Skip to content

Commit d9ebb3d

Browse files
vertexvaarvertexvaar
committed
[RELEASE] Create T3AM 1.0.0
0 parents  commit d9ebb3d

11 files changed

Lines changed: 634 additions & 0 deletions

Classes/Authenticator.php

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
<?php
2+
namespace In2code\T3AM\Client;
3+
4+
/*
5+
* Copyright (C) 2018 Oliver Eglseder <php@vxvr.de>, in2code GmbH
6+
*
7+
* This program is free software; you can redistribute it and/or
8+
* modify it under the terms of the GNU General Public License
9+
* as published by the Free Software Foundation; either version 2
10+
* of the License, or (at your option) any later version.
11+
*
12+
* This program is distributed in the hope that it will be useful,
13+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15+
* GNU General Public License for more details.
16+
*/
17+
18+
use TYPO3\CMS\Core\Utility\GeneralUtility;
19+
use TYPO3\CMS\Rsaauth\RsaEncryptionDecoder;
20+
use TYPO3\CMS\Sv\AbstractAuthenticationService;
21+
22+
/**
23+
* Class Authenticator
24+
*/
25+
class Authenticator extends AbstractAuthenticationService
26+
{
27+
/**
28+
* @var Client
29+
*/
30+
protected $client = null;
31+
32+
/**
33+
* @var UserRepository
34+
*/
35+
protected $userRepository = null;
36+
37+
/**
38+
* Authenticator constructor.
39+
*/
40+
public function __construct()
41+
{
42+
$this->client = GeneralUtility::makeInstance(Client::class);
43+
$this->userRepository = GeneralUtility::makeInstance(UserRepository::class);
44+
}
45+
46+
/**
47+
* @return array|bool
48+
*/
49+
public function getUser()
50+
{
51+
$username = $this->login['uname'];
52+
if (!is_string($username) || strlen($username) <= 2) {
53+
return false;
54+
}
55+
56+
try {
57+
$state = $this->client->getUserState($username);
58+
} catch (ClientException $e) {
59+
return false;
60+
}
61+
62+
if ('okay' === $state) {
63+
try {
64+
$info = $this->client->getUserInfo($username);
65+
} catch (ClientException $e) {
66+
return false;
67+
}
68+
69+
return $this->userRepository->processInfo($info);
70+
} elseif ('deleted' === $state) {
71+
$this->userRepository->removeUser($username);
72+
}
73+
74+
return false;
75+
}
76+
77+
/**
78+
* @param array $user
79+
* @return int
80+
*/
81+
public function authUser(array $user)
82+
{
83+
if (!isset($this->login['uident_text'])) {
84+
$rsaEncryptionDecoder = GeneralUtility::makeInstance(RsaEncryptionDecoder::class);
85+
$this->login['uident_text'] = $rsaEncryptionDecoder->decrypt($this->login['uident']);
86+
}
87+
88+
try {
89+
$pubKeyArray = $this->client->getEncryptionKey();
90+
} catch (ClientException $e) {
91+
return 100;
92+
}
93+
94+
// prevent error output which would show the plain text password
95+
if (true === @openssl_public_encrypt($this->login['uident_text'], $encrypted, $pubKeyArray['pubKey'])) {
96+
$encodedPassword = base64_encode($encrypted);
97+
98+
try {
99+
if ($this->client->authUser($user['username'], $encodedPassword, $pubKeyArray['encryptionId'])) {
100+
return 200;
101+
} else {
102+
return 0;
103+
}
104+
} catch (ClientException $e) {
105+
return 100;
106+
}
107+
}
108+
109+
return 100;
110+
}
111+
}

