fremo/dj_discourse_sso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

First revision of purse SSO without additional features

Browse Source
This commit is contained in:
Dirk Jahnke
2016-09-22 20:41:57 +02:00
parent 09714da47d
commit d6f5fb6257
6 changed files with 179 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
Classes/Controller/SsoController.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
namespace Jahnke\DiscourseSso\Controller;
/***************************************************************
* Copyright notice
*
* (c) 2016 Dirk Jahnke <dirk.jahnke@mailbox.org>
*
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Controller for the Member object
*
* @version $Id$
* @copyright Copyright belongs to the respective authors
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
*/
class SsoController extends \TYPO3\CMS\Scheduler\Task\AbstractTask
{
private function hashs_are_equal($data, $sig) {
if (!$data || !$sig || !is_string($data) || !is_string($sig))
return false;
if (strlen($data) != strlen($sig))
return false;
if (strcmp($data, $sig) === 0)
return true;
return false;
}
/**
*/
public function authenticateAction() {
$user = NULL;
if (isset($GLOBALS['TSFE']) && isset($GLOBALS['TSFE']->fe_user) && isset($GLOBALS['TSFE']->fe_user->user)) {
$user = $GLOBALS['TSFE']->fe_user->user;
}
if (isset($user)) {
$sso = urldecode(GeneralUtility::_GP('sso'));
$sig = GeneralUtility::_GP('sig');
$userId = $user['uid'];
$userEmail = $user['email'];
$userName = $user['username'];
$name = $user['name'];
if (!$this->hashs_are_equal(hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']), $sig)) {
header("HTTP/1.1 403 Forbidden");
$this->throwStatus(403, "Bad SSO request");
} else {
// valid $sso string available, convert it
parse_str(base64_decode($sso), $receivedPayload);
$nonce = $receivedPayload['nonce'];
$parameters = array(
'nonce' => $nonce,
'external_id' => $userId,
'email' => $userEmail,
'username' => $userName,
'name' => $name
);
$payload = base64_encode(http_build_query($parameters));
$query = http_build_query(array('sso' => $payload, 'sig' => hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key'])));
$statusCode = $this->settings['discourse_sso_redirect_statuscode'];
if (!$statusCode || ($statusCode < 300 || $statusCode > 308)) {
// set default:
$statusCode = 303;
}
$this->redirectToUri($this->settings['discourse_sso_redirect'] . '/session/sso_login?' . $query, 0, 302);
}
} else {
// no user logged in
// wrong setup! This plugin should be enabled only, if a user login exists
return "<div><b>ERROR!</b> You should not see this message! This plugin should be made available only, if a Frontend User is logged in! Please change this in the setup of this content element.";
}
}
}
?>

8
Configuration/TypoScript/setup.txt Normal file
View File

@@ -0,0 +1,8 @@
plugin.tx_discoursesso {
settings {
# Discourse SSO
# discourse_sso_shared_key = MyFavKey
# discourse_sso_redirect = https://my.discourse.site
# discourse_sso_redirect = 302
}
}

6
README.txt Normal file
View File

@@ -0,0 +1,6 @@
README
======
Version 0.1:
* initial setup

40
ext_emconf.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
/**
* Extension Manager/Repository config file for ext: "dj_discourse_sso"
*/
$EM_CONF[$_EXTKEY] = array(
'title' => 'Discourse SSO',
'description' => 'Single sign on support for Discourse forum software, thus FE users from Typo3 are automatically logged into Discourse',
'category' => 'be',
'author' => 'Dirk Jahnke',
'author_email' => 'dirk.jahnke@mailbox.org',
'author_company' => 'Dirk Jahnke',
'shy' => '',
'dependencies' => 'extbase,fluid',
'conflicts' => '',
'priority' => 'bottom',
'state' => 'beta',
'uploadfolder' => '0',
'createDirs' => '',
'modify_tables' => '',
'clearCacheOnLoad' => 1,
'lockType' => '',
'version' => '0.0.1',
'constraints' => array(
'depends' => array(
'php' => '5.4.0-0.0.0',
'typo3' => '6.2.0-6.2.99',
'extbase' => '6.2.0-6.2.99',
'fluid' => '0.0.0-0.0.0',
),
'conflicts' => array(
),
'suggests' => array(
'devlog' => '0.0.0-0.0.0',
),
),
);
?>

19
ext_localconf.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
if (!defined ('TYPO3_MODE')) {
die ('Access denied.');
}
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
'Jahnke.' . $_EXTKEY,
'Sso',
array(
'Sso' => 'authenticate',
),
array(
'Sso' => 'authenticate',
),
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::PLUGIN_TYPE_PLUGIN
);
?>

11
ext_tables.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
if (!defined ('TYPO3_MODE')) die ('Access denied.');
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerPlugin(
'Jahnke.' . $_EXTKEY,
'Sso',
'Discourse SSO Authentication'
);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile($_EXTKEY, 'Configuration/TypoScript', 'Discourse SSO');
?>