https://assistance.opentalent.fr/browse/V8-2495

doc/problems_resolutions/cross_domain_auth.md

@@ -140,3 +140,12 @@ Le setCookie appelé vérifie que le referer est bien en opentalent.fr. Si oui,
 la requête a un paramètre BEARER, alors il créé le cookie correspondant dans le bon domaine.
 
 > https://blog.theodo.com/2016/10/how-to-track-your-users-over-several-domains/
+
+
+## Update
+
+Parce que les règles de sécurité des navigateurs ont semble-t-il encore évolué, la solution retenue et qui 
+fontionnait n'est plus opérationnelle.
+
+Dans l'attente d'une solution durable (serveur d'auth), on se rabat sur une solution temporaire, c'est à dire 
+qu'on réactive les modales d'authentification sur les sites dont le domaines n'est pas en .opentalent.fr

ot_connect/Classes/Service/OtAuthenticationService.php

@@ -251,7 +251,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
             $value = $cookie->getValue();
             $expires = $cookie->getExpires();
             $path = $cookie->getPath();
-            $domain = self::COOKIE_DOMAIN;
+            $domain = $_SERVER['HTTP_HOST'];
             $secure = $cookie->getSecure();
             $httpOnly = $cookie->getHttpOnly();
 
@@ -433,7 +433,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
      */
     protected function unset_cookie(string $name): bool
     {
-        $res = setcookie($name, '', time() - 1, '/');
+        $res = setcookie($name, '', 1, '/', $_SERVER['HTTP_HOST']);
         if (!$res) {
             $this->writeLogMessage('Error while unsetting ' . $name . ' cookie');
         }

ot_templating/Classes/ViewHelpers/Request/IsCustomDomainViewHelper.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Opentalent\OtTemplating\ViewHelpers\Request;
+
+use Closure;
+use Opentalent\OtCore\ViewHelpers\OtAbstractViewHelper;
+use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
+
+/**
+ *   Return true if the requested website's domain is a custom domain,
+ *   i.e. its domain is not of the form *.opentalent.fr
+ *
+ *     {namespace ot=Opentalent\OtTemplating\ViewHelpers}
+ *
+ *     {ot:request.isCustomDomain()}
+ *
+ * @package Opentalent\OtTemplating\ViewHelpers
+ */
+class IsCustomDomainViewHelper extends OtAbstractViewHelper {
+
+    /**
+     * -- This method is expected by Fluid --
+     * Declares the viewhelper's parameters
+     */
+    public function initializeArguments()
+    {
+    }
+
+    /**
+     * -- This method is expected by Fluid --
+     * Renders the content as html
+     *
+     * @param array $arguments
+     * @param Closure $renderChildrenClosure
+     * @param RenderingContextInterface $renderingContext
+     * @return string|null
+     */
+    public static function renderStatic(
+        array $arguments,
+        Closure $renderChildrenClosure,
+        RenderingContextInterface $renderingContext
+    ) {
+        return !preg_match(
+            "/.*\.opentalent\.fr/",
+            $_SERVER['HTTP_HOST']
+        );
+    }
+}

ot_templating/Resources/Private/Partials/Classic/UserToolbar.html

@@ -32,10 +32,56 @@
         </f:then>
         <f:else>
 
-            <a href="https://www.opentalent.fr/login/" target="_blank" id="login-btn">
-                <i class="fas fa-power-off"></i> <f:translate key="login"/>
-            </a>
+            <f:if condition="{ot:request.isCustomDomain()}">
+                <f:then>
+                    <f:comment><!-- Because crossdomain auth could not be achieved properly until now,
+                                    the login popup is shown for websites with custom domains --></f:comment>
+                    <f:comment><!-- Popup de login --></f:comment>
+
+                    <a href="#" id="login-btn">
+                        <i class="fas fa-power-off"></i> Se connecter
+                    </a>
+
+                    <div id="login-popup" class="<f:if condition='{ot:loginFailed()}==1' then='show'></f:if>">
+                        <form id="login_form" class="popup-form" action="" method="POST" enctype="multipart/form-data" >
+
+                            <f:comment><!-- Just for typo3 to indentify it as a login request --></f:comment>
+                            <input type="hidden" name="logintype" value="login" />
+
+                            <input type="text"
+                                   class="form-control {f:if(then: 'is-invalid', condition: '{usernameErrors}')}"
+                                   placeholder="Nom d'utilisateur"
+                                   name="user"
+                                   required="1" />
+
+                            <input type="password"
+                                   class="form-control {f:if(then: 'is-invalid', condition: '{passwordErrors}')}"
+                                   name="pass"
+                                   placeholder="Mot de passe"
+                                   required="1" />
+
+                            <input type="submit" id="login-button" value="Se connecter" />
+
+                            <f:if condition="{ot:loginFailed()}==1">
+                                <f:then>
+                                    <div class="login-errormsg alert">
+                                        La tentative de connexion a échoué...<br/>
+                                        Êtes-vous sûr d'avoir bien renseigné vos identifiants?
+                                    </div>
+                                </f:then>
+                            </f:if>
+                        </form>
+                    </div>
+
+                </f:then>
+                <f:else>
+                    <a href="https://www.opentalent.fr/login/" target="_blank" id="login-btn">
+                        <i class="fas fa-power-off"></i> <f:translate key="login"/>
+                    </a>
+                </f:else>
+            </f:if>
 
