summaryrefslogtreecommitdiffstats
path: root/packages/meteor-accounts-cas/cas_server.js
diff options
context:
space:
mode:
Diffstat (limited to 'packages/meteor-accounts-cas/cas_server.js')
-rw-r--r--packages/meteor-accounts-cas/cas_server.js33
1 files changed, 28 insertions, 5 deletions
diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js
index 15c1b174..2e8edef2 100644
--- a/packages/meteor-accounts-cas/cas_server.js
+++ b/packages/meteor-accounts-cas/cas_server.js
@@ -71,14 +71,37 @@ class CAS {
callback({message: 'Empty response.'});
}
if (result['cas:serviceResponse']['cas:authenticationSuccess']) {
- var userData = {
+ const userData = {
id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(),
- }
+ };
const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0];
- for (var fieldName in attributes) {
+
+ // Check allowed ldap groups if exist (array only)
+ // example cas settings : "allowedLdapGroups" : ["wekan", "admin"],
+ let findedGroup = false;
+ const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false;
+ for (const fieldName in attributes) {
+ if (allowedLdapGroups && fieldName === 'cas:memberOf') {
+ for (const groups in attributes[fieldName]) {
+ const str = attributes[fieldName][groups];
+ if (!Array.isArray(allowedLdapGroups)) {
+ callback({message: 'Settings "allowedLdapGroups" must be an array'});
+ }
+ for (const allowedLdapGroup in allowedLdapGroups) {
+ if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) {
+ findedGroup = true;
+ }
+ }
+ }
+ }
userData[fieldName] = attributes[fieldName][0];
- };
- callback(undefined, true, userData);
+ }
+
+ if (allowedLdapGroups && !findedGroup) {
+ callback({message: 'Group not finded.'}, false);
+ } else {
+ callback(undefined, true, userData);
+ }
} else {
callback(undefined, false);
}