diff options
Diffstat (limited to 'packages/meteor-accounts-cas/cas_server.js')
-rw-r--r-- | packages/meteor-accounts-cas/cas_server.js | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js index 15c1b174..2e8edef2 100644 --- a/packages/meteor-accounts-cas/cas_server.js +++ b/packages/meteor-accounts-cas/cas_server.js @@ -71,14 +71,37 @@ class CAS { callback({message: 'Empty response.'}); } if (result['cas:serviceResponse']['cas:authenticationSuccess']) { - var userData = { + const userData = { id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(), - } + }; const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0]; - for (var fieldName in attributes) { + + // Check allowed ldap groups if exist (array only) + // example cas settings : "allowedLdapGroups" : ["wekan", "admin"], + let findedGroup = false; + const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false; + for (const fieldName in attributes) { + if (allowedLdapGroups && fieldName === 'cas:memberOf') { + for (const groups in attributes[fieldName]) { + const str = attributes[fieldName][groups]; + if (!Array.isArray(allowedLdapGroups)) { + callback({message: 'Settings "allowedLdapGroups" must be an array'}); + } + for (const allowedLdapGroup in allowedLdapGroups) { + if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) { + findedGroup = true; + } + } + } + } userData[fieldName] = attributes[fieldName][0]; - }; - callback(undefined, true, userData); + } + + if (allowedLdapGroups && !findedGroup) { + callback({message: 'Group not finded.'}, false); + } else { + callback(undefined, true, userData); + } } else { callback(undefined, false); } |