Classes/Client.php

Lines changed: 193 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,193 @@
1+
<?php
2+
namespace In2code\T3AM\Client;
3+
4+
/*
5+
* Copyright (C) 2018 Oliver Eglseder <php@vxvr.de>, in2code GmbH
6+
*
7+
* This program is free software; you can redistribute it and/or
8+
* modify it under the terms of the GNU General Public License
9+
* as published by the Free Software Foundation; either version 2
10+
* of the License, or (at your option) any later version.
11+
*
12+
* This program is distributed in the hope that it will be useful,
13+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15+
* GNU General Public License for more details.
16+
*/
17+
18+
use TYPO3\CMS\Core\Utility\GeneralUtility;
19+
20+
/**
21+
* Class Client
22+
*/
23+
class Client
24+
{
25+
/**
26+
* @var Config
27+
*/
28+
protected $config = null;
29+
30+
/**
31+
* Authenticator constructor.
32+
*/
33+
public function __construct()
34+
{
35+
$this->config = GeneralUtility::makeInstance(Config::class);
36+
}
37+
38+
/**
39+
* @return mixed
40+
*
41+
* @throws ClientException
42+
*/
43+
public function getEncryptionKey()
44+
{
45+
return $this->request('encryption/getKey');
46+
}
47+
48+
/**
49+
* @param string $user
50+
*
51+
* @return mixed
52+
*
53+
* @throws ClientException
54+
*/
55+
public function getUserState($user)
56+
{
57+
return $this->request('user/state', ['user' => $user]);
58+
}
59+
60+
/**
61+
* @param string $user
62+
*
63+
* @return mixed
64+
*
65+
* @throws ClientException
66+
*/
67+
public function getUserInfo($user)
68+
{
69+
return $this->request('user/get', ['user' => $user]);
70+
}
71+
72+
/**
73+
* @param string $user
74+
* @param string $password
75+
* @param string $encryptionId
76+
*
77+
* @return mixed
78+
*
79+
* @throws ClientException
80+
*/
81+
public function authUser($user, $password, $encryptionId)
82+
{
83+
return $this->request('user/auth', ['user' => $user, 'password' => $password, 'encryptionId' => $encryptionId]);
84+
}
85+
86+
/**
87+
* @return bool
88+
*
89+
* @throws ClientException
90+
*/
91+
public function ping()
92+
{
93+
return $this->request('check/ping');
94+
}
95+
96+
/**
97+
* @param string $route
98+
* @param array $arguments
99+
*
100+
* @return mixed
101+
*
102+
* @throws ClientException
103+
*
104+
* @SuppressWarnings(PHPMD.Superglobals)
105+
*/
106+
protected function request($route, array $arguments = [])
107+
{
108+
$query = http_build_query(array_merge(['route' => $route, 'token' => $this->config->getToken()], $arguments));
109+
110+
$sslVerifyHost = $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host'];
111+
$sslVerifyPeer = $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer'];
112+
if ($this->config->allowSelfSigned()) {
113+
$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host'] = false;
114+
$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer'] = false;
115+
}
116+
$response = $this->getUrl($this->config->getServer() . '?eID=t3am_server&' . $query);
117+
$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host'] = $sslVerifyHost;
118+
$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer'] = $sslVerifyPeer;
119+
120+
if (!is_string($response)) {
121+
throw new ClientException('The API endpoint did not return a valid response');
122+
}
123+
$apiResult = json_decode($response, true);
124+
125+
$result = false;
126+
if (isset($apiResult['error']) && false === $apiResult['error'] && isset($apiResult['data'])) {
127+
$result = $apiResult['data'];
128+
}
129+
130+
return $result;
131+
}
132+
133+
/**
134+
* Improved (and much shorter) version of GeneralUtility::getUrl which always
135+
* uses cURL to allow self signed certificates without proxy. Does not follow HTTP status 3xx!
136+
*
137+
* @param string $url
138+
*
139+
* @return mixed
140+
*
141+
* @SuppressWarnings(PHPMD.Superglobals)
142+
*/
143+
protected function getUrl($url)
144+
{
145+
$session = curl_init();
146+
147+
if (!is_resource($session)) {
148+
return false;
149+
}
150+
151+
curl_setopt($session, CURLOPT_URL, $url);
152+
curl_setopt($session, CURLOPT_HEADER, 0);
153+
curl_setopt($session, CURLOPT_NOBODY, 0);
154+
curl_setopt($session, CURLOPT_HTTPGET, 'GET');
155+
curl_setopt($session, CURLOPT_RETURNTRANSFER, 1);
156+
curl_setopt($session, CURLOPT_FAILONERROR, 1);
157+
curl_setopt($session, CURLOPT_CONNECTTIMEOUT, max(0, (int)$GLOBALS['TYPO3_CONF_VARS']['SYS']['curlTimeout']));
158+
159+
$applicant = function ($session, $options) {
160+
foreach ($options as $key => $option) {
161+
if ($GLOBALS['TYPO3_CONF_VARS']['SYS'][$key]) {
162+
curl_setopt($session, $option[0], $option[1]);
163+
}
164+
}
165+
};
166+
167+
if ($this->config->allowSelfSigned() || !$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']) {
168+
curl_setopt($session, CURLOPT_SSL_VERIFYPEER, false);
169+
if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']) {
170+
$options = [
171+
'ssl_cafile' => [CURLOPT_CAINFO, $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_cafile']],
172+
'ssl_capath' => [CURLOPT_CAPATH, $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_capath']],
173+
];
174+
array_map($applicant, $options);
175+
}
176+
}
177+
if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
178+
curl_setopt($session, CURLOPT_PROXY, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']);
179+
curl_setopt($session, CURLOPT_SSL_VERIFYHOST, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host']);
180+
$options = [
181+
'curlProxyNTLM' => [CURLOPT_PROXYAUTH, CURLAUTH_NTLM],
182+
'curlProxyTunnel' => [CURLOPT_HTTPPROXYTUNNEL, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyTunnel']],
183+
'curlProxyUserPass' => [CURLOPT_PROXYUSERPWD, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyUserPass']],
184+
];
185+
array_map($applicant, $options);
186+
}
187+
$content = curl_exec($session);
188+
189+
curl_close($session);
190+
191+
return $content;
192+
}
193+
}

Classes/ClientException.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?php
2+
namespace In2code\T3AM\Client;
3+
4+
/*
5+
* Copyright (C) 2018 Oliver Eglseder <php@vxvr.de>, in2code GmbH
6+
*
7+
* This program is free software; you can redistribute it and/or
8+
* modify it under the terms of the GNU General Public License
9+
* as published by the Free Software Foundation; either version 2
10+
* of the License, or (at your option) any later version.
11+
*
12+
* This program is distributed in the hope that it will be useful,
13+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15+
* GNU General Public License for more details.
16+
*/
17+
18+
use Exception;
19+
20+
/**
21+
* Class ClientException
22+
*/
23+
class ClientException extends Exception
24+
{
25+
}

0 commit comments

Comments
 (0)