Skip to content
Snippets Groups Projects
Unverified Commit b2ef99b9 authored by Rodrigo Nascimento's avatar Rodrigo Nascimento Committed by GitHub
Browse files

Merge pull request #10681 from RocketChat/fix.saml-on-multi-instances 

[FIX] SAML wasn't working correctly when running multiple instances
parents cfe6c083 6e9acfbb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/meteor-accounts-saml/saml_server.js
+ 15
12
View file @ b2ef99b9
......@@ -170,17 +170,20 @@ Accounts.registerLoginHandler(function(loginRequest) {
}
});
Accounts.saml._loginResultForCredentialToken = {};
Accounts.saml.hasCredential = function(credentialToken) {
return _.has(Accounts.saml._loginResultForCredentialToken, credentialToken);
return RocketChat.models.CredentialTokens.findOneById(credentialToken) != null;
};
Accounts.saml.retrieveCredential = function(credentialToken) {
// The credentialToken in all these functions corresponds to SAMLs inResponseTo field and is mandatory to check.
const result = Accounts.saml._loginResultForCredentialToken[credentialToken];
delete Accounts.saml._loginResultForCredentialToken[credentialToken];
return result;
const data = RocketChat.models.CredentialTokens.findOneById(credentialToken);
if (data) {
return data.userInfo;
}
};
Accounts.saml.storeCredential = function(credentialToken, loginResult) {
RocketChat.models.CredentialTokens.create(credentialToken, loginResult);
};
const closePopup = function(res, err) {
......@@ -334,21 +337,21 @@ const middleware = function(req, res, next) {
}
const credentialToken = (profile.inResponseToId && profile.inResponseToId.value) || profile.inResponseToId || profile.InResponseTo || samlObject.credentialToken;
const loginResult = {
profile
};
if (!credentialToken) {
// No credentialToken in IdP-initiated SSO
const saml_idp_credentialToken = Random.id();
Accounts.saml._loginResultForCredentialToken[saml_idp_credentialToken] = {
profile
};
Accounts.saml.storeCredential(saml_idp_credentialToken, loginResult);
const url = `${ Meteor.absoluteUrl('home') }?saml_idp_credentialToken=${ saml_idp_credentialToken }`;
res.writeHead(302, {
'Location': url
});
res.end();
} else {
Accounts.saml._loginResultForCredentialToken[credentialToken] = {
profile
};
Accounts.saml.storeCredential(credentialToken, loginResult);
closePopup(res);
}
});
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment