diff options
| author | Allemand Sylvain <salleman@faddef.math.u-bordeaux1.fr> | 2018-04-09 16:49:07 +0200 |
|---|---|---|
| committer | Allemand Sylvain <salleman@faddef.math.u-bordeaux1.fr> | 2018-04-09 16:49:07 +0200 |
| commit | 1c8a00943cff236ca40b2662189102a7851d3b56 (patch) | |
| tree | 9cd99741f83ab604c6c0bf60309be49646e24b4d | |
| parent | c115046a7c86b30ab5deb8762d3ef7a5ea3f4f90 (diff) | |
| download | wekan-1c8a00943cff236ca40b2662189102a7851d3b56.tar.gz wekan-1c8a00943cff236ca40b2662189102a7851d3b56.tar.bz2 wekan-1c8a00943cff236ca40b2662189102a7851d3b56.zip | |
authentification oauth2
| -rw-r--r-- | .meteor/packages | 1 | ||||
| -rw-r--r-- | models/users.js | 11 | ||||
| -rw-r--r-- | server/authentication.js | 19 |
3 files changed, 31 insertions, 0 deletions
diff --git a/.meteor/packages b/.meteor/packages index c1b8ab88..1b64a0a8 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -31,6 +31,7 @@ kenton:accounts-sandstorm service-configuration@1.0.11 useraccounts:unstyled useraccounts:flow-routing +salleman:accounts-oidc # Utilities check@1.2.5 diff --git a/models/users.js b/models/users.js index da8ca77c..364f7fd7 100644 --- a/models/users.js +++ b/models/users.js @@ -459,6 +459,17 @@ if (Meteor.isServer) { return user; } + if (user.services.oidc) { + user.username = user.services.oidc.username; + user.emails = [{ + address: user.services.oidc.email.toLowerCase(), + verified: false, + }]; + const initials = user.services.oidc.fullname.match(/\b[a-zA-Z]/g).join('').toUpperCase(); + user.profile = { initials: initials, fullname: user.services.oidc.fullname }; + } + + if (options.from === 'admin') { user.createdThroughApi = true; return user; diff --git a/server/authentication.js b/server/authentication.js index acc101cc..03b4c464 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -54,5 +54,24 @@ Meteor.startup(() => { Authentication.checkAdminOrCondition(userId, normalAccess); }; + if (Meteor.isServer) { + ServiceConfiguration.configurations.upsert( + { service: 'oidc' }, + { + $set: { + loginStyle: 'redirect', + clientId: 'CLIENT_ID', + secret: 'SECRET', + serverUrl: 'https://my-server', + authorizationEndpoint: '/oauth/authorize', + userinfoEndpoint: '/oauth/userinfo', + tokenEndpoint: '/oauth/token', + idTokenWhitelistFields: [], + requestPermissions: ['openid'] + } + } + ); + } + }); |