96 lines
3.8 KiB
PHP
96 lines
3.8 KiB
PHP
<?php
|
|
namespace Jahnke\DiscourseSso\Controller;
|
|
|
|
/***************************************************************
|
|
* Copyright notice
|
|
*
|
|
* (c) 2016 Dirk Jahnke <dirk.jahnke@mailbox.org>
|
|
*
|
|
* All rights reserved
|
|
*
|
|
* This script is part of the TYPO3 project. The TYPO3 project is
|
|
* free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* The GNU General Public License can be found at
|
|
* http://www.gnu.org/copyleft/gpl.html.
|
|
*
|
|
* This script is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* This copyright notice MUST APPEAR in all copies of the script!
|
|
***************************************************************/
|
|
|
|
use TYPO3\CMS\Core\Utility\GeneralUtility;
|
|
|
|
/**
|
|
* Controller for the Member object
|
|
*
|
|
* @version $Id$
|
|
* @copyright Copyright belongs to the respective authors
|
|
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
|
|
*/
|
|
class SsoController extends \TYPO3\CMS\Scheduler\Task\AbstractTask
|
|
{
|
|
private function hashs_are_equal($data, $sig) {
|
|
if (!$data || !$sig || !is_string($data) || !is_string($sig))
|
|
return false;
|
|
if (strlen($data) != strlen($sig))
|
|
return false;
|
|
if (strcmp($data, $sig) === 0)
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
*/
|
|
public function authenticateAction() {
|
|
$user = NULL;
|
|
if (isset($GLOBALS['TSFE']) && isset($GLOBALS['TSFE']->fe_user) && isset($GLOBALS['TSFE']->fe_user->user)) {
|
|
$user = $GLOBALS['TSFE']->fe_user->user;
|
|
}
|
|
if (isset($user)) {
|
|
$sso = urldecode(GeneralUtility::_GP('sso'));
|
|
$sig = GeneralUtility::_GP('sig');
|
|
|
|
$userId = $user['uid'];
|
|
$userEmail = $user['email'];
|
|
$userName = $user['username'];
|
|
$name = $user['name'];
|
|
|
|
if (!$this->hashs_are_equal(hash_hmac('sha256', $sso, $this->settings['discourse_sso_shared_key']), $sig)) {
|
|
header("HTTP/1.1 403 Forbidden");
|
|
$this->throwStatus(403, "Bad SSO request");
|
|
} else {
|
|
// valid $sso string available, convert it
|
|
parse_str(base64_decode($sso), $receivedPayload);
|
|
$nonce = $receivedPayload['nonce'];
|
|
$parameters = array(
|
|
'nonce' => $nonce,
|
|
'external_id' => $userId,
|
|
'email' => $userEmail,
|
|
'username' => $userName,
|
|
'name' => $name
|
|
);
|
|
$payload = base64_encode(http_build_query($parameters));
|
|
$query = http_build_query(array('sso' => $payload, 'sig' => hash_hmac('sha256', $payload, $this->settings['discourse_sso_shared_key'])));
|
|
$statusCode = $this->settings['discourse_sso_redirect_statuscode'];
|
|
if (!$statusCode || ($statusCode < 300 || $statusCode > 308)) {
|
|
// set default:
|
|
$statusCode = 303;
|
|
}
|
|
$this->redirectToUri($this->settings['discourse_sso_redirect'] . '/session/sso_login?' . $query, 0, 302);
|
|
}
|
|
} else {
|
|
// no user logged in
|
|
// wrong setup! This plugin should be enabled only, if a user login exists
|
|
return "<div><b>ERROR!</b> You should not see this message! This plugin should be made available only, if a Frontend User is logged in! Please change this in the setup of this content element.";
|
|
}
|
|
}
|
|
}
|
|
?>
|