Email verification not working with CAS

[genesplicer]

Hi,

I have installed Rocket.Chat on "Ubuntu without docker". I am currently on release 0.27. I fixed the SMTP issue mentioned in #2613. However, I still have email verification issues. We use CAS to authenticate users, where user id is the email id with the domain name added. Under my profile, if I click "Resend confirmation email", I get "Error sending confirmation email". I tried and edited rocketchat_cas.js to send confirmation email, for new users. I get the link and I get an alert popup saying "Email verified", when I click on it, but the verified field is not being updated in db.

// Define new user                                           
        var newUser = {                                                                    // 137
            username: result.id,                                                           // 138
            active: true,                                                                  // 139
            globalRoles: ['user'],                                                         // 140
            services: {                                                                    // 141
                cas: {                                                                     // 142
                    external_id: result.id                                                 // 143
                }                                                                                        
            }                                                                                    
        };                                                                              

        // Create the user                                                                     
        logger.debug('User \'' + result.id + '\'does not exist yet, creating it');         // 149
        var userId = Accounts.insertUserDoc({}, newUser);                                  // 150

        // Send user verification email
        Accounts.sendVerificationEmail(user._id);

[konsumate]

We use CAS to authenticate users, where user id is the email id with the domain name added.

Do you have an example user id and example email address? What do they look like?

CAS version 1.0 only supports importing usernames from the SSO service, there is no E-mail beeing imported from the SSO service version CAS 1.0

Basically what happens is your patch tries to send emails for users which have no E-mail set, which of course won't work.

Importing user attributes, such as Email addresses, will be available in CAS 2.0 version support #2325 , which currently depends on #2254

[genesplicer]

This is my current placeholder solution, until you guys will eventually provide elegant code.

At my institution, CAS id is user email (Ex: user_id@texas.edu). So I added a setting to provide CAS mail domain and then I auto verify email address since user can "only" login with CAS login ID where we are and since I keep getting "Error sending confirmation email" from "My Account => Profile".

this.add('CAS_mail_domain', 'example.edu', {type: 'string', group: 'CAS', 'public': true });

Then,

var user_email = result.id + '@' + RocketChat.settings.get('CAS_mail_domain');
var newUser = {                                                                                           
                        username: result.id,    
                        active: true,
                        globalRoles: ['user'],
                        services: {  
                                cas: {                          
                                        external_id: result.id        
                                }                
                        },
                        emails: {      
                                0: {                                                                                   
                                        address: user_email,
                                        verified: true    
                                } 
                        }                                                                                                               
                }; 

[konsumate]

Basically that's an ugly workaround to support importing email addresses under CAS 1.0 which only works in your very special case. This workaround will not be upstreamed as it completely circumvents the CAS protocol, but feel free to maintain it as a personal patch to re-apply after version upgrades.

[genesplicer]

Yes. I know it is an ugly workaround as I mentioned but it gets the work done for time being.

[konsumate]

@genesplicer The CAS 2.0 patch will bring some relief for your workaround. Either you start going towards CAS 2.0 or you can reside with 1.0 and use the new attribute map under CAS settings to generate an email address with placeholders staticly

Example: {"email": "%username%@yourfixed.domain"}

[konsumate]

@RocketChat/core This issue can be closed, a workaround has been implemented with #4497