app/cas/server/cas_rocketchat.js

-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,8 @@ Meteor.startup(function() { @@
     		this.add('CAS_login_url', '', { type: 'string', group: 'CAS', public: true });
     		this.add('CAS_version', '1.0', { type: 'select', values: [{ key: '1.0', i18nLabel: '1.0' }, { key: '2.0', i18nLabel: '2.0' }], group: 'CAS' });
     		this.add('CAS_trust_username', false, { type: 'boolean', group: 'CAS', public: true, i18nDescription: 'CAS_trust_username_description' });
+    		// Enable/disable user creation
+    		this.add('CAS_Creation_User_Enabled', true, { type: 'boolean', group: 'CAS' });
     		this.section('Attribute_handling', function() {
     			// Enable/disable sync
@@ Expand Down @@

app/cas/server/cas_server.js

-Original file line number
+Diff line change
@@ Expand Up / @@ -126,6 +126,7 @@ Accounts.registerLoginHandler(function(options) { @@
     	const sync_enabled = settings.get('CAS_Sync_User_Data_Enabled');
     	const trustUsername = settings.get('CAS_trust_username');
     	const verified = settings.get('Accounts_Verify_Email_For_External_Accounts');
+    	const userCreationEnabled = settings.get('CAS_Creation_User_Enabled');
     	// We have these
     	const ext_attrs = {
@@ Expand Down Expand Up / @@ -206,7 +207,7 @@ Accounts.registerLoginHandler(function(options) { @@
     				Meteor.users.update(user, { $set: { emails: [{ address: int_attrs.email, verified }] } });
     			}
     		}
-    	} else {
+    	} else if (userCreationEnabled) {
     		// Define new user
     		const newUser = {
     			username: result.username,
@@ Expand Down Expand Up / @@ -263,6 +264,11 @@ Accounts.registerLoginHandler(function(options) { @@
     				}
     			});
     		}
+    	} else {
+    		// Should fail as no user exist and can't be created
+    		logger.debug(`User "${ result.username }" does not exist yet, will fail as no user creation is enabled`);
+    		throw new Meteor.Error(Accounts.LoginCancelledError.numericError,
+    			'no matching user account found');
     	}
     	return { userId: user._id };
@@ Expand Down @@

packages/rocketchat-i18n/i18n/en.i18n.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -630,6 +630,8 @@ @@
       "CAS_button_color": "Login Button Background Color",
       "CAS_button_label_color": "Login Button Text Color",
       "CAS_button_label_text": "Login Button Label",
+      "CAS_Creation_User_Enabled": "Allow user creation",
+      "CAS_Creation_User_Enabled_Description": "Allow CAS User creation from data provided by the CAS ticket.",
       "CAS_enabled": "Enabled",
       "CAS_Login_Layout": "CAS Login Layout",
       "CAS_login_url": "SSO Login URL",
@@ Expand Down @@

packages/rocketchat-i18n/i18n/fr.i18n.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -502,6 +502,8 @@ @@
       "CAS_button_color": "Bouton de connexion, couleur de fond",
       "CAS_button_label_color": "Bouton de connexion, couleur du texte",
       "CAS_button_label_text": "Bouton de connexion, texte / label",
+      "CAS_Creation_User_Enabled": "Autoriser la création de l'utilisateur",
+      "CAS_Creation_User_Enabled_Description": "Autoriser la création de l'utilisateur CAS à partir des informations transmises dans le ticket CAS.",
       "CAS_enabled": "Activé",
       "CAS_Login_Layout": "Disposition de connexion CAS",
       "CAS_login_url": "URL de login SSO",
@@ Expand Down @@

[NEW] feat(CAS): Adding option to enable/disable user creation from CAS auth #17154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Oct 13, 2020

-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,8 @@ Meteor.startup(function() { @@
     		this.add('CAS_login_url', '', { type: 'string', group: 'CAS', public: true });
     		this.add('CAS_version', '1.0', { type: 'select', values: [{ key: '1.0', i18nLabel: '1.0' }, { key: '2.0', i18nLabel: '2.0' }], group: 'CAS' });
     		this.add('CAS_trust_username', false, { type: 'boolean', group: 'CAS', public: true, i18nDescription: 'CAS_trust_username_description' });
+    		// Enable/disable user creation
+    		this.add('CAS_Creation_User_Enabled', true, { type: 'boolean', group: 'CAS' });
     		this.section('Attribute_handling', function() {
     			// Enable/disable sync
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -126,6 +126,7 @@ Accounts.registerLoginHandler(function(options) { @@
     	const sync_enabled = settings.get('CAS_Sync_User_Data_Enabled');
     	const trustUsername = settings.get('CAS_trust_username');
     	const verified = settings.get('Accounts_Verify_Email_For_External_Accounts');
+    	const userCreationEnabled = settings.get('CAS_Creation_User_Enabled');
     	// We have these
     	const ext_attrs = {
@@ Expand Down Expand Up / @@ -206,7 +207,7 @@ Accounts.registerLoginHandler(function(options) { @@
     				Meteor.users.update(user, { $set: { emails: [{ address: int_attrs.email, verified }] } });
     			}
     		}
-    	} else {
+    	} else if (userCreationEnabled) {
     		// Define new user
     		const newUser = {
     			username: result.username,
@@ Expand Down Expand Up / @@ -263,6 +264,11 @@ Accounts.registerLoginHandler(function(options) { @@
     				}
     			});
     		}
+    	} else {
+    		// Should fail as no user exist and can't be created
+    		logger.debug(`User "${ result.username }" does not exist yet, will fail as no user creation is enabled`);
+    		throw new Meteor.Error(Accounts.LoginCancelledError.numericError,
+    			'no matching user account found');
     	}
     	return { userId: user._id };
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -630,6 +630,8 @@ @@
       "CAS_button_color": "Login Button Background Color",
       "CAS_button_label_color": "Login Button Text Color",
       "CAS_button_label_text": "Login Button Label",
+      "CAS_Creation_User_Enabled": "Allow user creation",
+      "CAS_Creation_User_Enabled_Description": "Allow CAS User creation from data provided by the CAS ticket.",
       "CAS_enabled": "Enabled",
       "CAS_Login_Layout": "CAS Login Layout",
       "CAS_login_url": "SSO Login URL",
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -502,6 +502,8 @@ @@
       "CAS_button_color": "Bouton de connexion, couleur de fond",
       "CAS_button_label_color": "Bouton de connexion, couleur du texte",
       "CAS_button_label_text": "Bouton de connexion, texte / label",
+      "CAS_Creation_User_Enabled": "Autoriser la création de l'utilisateur",
+      "CAS_Creation_User_Enabled_Description": "Autoriser la création de l'utilisateur CAS à partir des informations transmises dans le ticket CAS.",
       "CAS_enabled": "Activé",
       "CAS_Login_Layout": "Disposition de connexion CAS",
       "CAS_login_url": "URL de login SSO",
@@ Expand Down @@

Provide feedback