From d6f5fb6257056659e10aa0a4f7b2b26c7d512b5c Mon Sep 17 00:00:00 2001 From: Dirk Jahnke Date: Thu, 22 Sep 2016 20:41:57 +0200 Subject: [PATCH] First revision of purse SSO without additional features --- Classes/Controller/SsoController.php | 95 ++++++++++++++++++++++++++++ Configuration/TypoScript/setup.txt | 8 +++ README.txt | 6 ++ ext_emconf.php | 40 ++++++++++++ ext_localconf.php | 19 ++++++ ext_tables.php | 11 ++++ 6 files changed, 179 insertions(+) create mode 100644 Classes/Controller/SsoController.php create mode 100644 Configuration/TypoScript/setup.txt create mode 100644 README.txt create mode 100644 ext_emconf.php create mode 100644 ext_localconf.php create mode 100644 ext_tables.php diff --git a/Classes/Controller/SsoController.php b/Classes/Controller/SsoController.php new file mode 100644 index 0000000..46d37af --- /dev/null +++ b/Classes/Controller/SsoController.php @@ -0,0 +1,95 @@ + + * + * All rights reserved + * + * This script is part of the TYPO3 project. The TYPO3 project is + * free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * The GNU General Public License can be found at + * http://www.gnu.org/copyleft/gpl.html. + * + * This script is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * This copyright notice MUST APPEAR in all copies of the script! + ***************************************************************/ + +use TYPO3\CMS\Core\Utility\GeneralUtility; + +/** + * Controller for the Member object + * + * @version $Id$ + * @copyright Copyright belongs to the respective authors + * @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later + */ +class SsoController extends \TYPO3\CMS\Scheduler\Task\AbstractTask +{ + private function hashs_are_equal($data, $sig) { + if (!$data || !$sig || !is_string($data) || !is_string($sig)) + return false; + if (strlen($data) != strlen($sig)) + return false; + if (strcmp($data, $sig) === 0) + return true; + return false; + } + + /** + */ + public function authenticateAction() { + $user = NULL; + if (isset($GLOBALS['TSFE']) && isset($GLOBALS['TSFE']->fe_user) && isset($GLOBALS['TSFE']->fe_user->user)) { + $user = $GLOBALS['TSFE']->fe_user->user; + } + if (isset($user)) { + $sso = urldecode(GeneralUtility::_GP('sso')); + $sig = GeneralUtility::_GP('sig'); + + $userId = $user['uid']; + $userEmail = $user['email']; + $userName = $user['username']; + $name = $user['name']; + + if (!$this->hashs_are_equal(hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']), $sig)) { + header("HTTP/1.1 403 Forbidden"); + $this->throwStatus(403, "Bad SSO request"); + } else { + // valid $sso string available, convert it + parse_str(base64_decode($sso), $receivedPayload); + $nonce = $receivedPayload['nonce']; + $parameters = array( + 'nonce' => $nonce, + 'external_id' => $userId, + 'email' => $userEmail, + 'username' => $userName, + 'name' => $name + ); + $payload = base64_encode(http_build_query($parameters)); + $query = http_build_query(array('sso' => $payload, 'sig' => hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key']))); + $statusCode = $this->settings['discourse_sso_redirect_statuscode']; + if (!$statusCode || ($statusCode < 300 || $statusCode > 308)) { + // set default: + $statusCode = 303; + } + $this->redirectToUri($this->settings['discourse_sso_redirect'] . '/session/sso_login?' . $query, 0, 302); + } + } else { + // no user logged in + // wrong setup! This plugin should be enabled only, if a user login exists + return "
ERROR! You should not see this message! This plugin should be made available only, if a Frontend User is logged in! Please change this in the setup of this content element."; + } + } +} +?> diff --git a/Configuration/TypoScript/setup.txt b/Configuration/TypoScript/setup.txt new file mode 100644 index 0000000..cf26648 --- /dev/null +++ b/Configuration/TypoScript/setup.txt @@ -0,0 +1,8 @@ +plugin.tx_discoursesso { + settings { + # Discourse SSO + # discourse_sso_shared_key = MyFavKey + # discourse_sso_redirect = https://my.discourse.site + # discourse_sso_redirect = 302 + } +} diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..b9a31e5 --- /dev/null +++ b/README.txt @@ -0,0 +1,6 @@ +README +====== + +Version 0.1: +* initial setup + diff --git a/ext_emconf.php b/ext_emconf.php new file mode 100644 index 0000000..d9c42b2 --- /dev/null +++ b/ext_emconf.php @@ -0,0 +1,40 @@ + 'Discourse SSO', + 'description' => 'Single sign on support for Discourse forum software, thus FE users from Typo3 are automatically logged into Discourse', + 'category' => 'be', + 'author' => 'Dirk Jahnke', + 'author_email' => 'dirk.jahnke@mailbox.org', + 'author_company' => 'Dirk Jahnke', + 'shy' => '', + 'dependencies' => 'extbase,fluid', + 'conflicts' => '', + 'priority' => 'bottom', + 'state' => 'beta', + 'uploadfolder' => '0', + 'createDirs' => '', + 'modify_tables' => '', + 'clearCacheOnLoad' => 1, + 'lockType' => '', + 'version' => '0.0.1', + 'constraints' => array( + 'depends' => array( + 'php' => '5.4.0-0.0.0', + 'typo3' => '6.2.0-6.2.99', + 'extbase' => '6.2.0-6.2.99', + 'fluid' => '0.0.0-0.0.0', + ), + 'conflicts' => array( + ), + 'suggests' => array( + 'devlog' => '0.0.0-0.0.0', + ), + ), +); + +?> diff --git a/ext_localconf.php b/ext_localconf.php new file mode 100644 index 0000000..96549e5 --- /dev/null +++ b/ext_localconf.php @@ -0,0 +1,19 @@ + 'authenticate', + ), + array( + 'Sso' => 'authenticate', + ), + \TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN +); + +?> diff --git a/ext_tables.php b/ext_tables.php new file mode 100644 index 0000000..ad0cbd4 --- /dev/null +++ b/ext_tables.php @@ -0,0 +1,11 @@ +