- [CAS allowed LDAP groups](https://github.com/wekan/meteor-accounts-cas/pull/4).

Thanks to ppoulard ! Please test. Related #2356
2025-12-16 15:30:13 +01:00 · 2019-05-22 20:15:24 +03:00 · 2019-05-22 20:15:24 +03:00 · d194cc7a5a
commit d194cc7a5a
parent 0834f6ed1e
2 changed files with 35 additions and 7 deletions
--- a/packages/meteor-accounts-cas/cas_client.js
+++ b/packages/meteor-accounts-cas/cas_client.js
@ -81,7 +81,12 @@ Meteor.loginWithCas = function(options, callback) {
            // check auth on server.
            Accounts.callLoginMethod({
                methodArguments: [{ cas: { credentialToken: credentialToken } }],
-                userCallback: callback
+                userCallback: err => {
                    // Fix redirect bug after login successfully
                    if (!err) {
                        window.location.href = '/';
                    }
                }
            });
        }
    }, 100);
--- a/packages/meteor-accounts-cas/cas_server.js
+++ b/packages/meteor-accounts-cas/cas_server.js
@ -71,14 +71,37 @@ class CAS {
                callback({message: 'Empty response.'});
              }
              if (result['cas:serviceResponse']['cas:authenticationSuccess']) {
-                var userData = {
+                const userData = {
                  id: result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:user'][0].toLowerCase(),
                }
                const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0];
                for (var fieldName in attributes) {
                  userData[fieldName] = attributes[fieldName][0];
                };
-                callback(undefined, true, userData);
+                const attributes = result['cas:serviceResponse']['cas:authenticationSuccess'][0]['cas:attributes'][0];
                // Check allowed ldap groups if exist (array only)
                // example cas settings : "allowedLdapGroups" : ["wekan", "admin"],
                let findedGroup = false;
                const allowedLdapGroups = Meteor.settings.cas.allowedLdapGroups || false;
                for (const fieldName in attributes) {
                  if (allowedLdapGroups && fieldName === 'cas:memberOf') {
                    for (const groups in attributes[fieldName]) {
                      const str = attributes[fieldName][groups];
                      if (!Array.isArray(allowedLdapGroups)) {
                        callback({message: 'Settings "allowedLdapGroups" must be an array'});
                      }
                      for (const allowedLdapGroup in allowedLdapGroups) {
                        if (str.search(`cn=${allowedLdapGroups[allowedLdapGroup]}`) >= 0) {
                          findedGroup = true;
                        }
                      }
                    }
                  }
                  userData[fieldName] = attributes[fieldName][0];
                }
                if (allowedLdapGroups && !findedGroup) {
                  callback({message: 'Group not finded.'}, false);
                } else {
                  callback(undefined, true, userData);
                }
              } else {
                callback(undefined, false);
              }