Refactor for compatibility with TYPO3 12

marketing-factory / oauth2

Generic OAuth2 authentication and authorization for TYPO3 CMS

Other

9 stars 18 forks source link

Refactor for compatibility with TYPO3 12 #45

Closed garbast closed 11 months ago

garbast commented 1 year ago

Make compatible with TYPO3 12.

Complete refactor of extension with lots of cleanups.

garbast commented 1 year ago

Fix of PR #44 is included.

garbast commented 1 year ago

Ping. Can we get any traction on this pull request?

christian-fries commented 1 year ago

Can I do sth to help getting this PR merged?

tehplague commented 11 months ago

I am currently working on verifying the PR. However, after returning from the resource server - GitLab, in this case - TYPO3 throws with

TYPO3\CMS\Core\Security\RequestToken::fromHashSignedJwt(): Argument #2 ($secret) must be of type TYPO3\CMS\Core\Security\SigningSecretInterface|TYPO3\CMS\Core\Security\SigningSecretResolver, null given

This is because the NoncePool does not know about the specified nonce value that is being verified. In fact, at this point, the pool was completely empty. I tested with a fresh and otherwise empty installation of TYPO3 inside DDEV and only EXT:oauth2 with just GitLab as resource server configured.

However, in general, I'm unsure why exactly the handling of request tokens shall be duplicated inside EXT:oauth2. IMHO, TYPO3 should handle them and already does so, I think. Could you clarify that, @garbast ?

evoWeb commented 11 months ago

The core does not handly any token handed via $_GET. And it is not possible to forward the token via header as redirects do not respect these. Additionally the /config/system/settings.php need to have 'BE'|'cookieSameSite' => 'lax' set or the nonce get lost on the way to gitlab.

tehplague commented 11 months ago

cookieSameSite => 'lax' indeed resolves the issue above. Could you add the following to circumvent an issue in the extension configuration editor?

diff --git a/ext_conf_template.txt b/ext_conf_template.txt
index 7be81f8..44ff543 100644
--- a/ext_conf_template.txt
+++ b/ext_conf_template.txt
@@ -1,5 +1,5 @@
-# cat=GitLab//0; type=boolean; label=Enable Backend Login
+# cat=gitlab; type=boolean; label=Enable Backend Login
 enableBackendLogin = 0

-# cat=GitLab//1; type=boolean; label=override existing user
+# cat=gitlab; type=boolean; label=override existing user
 overrideUser = 0

This is to circumvent https://forge.typo3.org/issues/102760