         </f:else>
+
     </f:security.ifAuthenticated>
 </div>

ot_templating/Resources/Private/Partials/Classic/UserToolbar.html.future

@@ -1,73 +0,0 @@
-{namespace v=FluidTYPO3\Vhs\ViewHelpers}
-{namespace ot=Opentalent\OtTemplating\ViewHelpers}
-
-<f:comment><!-- Panneau d'authentification ou espace utilisateur --></f:comment>
-
-<div class="user-toolbar">
-    <f:security.ifAuthenticated>
-        <f:then>
-
-            <div class="dropdown">
-                <a href="#" class="user-toolbar-username">
-                    <i class="fa fa-user"></i>
-                    {user.username}
-                    <i class="fa fa-caret-down"></i>
-                </a>
-
-                <ul class="dropdown-menu">
-                    <li>
-                        <a href="{settings.opentalentDashboardUrl}" target="_blank">
-                            Espace adhérent de ma structure
-                        </a>
-                    </li>
-                    <li>
-                        <f:link.page additionalParams="{logintype:'logout'}">
-                            <f:translate key="log-out"/>
-                        </f:link.page>
-                    </li>
-                </ul>
-            </div>
-
-        </f:then>
-        <f:else>
-
-            <a href="#" id="login-btn">
-                <i class="fas fa-power-off"></i> Se connecter
-            </a>
-
-            <f:comment><!-- Popup de login --></f:comment>
-
-            <div id="login-popup" class="<f:if condition='{ot:loginFailed()}==1' then='show'></f:if>">
-                <form id="login_form" class="popup-form" action="" method="POST" enctype="multipart/form-data" >
-
-                    <f:comment><!-- Just for typo3 to indentify it as a login request --></f:comment>
-                    <input type="hidden" name="logintype" value="login" />
-
-                    <input type="text"
-                           class="form-control {f:if(then: 'is-invalid', condition: '{usernameErrors}')}"
-                           placeholder="Nom d'utilisateur"
-                           name="user"
-                           required="1" />
-
-                    <input type="password"
-                           class="form-control {f:if(then: 'is-invalid', condition: '{passwordErrors}')}"
-                           name="pass"
-                           placeholder="Mot de passe"
-                           required="1" />
-
-                    <input type="submit" id="login-button" value="Se connecter" />
-
-                    <f:if condition="{ot:loginFailed()}==1">
-                        <f:then>
-                            <div class="login-errormsg alert">
-                                La tentative de connexion a échoué...<br/>
-                                Êtes-vous sûr d'avoir bien renseigné vos identifiants?
-                            </div>
-                        </f:then>
-                    </f:if>
-                </form>
-            </div>
-
-        </f:else>
-    </f:security.ifAuthenticated>
-</div>

