'Please configure the plugin.';
return $errorText; return $errorText;
} else { } else {
$sharedKey = $extensionConfiguration['shared_key']; $sharedKey = $extensionConfiguration['shared_key']['value'];
} }
// Set some defaults. // Set redirect status.
if (isset($extensionConfiguration['redirect_status']) === true) { $redirectStatus = false;
$redirectStatus = $extensionConfiguration['redirect_status']; if (is_array($extensionConfiguration['redirect_status']) === true) {
$redirectStatus = intval($extensionConfiguration['redirect_status']['value']);
} }
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) { if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
@ -113,12 +114,13 @@ class SsoController extends ActionController
$sig = GeneralUtility::_GP('sig'); $sig = GeneralUtility::_GP('sig');
$hmac = hash_hmac('sha256', $sso, $sharedKey); $hmac = hash_hmac('sha256', $sso, $sharedKey);
if ($this->_hashsAreEqual($hmac, $sig) === false) { if ($this->_hashsAreEqual($hmac, $sig) === false) {
GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac)); GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac));
header('HTTP/1.1 403 Forbidden'); header('HTTP/1.1 403 Forbidden');
$this->throwStatus(403, 'Bad SSO request'); $this->throwStatus(403, 'Bad SSO request');
} else { } else {
// Valid $sso string available, convert it. // Valid $sso string available, convert it.
parse_str(base64_decode($sso), $receivedPayload); parse_str(base64_decode($sso), $receivedPayload);
// GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload));
$user = null; $user = null;
if (isset($GLOBALS['TSFE']) === true if (isset($GLOBALS['TSFE']) === true
&& isset($GLOBALS['TSFE']->fe_user) === true && isset($GLOBALS['TSFE']->fe_user) === true
@ -127,7 +129,7 @@ class SsoController extends ActionController
$user = $GLOBALS['TSFE']->fe_user->user; $user = $GLOBALS['TSFE']->fe_user->user;
} }
if (isset($user) === true) { if (is_array($user) === true) {
$userId = $user['uid']; $userId = $user['uid'];
$userEmail = $user['email']; $userEmail = $user['email'];
$userName = $user['username']; $userName = $user['username'];
@ -141,10 +143,10 @@ class SsoController extends ActionController
'name' => $name, 'name' => $name,
); );
$payload = base64_encode(http_build_query($parameters)); $payload = base64_encode(http_build_query($parameters));
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']); $signature = hash_hmac('sha256', $payload, $sharedKey);
$query = http_build_query(array('sso' => $payload, 'sig' => $signature)); $query = http_build_query(array('sso' => $payload, 'sig' => $signature));
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query; $redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus)); // GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters));
$this->redirectToUri($redirectUrl, 0, $redirectStatus); $this->redirectToUri($redirectUrl, 0, $redirectStatus);
} else { } else {
// No user logged in. // No user logged in.
@ -153,7 +155,7 @@ class SsoController extends ActionController
.'You should not see this message!<br />' .'You should not see this message!<br />'
.'This plugin should be made available only, if a Frontend User is logged in.<br />' .'This plugin should be made available only, if a Frontend User is logged in.<br />'
.'Please change this in the setup of this content element.'; .'Please change this in the setup of this content element.';
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText)); GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText));
return $errorText; return $errorText;
}//end if }//end if
}//end if }//end if

18
ext_emconf.php
View File

@ -11,8 +11,7 @@
$EM_CONF[$_EXTKEY] = array( $EM_CONF[$_EXTKEY] = array(
'title' => 'Discourse SSO', 'title' => 'Discourse SSO',
'description' => 'This is an SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s n 'description' => 'This is a SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s name, login and email address is passed to discourse, allowing easy setup of users.',
ame, login and email address is passed to discourse, allowing easy setup o fusers.',
'category' => 'plugin', 'category' => 'plugin',
'author' => 'Dirk Jahnke', 'author' => 'Dirk Jahnke',
'author_email' => 'dirk.jahnke@mailbox.org', 'author_email' => 'dirk.jahnke@mailbox.org',
@ -21,15 +20,10 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser
'uploadfolder' => '0', 'uploadfolder' => '0',
'createDirs' => '', 'createDirs' => '',
'clearCacheOnLoad' => 0, 'clearCacheOnLoad' => 0,
'version' => '0.0.1', 'version' => '0.1.0',
'constraints' => array( 'constraints' => array(
'depends' => array( 'depends' => array('typo3' => '6.2.0-7.2.99'),
'typo3' => '6.2.0-7.2.99', 'conflicts' => array(),
'suggests' => array(),
), ),
'conflicts' => array( );
),
'suggests' => array(
),
),
);
?>