-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TYPO3 12.4 support #144
TYPO3 12.4 support #144
Conversation
The frontend login process is protected against CSRF beginning with TYPO3 12. For now we fake the request token when the GET variable tx_oidc is set. I doubt connect action‘s redirect is still necessary. This should still be checked.
# Conflicts: # Classes/Service/AuthenticationService.php # ext_emconf.php # ext_localconf.php
Thanks. Will review asap |
Causal\Oidc\EventListener\ProcessRequestTokenListener: | ||
tags: | ||
- name: event.listener | ||
identifier: 'causal/oidc-request-token' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which event are we listening to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is this Event: BeforeRequestTokenProcessedEvent
We introduced this. See this commit:
undkonsorten@f2e4250
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is needed for CSRF in typo3 12 for fe_login.
But this is breaking and might not work under typo3 11.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I wasn't clear about this: I meant we should explicitly name the event we are listening for here in the yaml. Otherwise I need to open the event listener to see which event is covered, which I consider a bit cumbersome. (I know it works this way, but I do not consider it particularly readable.)
But it is up to @xperseguers to decide on this "taste".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah i agree with that.
@@ -66,7 +63,7 @@ public function processDatamap_afterDatabaseOperations(string $operation, string | |||
'fe_users', | |||
[ | |||
'usergroup' => implode(',', $userGroups), | |||
'tstamp' => $GLOBALS['EXEC_TIME'], | |||
'tstamp' => GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('date', 'timestamp'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this is the way to go nowadays, but still, I can't see this without wondering why we go to such a outrageous way of getting the well-known "execution time" :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think its not about readability, its about the internal request and ability tho make subrequest with another context
Resolves #130 |
I hope we can get #153 in first, so this one needs a rebase then, but should get quite a bit smaller on the way. |
Do you still need stuff changed by me in this pull request? |
Or in other words: Can i help you with something? |
@Starkmann We got a lot of improvements merged now. It's now time to rebase this PR here and get this one ready/in. Thanks for your patience. |
How is the progress here? |
@gemeinling Feel free to rebase this PR and test. That would be a lot of help already. |
As I'm new to contributing and pull requests, it took some time. I have now rebased this PR onto the master branch here. Unfortunately, I don't have permissions in one of these repositories. What are the next steps? Currently, the rebase is done here: https://github.com/gemeinling/t3ext-oidc/tree/typo3-12.4 |
@gemeinling Thanks for you work. Feel free to open a new PR against your fork. |
Closing this PR in favor of #162 |
Compatibility for TYPO3 12.4 since we do not use all features i have not tested everything, but main functionality works.
Also haven't tested backwards compatibility to TYPO311