diff options
| author | Lauri Ojansivu <x@xet7.org> | 2019-05-22 21:48:52 +0300 |
|---|---|---|
| committer | Lauri Ojansivu <x@xet7.org> | 2019-05-22 21:48:52 +0300 |
| commit | 526e10865ff0c2c4465ead8ae14328ebf0d40257 (patch) | |
| tree | dae87fb59829e963fdeea27fa0eb6dcfe1838cd7 /packages | |
| parent | e38988126ab99abda6c4a46c077bd8ea1424a662 (diff) | |
| parent | d83cb75f95e94524e1117111ca0dd063021cf3b8 (diff) | |
| download | wekan-526e10865ff0c2c4465ead8ae14328ebf0d40257.tar.gz wekan-526e10865ff0c2c4465ead8ae14328ebf0d40257.tar.bz2 wekan-526e10865ff0c2c4465ead8ae14328ebf0d40257.zip | |
Merge branch 'edge' into meteor-1.8
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/meteor-accounts-cas/cas_client.js | 7 | ||||
| -rw-r--r-- | packages/meteor-accounts-cas/cas_server.js | 33 |
2 files changed, 34 insertions, 6 deletions
diff --git a/packages/meteor-accounts-cas/cas_client.js b/packages/meteor-accounts-cas/cas_client.js index bd94be6b..ca9288ae 100644 --- a/packages/meteor-accounts-cas/cas_client.js +++ b/packages/meteor-accounts-cas/cas_client.js @@ -81,7 +81,12 @@ Meteor.loginWithCas = function(options, callback) { // check auth on server. Accounts.callLoginMethod({ methodArguments: [{ cas: { credentialToken: credentialToken } }], - userCallback: callback + userCallback: err => { + // Fix redirect bug after login successfully + if (!err) { + window.location.href = '/'; + } + } }); } }, 100); diff --git a/packages/meteor-accounts-cas/cas_server.js b/packages/meteor-accounts-cas/cas_server.js index 15c1b174..2e8edef2 100644 --- a/packages/meteor-accounts-cas/cas_server.js +++ b/packages/meteor-accounts-cas/cas_server.js @@ -71,14 +71,37 @@ class CAS { callback({message: 'Empty response.'}); } if (result['cas:serviceResponse']['cas:authenticationSuccess']) { - var userData = { + const userData = { id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(), - } + }; const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0]; - for (var fieldName in attributes) { + + // Check allowed ldap groups if exist (array only) + // example cas settings : "allowedLdapGroups" : ["wekan", "admin"], + let findedGroup = false; + const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false; + for (const fieldName in attributes) { + if (allowedLdapGroups && fieldName === 'cas:memberOf') { + for (const groups in attributes[fieldName]) { + const str = attributes[fieldName][groups]; + if (!Array.isArray(allowedLdapGroups)) { + callback({message: 'Settings "allowedLdapGroups" must be an array'}); + } + for (const allowedLdapGroup in allowedLdapGroups) { + if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) { + findedGroup = true; + } + } + } + } userData[fieldName] = attributes[fieldName][0]; - }; - callback(undefined, true, userData); + } + + if (allowedLdapGroups && !findedGroup) { + callback({message: 'Group not finded.'}, false); + } else { + callback(undefined, true, userData); + } } else { callback(undefined, false); } |