Skip to content

Commit

Permalink
Merge pull request #10681 from RocketChat/fix.saml-on-multi-instances
Browse files Browse the repository at this point in the history 
[FIX] SAML wasn't working correctly when running multiple instances
  • Loading branch information
@rodrigok
rodrigok authored May 5, 2018
2 parents cfe6c08 + 6e9acfb commit b2ef99b
Showing 1 changed file with 15 additions and 12 deletions.
27 changes: 15 additions & 12 deletions packages/meteor-accounts-saml/saml_server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,17 +170,20 @@ Accounts.registerLoginHandler(function(loginRequest) {
}
});

Accounts.saml._loginResultForCredentialToken = {};

Accounts.saml.hasCredential = function(credentialToken) {
return _.has(Accounts.saml._loginResultForCredentialToken, credentialToken);
return RocketChat.models.CredentialTokens.findOneById(credentialToken) != null;
};

Accounts.saml.retrieveCredential = function(credentialToken) {
// The credentialToken in all these functions corresponds to SAMLs inResponseTo field and is mandatory to check.
const result = Accounts.saml._loginResultForCredentialToken[credentialToken];
delete Accounts.saml._loginResultForCredentialToken[credentialToken];
return result;
const data = RocketChat.models.CredentialTokens.findOneById(credentialToken);
if (data) {
return data.userInfo;
}
};

Accounts.saml.storeCredential = function(credentialToken, loginResult) {
RocketChat.models.CredentialTokens.create(credentialToken, loginResult);
};

const closePopup = function(res, err) {
Expand Down Expand Up @@ -334,21 +337,21 @@ const middleware = function(req, res, next) {
}

const credentialToken = (profile.inResponseToId && profile.inResponseToId.value) || profile.inResponseToId || profile.InResponseTo || samlObject.credentialToken;
const loginResult = {
profile
};
if (!credentialToken) {
// No credentialToken in IdP-initiated SSO
const saml_idp_credentialToken = Random.id();
Accounts.saml._loginResultForCredentialToken[saml_idp_credentialToken] = {
profile
};
Accounts.saml.storeCredential(saml_idp_credentialToken, loginResult);

const url = `${ Meteor.absoluteUrl('home') }?saml_idp_credentialToken=${ saml_idp_credentialToken }`;
res.writeHead(302, {
'Location': url
});
res.end();
} else {
Accounts.saml._loginResultForCredentialToken[credentialToken] = {
profile
};
Accounts.saml.storeCredential(credentialToken, loginResult);
closePopup(res);
}
});
Expand Down

0 comments on commit b2ef99b

Please sign in to comment.