summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.meteor/packages1
-rw-r--r--models/users.js27
-rw-r--r--server/authentication.js19
3 files changed, 47 insertions, 0 deletions
diff --git a/.meteor/packages b/.meteor/packages
index 13f1384a..c525dbbd 100644
--- a/.meteor/packages
+++ b/.meteor/packages
@@ -31,6 +31,7 @@ kenton:accounts-sandstorm
service-configuration@1.0.11
useraccounts:unstyled
useraccounts:flow-routing
+salleman:accounts-oidc
# Utilities
check@1.2.5
diff --git a/models/users.js b/models/users.js
index 9b070c43..6e83337e 100644
--- a/models/users.js
+++ b/models/users.js
@@ -478,6 +478,33 @@ if (Meteor.isServer) {
return user;
}
+ if (user.services.oidc) {
+ var email = user.services.oidc.email.toLowerCase();
+
+ user.username = user.services.oidc.username;
+ user.emails = [{ address: email,
+ verified: true }];
+ var initials = user.services.oidc.fullname.match(/\b[a-zA-Z]/g).join('').toUpperCase();
+ user.profile = { initials: initials, fullname: user.services.oidc.fullname };
+
+ // see if any existing user has this email address or username, otherwise create new
+ var existingUser = Meteor.users.findOne({$or: [{'emails.address': email}, {'username':user.username}]});
+ console.log("user to create : ");
+ console.log(user);
+ if (!existingUser)
+ return user;
+
+ // copy across new service info
+ var service = _.keys(user.services)[0];
+ existingUser.services[service] = user.services[service];
+ existingUser.emails = user.emails;
+ existingUser.username = user.username;
+ existingUser.profile = user.profile;
+
+ Meteor.users.remove({_id: existingUser._id}); // remove existing record
+ return existingUser;
+ }
+
if (options.from === 'admin') {
user.createdThroughApi = true;
return user;
diff --git a/server/authentication.js b/server/authentication.js
index 8059f176..a6872376 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -62,5 +62,24 @@ Meteor.startup(() => {
Authentication.checkAdminOrCondition(userId, normalAccess);
};
+ if (Meteor.isServer) {
+ ServiceConfiguration.configurations.upsert(
+ { service: 'oidc' },
+ {
+ $set: {
+ loginStyle: 'redirect',
+ clientId: 'CLIENT_ID',
+ secret: 'SECRET',
+ serverUrl: 'https://my-server',
+ authorizationEndpoint: '/oauth/authorize',
+ userinfoEndpoint: '/oauth/userinfo',
+ tokenEndpoint: '/oauth/token',
+ idTokenWhitelistFields: [],
+ requestPermissions: ['openid']
+ }
+ }
+ );
+ }
+
});