Guest User

Untitled

a guest
Jul 17th, 2018
78
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.49 KB | None | 0 0
  1. <?php
  2.  
  3. $sso = Mage::app()->getLayout()->createBlock('namespace/ssohelper');
  4.  
  5.  
  6.  
  7.  
  8. $secret = "secret_phrase";
  9. $sso->setSecret($secret);
  10.  
  11. // load payload
  12. $payload = $_GET['sso'];
  13. $signature = $_GET['sig'];
  14.  
  15. // validate payload
  16. if(!($sso->validatePayload($payload,$signature))) {
  17. // invalid, Deny
  18. header("HTTPS/1.1 403 Forbidden");
  19. echo("Bad SSO request");
  20. die();
  21. }
  22.  
  23. $nonce = $sso->getNonce($payload);
  24.  
  25. $loggedIn = Mage::getSingleton('customer/session')->isLoggedIn();
  26. if($loggedIn) {
  27. $sess = Mage::getSingleton('customer/session');
  28. $username = $sess->getCustomer()->getUsername();
  29. $email = $sess->getCustomer()->getEmail();
  30. $external_id = $sess->getCustomer()->getId();
  31.  
  32. $extraParameters = array(
  33. 'username' => $username,
  34. 'name' => $username,
  35. 'avatar_url' => $avatar
  36. );
  37. }
  38.  
  39.  
  40. // build query string and redirect back to forum
  41. $query = $sso->getSignInString($nonce, $external_id, $email, $extraParameters);
  42. header('Location: https://forum.website.come/session/sso_login?' . $query);
  43. exit(0);
  44.  
  45. <?xml version="1.0"?>
  46.  
  47. <config>
  48. <modules>
  49. <Namespace_SsoHelper>
  50. <version>0.1.1</version>
  51. </Namespace_SsoHelper>
  52. </modules>
  53. <global>
  54. <blocks>
  55. <ssohelper>
  56. <class>Namespace_SsoHelper_Block</class>
  57. </ssohelper>
  58. </blocks>
  59. </global>
  60.  
  61. </config>
  62.  
  63. <?php
  64.  
  65. use NamespaceSsoHelperExceptionPayloadException;
  66.  
  67.  
  68. class Namespace_SsoHelper_Block_SsoHelper extends Mage_Core_Block_Template
  69. {
  70. public function __construct(){
  71. parent::__construct();
  72. # getting default settings
  73. }
  74.  
  75. private $secret;
  76.  
  77.  
  78. public function setSecret($secret)
  79. {
  80. $this->secret = $secret;
  81.  
  82. return $this;
  83. }
  84.  
  85. /**
  86. * @param $payload
  87. * @param $signature
  88. * @return mixed
  89. */
  90. public function validatePayload($payload, $signature)
  91. {
  92. $payload = urldecode($payload);
  93.  
  94. return $this->signPayload($payload) === $signature;
  95. }
  96.  
  97. /**
  98. * @param $payload
  99. * @return mixed
  100. * @throws PayloadException
  101. */
  102. public function getNonce($payload)
  103. {
  104. $payload = urldecode($payload);
  105. $query = array();
  106. parse_str(base64_decode($payload), $query);
  107. if (!array_key_exists('nonce', $query)) {
  108. throw new PayloadException('Nonce not found in payload');
  109. }
  110.  
  111. return $query['nonce'];
  112. }
  113.  
  114. /**
  115. * @param $payload
  116. * @return mixed
  117. * @throws PayloadException
  118. */
  119. public function getReturnSSOURL($payload)
  120. {
  121. $payload = urldecode($payload);
  122. $query = array();
  123. parse_str(base64_decode($payload), $query);
  124. if (!array_key_exists('return_sso_url', $query)) {
  125. throw new PayloadException('Return SSO URL not found in payload');
  126. }
  127.  
  128. return $query['return_sso_url'];
  129. }
  130.  
  131. /**
  132. * @param $nonce
  133. * @param $external_id
  134. * @param $email
  135. * @param array $extraParameters
  136. * @return string
  137. */
  138. public function getSignInString($nonce, $external_id, $email, $extraParameters = [])
  139. {
  140.  
  141. $parameters = array(
  142. 'nonce' => $nonce,
  143. 'external_id' => $external_id,
  144. 'email' => $email,
  145. ) + $extraParameters;
  146.  
  147. $payload = base64_encode(http_build_query($parameters));
  148.  
  149. $data = array(
  150. 'sso' => $payload,
  151. 'sig' => $this->signPayload($payload),
  152. );
  153.  
  154. return http_build_query($data);
  155. }
  156.  
  157. /**
  158. * @param $payload
  159. * @return string
  160. */
  161. protected function signPayload($payload)
  162. {
  163. return hash_hmac('sha256', $payload, $this->secret);
  164. }
  165. }
  166.  
  167. $sso = Mage::app()->getLayout()->createBlock('namespace/ssohelper');
  168.  
  169. $sso = Mage::app()->getLayout()->createBlock('ssohelper/ssohelper');
Add Comment
Please, Sign In to add comment