ignoring additional attributes coming back from the cas server

brandonaaron / redmine_rubycas

A Plugin for Redmine 2 that utilizes the RubyCAS Client for CAS authentication.

MIT License

7 stars 10 forks source link

ignoring additional attributes coming back from the cas server #5

Closed joshtaylor closed 11 years ago

joshtaylor commented 11 years ago

ignoring additional attributes coming back from the cas server if they aren't mapped or if the User model cannot use them.

swobspace commented 11 years ago

Same as #3.

More secure would be also match extended attribute against User.attr_accessible or User.attr_protected, but for now we can control attributes from Settings.auto_user_attributes_map.