diff options
-rw-r--r-- | .meteor/packages | 1 | ||||
-rw-r--r-- | models/users.js | 27 | ||||
-rw-r--r-- | server/authentication.js | 19 |
3 files changed, 47 insertions, 0 deletions
diff --git a/.meteor/packages b/.meteor/packages index 13f1384a..c525dbbd 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -31,6 +31,7 @@ kenton:accounts-sandstorm service-configuration@1.0.11 useraccounts:unstyled useraccounts:flow-routing +salleman:accounts-oidc # Utilities check@1.2.5 diff --git a/models/users.js b/models/users.js index 9b070c43..6e83337e 100644 --- a/models/users.js +++ b/models/users.js @@ -478,6 +478,33 @@ if (Meteor.isServer) { return user; } + if (user.services.oidc) { + var email = user.services.oidc.email.toLowerCase(); + + user.username = user.services.oidc.username; + user.emails = [{ address: email, + verified: true }]; + var initials = user.services.oidc.fullname.match(/\b[a-zA-Z]/g).join('').toUpperCase(); + user.profile = { initials: initials, fullname: user.services.oidc.fullname }; + + // see if any existing user has this email address or username, otherwise create new + var existingUser = Meteor.users.findOne({$or: [{'emails.address': email}, {'username':user.username}]}); + console.log("user to create : "); + console.log(user); + if (!existingUser) + return user; + + // copy across new service info + var service = _.keys(user.services)[0]; + existingUser.services[service] = user.services[service]; + existingUser.emails = user.emails; + existingUser.username = user.username; + existingUser.profile = user.profile; + + Meteor.users.remove({_id: existingUser._id}); // remove existing record + return existingUser; + } + if (options.from === 'admin') { user.createdThroughApi = true; return user; diff --git a/server/authentication.js b/server/authentication.js index 8059f176..a6872376 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -62,5 +62,24 @@ Meteor.startup(() => { Authentication.checkAdminOrCondition(userId, normalAccess); }; + if (Meteor.isServer) { + ServiceConfiguration.configurations.upsert( + { service: 'oidc' }, + { + $set: { + loginStyle: 'redirect', + clientId: 'CLIENT_ID', + secret: 'SECRET', + serverUrl: 'https://my-server', + authorizationEndpoint: '/oauth/authorize', + userinfoEndpoint: '/oauth/userinfo', + tokenEndpoint: '/oauth/token', + idTokenWhitelistFields: [], + requestPermissions: ['openid'] + } + } + ); + } + }); |