fremo
/
dj_discourse_sso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Finalized version 0.1.0 -- SSO for a single discourse server.

This commit is contained in:
Dirk Jahnke 2016-10-05 10:19:23 +02:00
parent eb5b75bcc5
commit 310467b07f
2 changed files with 34 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Classes/Controller/SsoController.php
View File

@ -70,38 +70,39 @@ class SsoController extends ActionController
*/
public function authenticateAction()
{
$extKey = $_EXTKEY; //'dj_discourse_sso';
$extKey = 'dj_discourse_sso';
/** @var \TYPO3\CMS\Extensionmanager\Utility\ConfigurationUtility $configurationUtility */
$configurationUtility = $this->objectManager->get(ConfigurationUtility::class);
$extensionConfiguration = $configurationUtility->getCurrentConfiguration($extKey);
GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
// GeneralUtility::devLog('authenticateAction-0', $extKey, 0, array('extKey' => $extKey));
// GeneralUtility::devLog('authenticateAction-1', $extKey, 0, array('config' => $extensionConfiguration));
// Check mandatory settings.
if (isset($extensionConfiguration['redirect_url']) === false) {
if (is_array($extensionConfiguration['redirect_url']) === false) {
$errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />'
.'Could not find extension configuration for parameter redirect_url! '
.'Please configure the plugin.';
return $errorText;
} else {
$redirectUrlRoot = $extensionConfiguration['redirect_url'];
$redirectUrlRoot = $extensionConfiguration['redirect_url']['value'];
}
if (isset($extensionConfiguration['shared_key']) === false) {
if (is_array($extensionConfiguration['shared_key']) === false) {
$errorText = '<div><b>ERROR!</b> '
.'You should not see this message!<br />'
.'Could not find extension configuration for parameter shared_key! '
.'Please configure the plugin.';
return $errorText;
} else {
$sharedKey = $extensionConfiguration['shared_key'];
$sharedKey = $extensionConfiguration['shared_key']['value'];
}
// Set some defaults.
if (isset($extensionConfiguration['redirect_status']) === true) {
$redirectStatus = $extensionConfiguration['redirect_status'];
// Set redirect status.
$redirectStatus = false;
if (is_array($extensionConfiguration['redirect_status']) === true) {
$redirectStatus = intval($extensionConfiguration['redirect_status']['value']);
}
if ($redirectStatus === false || ($redirectStatus < 300 || $redirectStatus > 308)) {
@ -113,12 +114,13 @@ class SsoController extends ActionController
$sig = GeneralUtility::_GP('sig');
$hmac = hash_hmac('sha256', $sso, $sharedKey);
if ($this->_hashsAreEqual($hmac, $sig) === false) {
GeneralUtility::devLog('authenticateAction bad request', $extKey, 0, array('sso' => $sso, 'sig' => $sig, 'hmac' => $hmac));
GeneralUtility::devLog('authenticateAction bad request', $extKey, 2, array('sso' => $sso, 'sig' => $sig, 'expected sig' => $hmac));
header('HTTP/1.1 403 Forbidden');
$this->throwStatus(403, 'Bad SSO request');
} else {
// Valid $sso string available, convert it.
parse_str(base64_decode($sso), $receivedPayload);
// GeneralUtility::devLog('authenticateAction valid sso request', $extKey, 0, array('payload' => $receivedPayload));
$user = null;
if (isset($GLOBALS['TSFE']) === true
&& isset($GLOBALS['TSFE']->fe_user) === true
@ -127,7 +129,7 @@ class SsoController extends ActionController
$user = $GLOBALS['TSFE']->fe_user->user;
}
if (isset($user) === true) {
if (is_array($user) === true) {
$userId = $user['uid'];
$userEmail = $user['email'];
$userName = $user['username'];
@ -141,10 +143,10 @@ class SsoController extends ActionController
'name' => $name,
);
$payload = base64_encode(http_build_query($parameters));
$signature = hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']);
$signature = hash_hmac('sha256', $payload, $sharedKey);
$query = http_build_query(array('sso' => $payload, 'sig' => $signature));
$redirectUrl = $redirectUrlRoot.'/session/sso_login?'.$query;
GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus));
// GeneralUtility::devLog('authenticateAction successful, redirecting', $extKey, 0, array('redirectUrl' => $redirectUrl, 'status' => $redirectStatus, 'payload' => $payload, 'parameter' => $parameters));
$this->redirectToUri($redirectUrl, 0, $redirectStatus);
} else {
// No user logged in.
@ -153,7 +155,7 @@ class SsoController extends ActionController
.'You should not see this message!<br />'
.'This plugin should be made available only, if a Frontend User is logged in.<br />'
.'Please change this in the setup of this content element.';
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 0, array('error' => $errorText));
GeneralUtility::devLog('authenticateAction bad configuration', $extKey, 2, array('error' => $errorText));
return $errorText;
}//end if
}//end if

18
ext_emconf.php
View File

@ -11,8 +11,7 @@
$EM_CONF[$_EXTKEY] = array(
'title' => 'Discourse SSO',
'description' => 'This is an SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s n
ame, login and email address is passed to discourse, allowing easy setup o fusers.',
'description' => 'This is a SSO Provider for Discourse (see discourse.org) allowing Typo3 to be used to authenticate discourse users. User\'s name, login and email address is passed to discourse, allowing easy setup of users.',
'category' => 'plugin',
'author' => 'Dirk Jahnke',
'author_email' => 'dirk.jahnke@mailbox.org',
@ -21,15 +20,10 @@ ame, login and email address is passed to discourse, allowing easy setup o fuser
'uploadfolder' => '0',
'createDirs' => '',
'clearCacheOnLoad' => 0,
'version' => '0.0.1',
'version' => '0.1.0',
'constraints' => array(
'depends' => array(
'typo3' => '6.2.0-7.2.99',
'depends' => array('typo3' => '6.2.0-7.2.99'),
'conflicts' => array(),
'suggests' => array(),
),
'conflicts' => array(
),
'suggests' => array(
),
),
);
?>
);