summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/meteor-accounts-cas/cas_client.js7
-rw-r--r--packages/meteor-accounts-cas/cas_server.js33
2 files changed, 34 insertions, 6 deletions
diff --git a/packages/meteor-accounts-cas/cas_client.js b/packages/meteor-accounts-cas/cas_client.js
index bd94be6b..ca9288ae 100644
--- a/packages/meteor-accounts-cas/cas_client.js
+++ b/packages/meteor-accounts-cas/cas_client.js
@@ -81,7 +81,12 @@ Meteor.loginWithCas = function(options, callback) {
// check auth on server.
Accounts.callLoginMethod({
methodArguments: [{ cas: { credentialToken: credentialToken } }],
- userCallback: callback
+ userCallback: err => {
+ // Fix redirect bug after login successfully
+ if (!err) {
+ window.location.href = '/';
+ }
+ }
});
}
}, 100);
diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js
index 15c1b174..2e8edef2 100644
--- a/packages/meteor-accounts-cas/cas_server.js
+++ b/packages/meteor-accounts-cas/cas_server.js
@@ -71,14 +71,37 @@ class CAS {
callback({message: 'Empty response.'});
}
if (result['cas:serviceResponse']['cas:authenticationSuccess']) {
- var userData = {
+ const userData = {
id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(),
- }
+ };
const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0];
- for (var fieldName in attributes) {
+
+ // Check allowed ldap groups if exist (array only)
+ // example cas settings : "allowedLdapGroups" : ["wekan", "admin"],
+ let findedGroup = false;
+ const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false;
+ for (const fieldName in attributes) {
+ if (allowedLdapGroups && fieldName === 'cas:memberOf') {
+ for (const groups in attributes[fieldName]) {
+ const str = attributes[fieldName][groups];
+ if (!Array.isArray(allowedLdapGroups)) {
+ callback({message: 'Settings "allowedLdapGroups" must be an array'});
+ }
+ for (const allowedLdapGroup in allowedLdapGroups) {
+ if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) {
+ findedGroup = true;
+ }
+ }
+ }
+ }
userData[fieldName] = attributes[fieldName][0];
- };
- callback(undefined, true, userData);
+ }
+
+ if (allowedLdapGroups && !findedGroup) {
+ callback({message: 'Group not finded.'}, false);
+ } else {
+ callback(undefined, true, userData);
+ }
} else {
callback(undefined, false);
}