diff options
-rw-r--r-- | packages/meteor-accounts-cas/cas_client.js | 7 | ||||
-rw-r--r-- | packages/meteor-accounts-cas/cas_server.js | 33 |
2 files changed, 34 insertions, 6 deletions
diff --git a/packages/meteor-accounts-cas/cas_client.js b/packages/meteor-accounts-cas/cas_client.js index bd94be6b..ca9288ae 100644 --- a/packages/meteor-accounts-cas/cas_client.js +++ b/packages/meteor-accounts-cas/cas_client.js @@ -81,7 +81,12 @@ Meteor.loginWithCas = function(options, callback) { // check auth on server. Accounts.callLoginMethod({ methodArguments: [{ cas: { credentialToken: credentialToken } }], - userCallback: callback + userCallback: err => { + // Fix redirect bug after login successfully + if (!err) { + window.location.href = '/'; + } + } }); } }, 100); diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js index 15c1b174..2e8edef2 100644 --- a/packages/meteor-accounts-cas/cas_server.js +++ b/packages/meteor-accounts-cas/cas_server.js @@ -71,14 +71,37 @@ class CAS { callback({message: 'Empty response.'}); } if (result['cas:serviceResponse']['cas:authenticationSuccess']) { - var userData = { + const userData = { id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(), - } + }; const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0]; - for (var fieldName in attributes) { + + // Check allowed ldap groups if exist (array only) + // example cas settings : "allowedLdapGroups" : ["wekan", "admin"], + let findedGroup = false; + const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false; + for (const fieldName in attributes) { + if (allowedLdapGroups && fieldName === 'cas:memberOf') { + for (const groups in attributes[fieldName]) { + const str = attributes[fieldName][groups]; + if (!Array.isArray(allowedLdapGroups)) { + callback({message: 'Settings "allowedLdapGroups" must be an array'}); + } + for (const allowedLdapGroup in allowedLdapGroups) { + if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) { + findedGroup = true; + } + } + } + } userData[fieldName] = attributes[fieldName][0]; - }; - callback(undefined, true, userData); + } + + if (allowedLdapGroups && !findedGroup) { + callback({message: 'Group not finded.'}, false); + } else { + callback(undefined, true, userData); + } } else { callback(undefined, false); } |