revsbech · June 12, 2017 09:02
diff --git a/AuthenticationService.php b/AuthenticationService.php
 <?php
 /*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

 namespace Bolius\CognitoAuth\Service;

 use Firebase\JWT\JWT;
 use phpseclib\Crypt\RSA;
 use phpseclib\Math\BigInteger;
 use TYPO3\CMS\Core\Utility\GeneralUtility;

 /**
 * AWS Cognito authentication service.
 *
 */
 class AuthenticationService extends \TYPO3\CMS\Sv\AuthenticationService
 {

    /**
     *
     */
    public function getUser()
    {

        // @todo We shoudl fetch the set of keys from here, create a map of all keys indexed by kid
        //$raw = file_get_contents('https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_gD9Sc0iLZ/.well-known/jwks.json');

        JWT::$leeway = 60; // $leeway in seconds, fo accomodate short differences in time

        $cognitoSessionToken = GeneralUtility::_GET("cognito_id_token");
        $key .= $this->getPublicKey('AQAB', 'jvmFxg8TO9QjPBRWGs65QZXi5jPx3uU-B55SfB0Rf0hL90b0919zDYg_aOJCq9-EPlIyh8IneoTPPX-iuIzpYgEK93ia6Z88fumMVt8HtPShmHmtA9crUXkExFcvhNQewuxQxOkSWArF2MhKhn2vmRuq3Idgv3KT8oW0ri9qBa_3Jic0oD3_IBQUoqyDa122ArRn7uUiin1XuXFetV1GM7u9jxWzL19e7DQTH47IvxcJ6tSXPyMPYwzqqtRJfSRcL4Auz4bwAYsB2zWN5vKk8ZLchlHxErCZb4o9g9XPycDP373yPINLM_fxnNJ1Bi821gIPgoVcYkxLWcxgMm3odw');

        //@todo try catch, since the decode process will throw errors when token has expired, or is not value
        print_r(JWT::decode($cognitoSessionToken, $key, array('RS256')));

        //@todo If user is successfulle authenticated, we should return create a loca fe_user
        exit('MARK');
        return false;
    }

    /**
     * @param array $user
     */
    public function authUser(array $user)
    {
        return false;
        exit("Auth user");
    }

    /**
     * @param $modulus
     * @param $exponent
     */
    protected function getPublicKey($exponent, $modulus) {
        $rsa = new RSA();

        $modulus = new BigInteger(JWT::urlsafeB64Decode($modulus), 256);
        $exponent = new BigInteger(JWT::urlsafeB64Decode($exponent), 256);

        $rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
        $rsa->setPublicKey();
        return $rsa->getPublicKey();
    }
 }
diff --git a/ext_localconf.php b/ext_localconf.php
 <?php
 defined('TYPO3_MODE') || die();


 \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService(
    $_EXTKEY,
    'auth' /* sv type */,
    'Bolius\\CognitoAuth\\Service\\AuthenticationService' /* sv key */,
    array(
        'title' => 'Cognito Authentication service',
        'description' => 'Authentication service for AWS Cognito',

        'subtype' => 'getUserFE,authUserFE',

        'available' => true,
        'priority' => 80,
        'quality' => 80,

        'os' => '',
        'exec' => '',

        'className' => 'Bolius\\CognitoAuth\\Service\\AuthenticationService',
    )
 );
	<?php
	/*
	* This file is part of the TYPO3 CMS project.
	*
	* It is free software; you can redistribute it and/or modify it under
	* the terms of the GNU General Public License, either version 2
	* of the License, or any later version.
	*
	* For the full copyright and license information, please read the
	* LICENSE.txt file that was distributed with this source code.
	*
	* The TYPO3 project - inspiring people to share!
	*/

	namespace Bolius\CognitoAuth\Service;

	use Firebase\JWT\JWT;
	use phpseclib\Crypt\RSA;
	use phpseclib\Math\BigInteger;
	use TYPO3\CMS\Core\Utility\GeneralUtility;

	/**
	* AWS Cognito authentication service.
	*
	*/
	class AuthenticationService extends \TYPO3\CMS\Sv\AuthenticationService
	{

	/**
	*
	*/
	public function getUser()
	{

	// @todo We shoudl fetch the set of keys from here, create a map of all keys indexed by kid
	//$raw = file_get_contents('https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_gD9Sc0iLZ/.well-known/jwks.json');

	JWT::$leeway = 60; // $leeway in seconds, fo accomodate short differences in time

	$cognitoSessionToken = GeneralUtility::_GET("cognito_id_token");
	$key .= $this->getPublicKey('AQAB', 'jvmFxg8TO9QjPBRWGs65QZXi5jPx3uU-B55SfB0Rf0hL90b0919zDYg_aOJCq9-EPlIyh8IneoTPPX-iuIzpYgEK93ia6Z88fumMVt8HtPShmHmtA9crUXkExFcvhNQewuxQxOkSWArF2MhKhn2vmRuq3Idgv3KT8oW0ri9qBa_3Jic0oD3_IBQUoqyDa122ArRn7uUiin1XuXFetV1GM7u9jxWzL19e7DQTH47IvxcJ6tSXPyMPYwzqqtRJfSRcL4Auz4bwAYsB2zWN5vKk8ZLchlHxErCZb4o9g9XPycDP373yPINLM_fxnNJ1Bi821gIPgoVcYkxLWcxgMm3odw');

	//@todo try catch, since the decode process will throw errors when token has expired, or is not value
	print_r(JWT::decode($cognitoSessionToken, $key, array('RS256')));

	//@todo If user is successfulle authenticated, we should return create a loca fe_user
	exit('MARK');
	return false;
	}

	/**
	* @param array $user
	*/
	public function authUser(array $user)
	{
	return false;
	exit("Auth user");
	}

	/**
	* @param $modulus
	* @param $exponent
	*/
	protected function getPublicKey($exponent, $modulus) {
	$rsa = new RSA();

	$modulus = new BigInteger(JWT::urlsafeB64Decode($modulus), 256);
	$exponent = new BigInteger(JWT::urlsafeB64Decode($exponent), 256);

	$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
	$rsa->setPublicKey();
	return $rsa->getPublicKey();
	}
	}
	<?php
	defined('TYPO3_MODE') \|\| die();


	\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService(
	$_EXTKEY,
	'auth' /* sv type */,
	'Bolius\\CognitoAuth\\Service\\AuthenticationService' /* sv key */,
	array(
	'title' => 'Cognito Authentication service',
	'description' => 'Authentication service for AWS Cognito',

	'subtype' => 'getUserFE,authUserFE',

	'available' => true,
	'priority' => 80,
	'quality' => 80,

	'os' => '',
	'exec' => '',

	'className' => 'Bolius\\CognitoAuth\\Service\\AuthenticationService',
	)
	);