[IMPROVE] Use SessionId for credential token in SAML request (#13791)

[IMPROVE] Use SessionId for credential token in SAML request
RocketChat · Apr 6, 2019 · 3967a74 · 3967a74
1 parent 993a96b
commit 3967a74
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/app/meteor-accounts-saml/client/saml_client.js b/app/meteor-accounts-saml/client/saml_client.js
@@ -1,6 +1,5 @@
 import { Meteor } from 'meteor/meteor';
 import { Accounts } from 'meteor/accounts-base';
-import { Random } from 'meteor/random';
 import { ServiceConfiguration } from 'meteor/service-configuration';
 
 if (!Accounts.saml) {
@@ -95,14 +94,12 @@ Accounts.saml.initiateLogin = function(options, callback, dimensions) {
 
 Meteor.loginWithSaml = function(options, callback) {
 	options = options || {};
-	const credentialToken = `id-${ Random.id() }`;
-	options.credentialToken = credentialToken;
+	options.credentialToken = Meteor.default_connection._lastSessionId;
 
 	Accounts.saml.initiateLogin(options, function(/* error, result*/) {
 		Accounts.callLoginMethod({
 			methodArguments: [{
 				saml: true,
-				credentialToken,
 			}],
 			userCallback: callback,
 		});

diff --git a/app/meteor-accounts-saml/server/saml_server.js b/app/meteor-accounts-saml/server/saml_server.js
@@ -92,11 +92,11 @@ Meteor.methods({
 });
 
 Accounts.registerLoginHandler(function(loginRequest) {
-	if (!loginRequest.saml || !loginRequest.credentialToken) {
+	if (!loginRequest.saml) {
 		return undefined;
 	}
 
-	const loginResult = Accounts.saml.retrieveCredential(loginRequest.credentialToken);
+	const loginResult = Accounts.saml.retrieveCredential(this.connection.id);
 	if (Accounts.saml.settings.debug) {
 		console.log(`RESULT :${ JSON.stringify(loginResult) }`);
 	}