ot_templating/Resources/Private/Partials/Modern/Topbar.html.future

@@ -1,78 +0,0 @@
-{namespace ot=Opentalent\OtTemplating\ViewHelpers}
-
-<div class="topbar">
-    <div class="container-fluid">
-        <div class="row">
-            <div class="col-lg-6 col-md-6 xs-mb-10">
-                <div class="topbar-call text-center text-md-left">
-                    <ul>
-
-                        <li class="brand-free">
-                            <strong>{settings.structureName}</strong> est membre de &nbsp;
-
-                            <f:if condition="{settings.networkLogo} != ''">
-                                <a href="#"
-                                   title="{settings.networkName}"
-                                   class="reseau"
-                                   data-toggle="modal"
-                                   data-target="#cmfModal">
-                                    <img src="{settings.networkLogoUrl}"
-                                         alt="{settings.networkName}"
-                                         height="22px" />
-                                </a> &nbsp;
-                            </f:if>
-
-                            <a href="#"
-                               title="Opentalent"
-                               class="reseau-opentalent"
-                               data-toggle="modal"
-                               data-target="#opentalentModal">
-                                <f:image src="EXT:ot_templating/Resources/Public/media/opentalent_longueur_S.jpg"
-                                     alt="Opentalent"
-                                     height="18px" />
-                            </a>
-                        </li>
-
-                        <li id="notice-cmf">
-                            <strong>{settings.networkName}</strong>
-                        </li>
-                    </ul>
-                </div>
-            </div>
-            <div class="col-lg-6 col-md-6">
-                <div class="topbar-social text-center text-md-right text-bold">
-                    <ul>
-                        <f:security.ifAuthenticated>
-                            <f:then>
-                                <li>
-                                    <span>Bienvenue <b>{user.username}</b>!</span>
-                                </li>
-                                <li>
-                                    <a href="{settings.opentalentDashboardUrl}">
-                                        Accéder à l'intranet
-                                    </a>
-                                </li>
-                                <li>
-                                    <f:link.page additionalParams="{logintype:'logout'}">
-                                        <f:translate key="log-out"/>
-                                    </f:link.page>
-                                </li>
-                            </f:then>
-                            <f:else>
-                                <li>
-                                    <a href="#"
-                                       class="{f:if(condition: '{ot:loginFailed()}', then: 'trigger-on-load')}"
-                                       data-toggle="modal"
-                                       data-target="#loginModal">
-                                        Se connecter
-                                    </a>
-                                </li>
-                            </f:else>
-                        </f:security.ifAuthenticated>
-
-                    </ul>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>

ot_templating/Resources/Private/Partials/Modern/UserToolbar.html

@@ -24,12 +24,26 @@
         </f:then>
         <f:else>
             <li>
-                <a href="https://www.opentalent.fr/login/"
-                   target="_blank"
-                   class="{f:if(condition: '{ot:loginFailed()}', then: 'trigger-on-load')}"
-                >
-                    <f:translate key="login"/>
-                </a>
+                <f:if condition="{ot:request.isCustomDomain()}">
+                    <f:then>
+                        <f:comment><!-- Because crossdomain auth could not be achieved properly until now,
+                                    the login popup is shown for websites with custom domains --></f:comment>
+                        <a href="#"
+                           class="{f:if(condition: '{ot:loginFailed()}', then: 'trigger-on-load')}"
+                           data-toggle="modal"
+                           data-target="#loginModal">
+                            Se connecter
+                        </a>
+                    </f:then>
+                    <f:else>
+                        <a href="https://www.opentalent.fr/login/"
+                           target="_blank"
+                           class="{f:if(condition: '{ot:loginFailed()}', then: 'trigger-on-load')}"
+                        >
+                            <f:translate key="login"/>
+                        </a>
+                    </f:else>
+                </f:if>
             </li>
         </f:else>
     </f:security.ifAuthenticated>

ot_templating/Resources/Public/assets/Classic/script/main.js

@@ -117,19 +117,19 @@ $(document).ready(function(){
 
 
     // **** Login Pop-Up and Auth
-    // $('#login-btn').on('click', function(e) {
-    //     e.preventDefault();
-    //     $('#login-popup .popup-form').toggleClass("show");
-    // });
-    //
-    // if ($('#login-popup').find('.alert').length) {
-    //     $('#login-popup .popup-form').toggleClass("show");
-    // }
+    $('#login-btn').on('click', function(e) {
+        e.preventDefault();
+        $('#login-popup .popup-form').toggleClass("show");
+    });
+
+    if ($('#login-popup').find('.alert').length) {
+        $('#login-popup .popup-form').toggleClass("show");
+    }
 
     // **** Forms ****
-    // $('.search-submit').on('click', function(e) {
-    //     $(this).parent('form').submit();
-    // })
+    $('.search-submit').on('click', function(e) {
+        $(this).parent('form').submit();
+    })
 
     $('.datepicker').datepicker({
         minDate: new Date(),