Merge branch 'develop' into ee-migration

RocketChat · Mar 20, 2020 · a1de24b · a1de24b
2 parents 5af3612 + f32703f
commit a1de24b
Show file tree

Hide file tree

Showing 8 changed files with 269 additions and 179 deletions.
diff --git a/app/ldap/server/loginHandler.js b/app/ldap/server/loginHandler.js
@@ -74,11 +74,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
 	}
 
 	if (ldapUser === undefined) {
-		if (settings.get('LDAP_Login_Fallback') === true) {
-			return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass);
-		}
-
-		throw new Meteor.Error('LDAP-login-error', `LDAP Authentication failed with provided username [${ loginRequest.username }]`);
+		return fallbackDefaultAccountSystem(self, loginRequest.username, loginRequest.ldapPass);
 	}
 
 	// Look to see if user already exists
@@ -120,7 +116,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
 	if (user) {
 		if (user.ldap !== true && settings.get('LDAP_Merge_Existing_Users') !== true) {
 			logger.info('User exists without "ldap: true"');
-			throw new Meteor.Error('LDAP-login-error', `LDAP Authentication succeded, but there's already an existing user with provided username [${ username }] in Mongo.`);
+			throw new Meteor.Error('LDAP-login-error', `LDAP Authentication succeeded, but there's already an existing user with provided username [${ username }] in Mongo.`);
 		}
 
 		logger.info('Logging user');
@@ -156,3 +152,19 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
 
 	return result;
 });
+
+callbacks.add('beforeValidateLogin', (login) => {
+	if (!login.allowed) {
+		return login;
+	}
+
+	if (login.type === 'ldap') {
+		return login;
+	}
+
+	if (login.user.services && login.user.services.ldap && login.user.services.ldap.id) {
+		login.allowed = !!settings.get('LDAP_Login_Fallback');
+	}
+
+	return login;
+});
diff --git a/app/ldap/server/settings.js b/app/ldap/server/settings.js
@@ -33,7 +33,7 @@ settings.addGroup('LDAP', function() {
 	];
 
 	this.add('LDAP_Enable', false, { type: 'boolean', public: true });
-	this.add('LDAP_Login_Fallback', true, { type: 'boolean', enableQuery });
+	this.add('LDAP_Login_Fallback', false, { type: 'boolean', enableQuery: null });
 	this.add('LDAP_Find_User_After_Login', true, { type: 'boolean', enableQuery });
 	this.add('LDAP_Host', '', { type: 'string', enableQuery });
 	this.add('LDAP_Port', '389', { type: 'string', enableQuery });

diff --git a/app/lib/server/functions/getAvatarSuggestionForUser.js b/app/lib/server/functions/getAvatarSuggestionForUser.js
@@ -34,10 +34,11 @@ const avatarProviders = {
 	},
 
 	linkedin(user) {
-		if (user.services && user.services.linkedin && user.services.linkedin.pictureUrl && settings.get('Accounts_OAuth_Linkedin')) {
+		if (user.services && user.services.linkedin && user.services.linkedin.profilePicture && user.services.linkedin.profilePicture.identifiersUrl && user.services.linkedin.profilePicture.identifiersUrl.length > 0 && settings.get('Accounts_OAuth_Linkedin')) {
+			const total = user.services.linkedin.profilePicture.identifiersUrl.length;
 			return {
 				service: 'linkedin',
-				url: user.services.linkedin.pictureUrl,
+				url: user.services.linkedin.profilePicture.identifiersUrl[total - 1],
 			};
 		}
 	},