[FEATURE] Allow to generate authentication URLs without request

Author: SomeBdyElse

Classes/EventListener/FrontendLoginEventListener.php

@@ -20,6 +20,7 @@
 use Causal\Oidc\Service\OpenIdConnectService;
 use Psr\Log\LoggerAwareInterface;
 use Psr\Log\LoggerAwareTrait;
+use TYPO3\CMS\Core\Http\Uri;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\FrontendLogin\Event\ModifyLoginFormViewEvent;
 
@@ -29,7 +30,15 @@ class FrontendLoginEventListener implements LoggerAwareInterface
 
     public function modifyLoginFormView(ModifyLoginFormViewEvent $event): void
     {
-        $uri = GeneralUtility::makeInstance(OpenIdConnectService::class)->getAuthenticationRequestUrl();
+        $request = $event->getRequest();
+        $currentUrl = new Uri(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'));
+        $redirectUrl = new Uri($request->getParsedBody()['redirect_url'] ?? $request->getQueryParams()['redirect_url'] ?? '');
+
+        $uri = GeneralUtility::makeInstance(OpenIdConnectService::class)->getFrontendAuthenticationRequestUrl(
+            $request->getAttribute('language', $request->getAttribute('site')->getDefaultLanguage()),
+            $currentUrl,
+            $redirectUrl,
+        );
         if ($uri) {
             $event->getView()->assign('openidConnectUri', (string)$uri);
         }

Classes/Service/OpenIdConnectService.php

@@ -41,32 +41,48 @@ public function isAuthenticationRequest(ServerRequestInterface $request): bool
         return $language && $request->getUri()->getPath() === $this->getAuthenticationUrlRoutePath($language);
     }
 
+    /**
+     * @deprecated
+     */
     public function getAuthenticationRequestUrl(): ?UriInterface
     {
-        $request = $GLOBALS['TYPO3_REQUEST'] ?? null;
-        if ($request) {
-            $loginUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL');
-            $redirectUrl = $request->getParsedBody()['redirect_url'] ?? $request->getQueryParams()['redirect_url'] ?? '';
-
-            // TYPO3 v13
-            if (class_exists(\TYPO3\CMS\Core\Crypto\HashService::class)) {
-                $hash = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\HashService::class)->hmac($loginUrl . $redirectUrl, 'oidc');
-            } else {
-                $hash = GeneralUtility::hmac($loginUrl . $redirectUrl, 'oidc');
-            }
-
-            $query = GeneralUtility::implodeArrayForUrl('', [
-                'login_url' => $loginUrl,
-                'redirect_url' => $redirectUrl,
-                'validation_hash' => $hash,
-            ]);
-
-            $language = $request->getAttribute('language', $request->getAttribute('site')->getDefaultLanguage());
-            return $language->getBase()
-                ->withPath($this->getAuthenticationUrlRoutePath($language))
-                ->withQuery($query);
+        trigger_error(
+            'Calling getAuthenticationRequestUrl will be removed. Consider using getFrontendAuthenticationRequestUrl instead.',
+            E_USER_DEPRECATED,
+        );
+        $request = $GLOBALS['TYPO3_REQUEST'];
+        return $this->getFrontendAuthenticationRequestUrl(
+            $request->getAttribute('language', $request->getAttribute('site')->getDefaultLanguage()),
+            GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'),
+            $request->getParsedBody()['redirect_url'] ?? $request->getQueryParams()['redirect_url'] ?? '',
+        );
+    }
+
+    public function getFrontendAuthenticationRequestUrl(
+        SiteLanguage $language,
+        UriInterface $loginUrl,
+        ?UriInterface $redirectUrl = null,
+    ): ?UriInterface {
+        $queryParameters = ['login_url' => (string)$loginUrl];
+        if ($redirectUrl) {
+            $queryParameters['redirect_url'] = (string)$redirectUrl;
+        }
+
+        $queryParametersString = implode(array_values($queryParameters));
+        // TYPO3 v13
+        if (class_exists(\TYPO3\CMS\Core\Crypto\HashService::class)) {
+            $hash = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Crypto\HashService::class)->hmac($queryParametersString, 'oidc');
+        } else {
+            $hash = GeneralUtility::hmac($queryParametersString, 'oidc');
         }
-        return null;
+
+        $queryParameters['validation_hash'] = $hash;
+
+        $query = GeneralUtility::implodeArrayForUrl('', $queryParameters);
+
+        return $language->getBase()
+            ->withPath($this->getAuthenticationUrlRoutePath($language))
+            ->withQuery($query);
     }
 
     public function generateAuthenticationContext(ServerRequestInterface $request, array $authorizationUrlOptions = []): AuthenticationContext

Classes/ViewHelpers/OidcLinkViewHelper.php

@@ -20,6 +20,7 @@
 use Causal\Oidc\Service\OpenIdConnectService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3Fluid\Fluid\Core\ViewHelper\AbstractViewHelper;
+use TYPO3\CMS\Core\Http\Uri;
 
 class OidcLinkViewHelper extends AbstractViewHelper
 {
@@ -28,7 +29,13 @@ class OidcLinkViewHelper extends AbstractViewHelper
      */
     public function render(): string
     {
-        $url = GeneralUtility::makeInstance(OpenIdConnectService::class)->getAuthenticationRequestUrl();
-        return (string)$url;
+        $request = $GLOBALS['TYPO3_REQUEST'];
+        $currentUrl = new Uri(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'));
+        $redirectUrl = new Uri($request->getParsedBody()['redirect_url'] ?? $request->getQueryParams()['redirect_url'] ?? '');
+        return (string)GeneralUtility::makeInstance(OpenIdConnectService::class)->getFrontendAuthenticationRequestUrl(
+            $request->getAttribute('language', $request->getAttribute('site')->getDefaultLanguage()),
+            $currentUrl,
+            $redirectUrl,
+        );
     }
 }