diff options
author | Lauri Ojansivu <x@xet7.org> | 2019-05-22 20:15:24 +0300 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2019-05-22 20:15:24 +0300 |
commit | d194cc7a5a3daa624989e34e65968d3ba2733337 (patch) | |
tree | 899989a9421b9503aa9eeaabef92216f3d1458d2 /packages/meteor-accounts-cas | |
parent | 0834f6ed1e544189c99648da3f7e1e3f4c0cef6b (diff) | |
download | wekan-d194cc7a5a3daa624989e34e65968d3ba2733337.tar.gz wekan-d194cc7a5a3daa624989e34e65968d3ba2733337.tar.bz2 wekan-d194cc7a5a3daa624989e34e65968d3ba2733337.zip |
- [CAS allowed LDAP groups](https://github.com/wekan/meteor-accounts-cas/pull/4).
Thanks to ppoulard !
Please test.
Related #2356
Diffstat (limited to 'packages/meteor-accounts-cas')
-rw-r--r-- | packages/meteor-accounts-cas/cas_client.js | 7 | ||||
-rw-r--r-- | packages/meteor-accounts-cas/cas_server.js | 33 |
2 files changed, 34 insertions, 6 deletions
diff --git a/packages/meteor-accounts-cas/cas_client.js b/packages/meteor-accounts-cas/cas_client.js index bd94be6b..ca9288ae 100644 --- a/packages/meteor-accounts-cas/cas_client.js +++ b/packages/meteor-accounts-cas/cas_client.js @@ -81,7 +81,12 @@ Meteor.loginWithCas = function(options, callback) { // check auth on server. Accounts.callLoginMethod({ methodArguments: [{ cas: { credentialToken: credentialToken } }], - userCallback: callback + userCallback: err => { + // Fix redirect bug after login successfully + if (!err) { + window.location.href = '/'; + } + } }); } }, 100); diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js index 15c1b174..2e8edef2 100644 --- a/packages/meteor-accounts-cas/cas_server.js +++ b/packages/meteor-accounts-cas/cas_server.js @@ -71,14 +71,37 @@ class CAS { callback({message: 'Empty response.'}); } if (result['cas:serviceResponse']['cas:authenticationSuccess']) { - var userData = { + const userData = { id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(), - } + }; const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0]; - for (var fieldName in attributes) { + + // Check allowed ldap groups if exist (array only) + // example cas settings : "allowedLdapGroups" : ["wekan", "admin"], + let findedGroup = false; + const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false; + for (const fieldName in attributes) { + if (allowedLdapGroups && fieldName === 'cas:memberOf') { + for (const groups in attributes[fieldName]) { + const str = attributes[fieldName][groups]; + if (!Array.isArray(allowedLdapGroups)) { + callback({message: 'Settings "allowedLdapGroups" must be an array'}); + } + for (const allowedLdapGroup in allowedLdapGroups) { + if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) { + findedGroup = true; + } + } + } + } userData[fieldName] = attributes[fieldName][0]; - }; - callback(undefined, true, userData); + } + + if (allowedLdapGroups && !findedGroup) { + callback({message: 'Group not finded.'}, false); + } else { + callback(undefined, true, userData); + } } else { callback(undefined, false); } |