Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Support trying multiple localparts for OpenID Connect. #8801

Merged
merged 17 commits into from
Nov 25, 2020
Merged

Support trying multiple localparts for OpenID Connect. #8801

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
24265fa
Support trying multiple localparts for OpenID Connect.
clokep Nov 17, 2020
f4bdc2f
Add an additional test.
clokep Nov 23, 2020
f419ff5
Abstract the shared user mapping code from SAML and OIDC.
clokep Nov 23, 2020
7e6a549
Do not pass through parameters to the mapper.
clokep Nov 23, 2020
c34e973
Do not retry Matrix IDs which will keep failing.
clokep Nov 23, 2020
1f64e02
Support matching an existing username for OIDC.
clokep Nov 23, 2020
eda3e50
Clarify some of the type hints.
clokep Nov 23, 2020
c0ae560
Merge remote-tracking branch 'origin/develop' into clokep/oidc-localp…
clokep Nov 23, 2020
d3c4e04
Add a newsfragment.
clokep Nov 23, 2020
0ded8b1
Fix some comments.
clokep Nov 23, 2020
c29d8de
Remove a reference to SAML in the abstract code.
clokep Nov 23, 2020
512529f
Update the changelog based on feedback.
clokep Nov 24, 2020
9c5d0f6
Expand comments and add a return type.
clokep Nov 24, 2020
1934c10
Append the number of failures by default when mapping OIDC IDs.
clokep Nov 24, 2020
89f1869
Do not use a deprecated function.
clokep Nov 24, 2020
6d11ff8
Add an additional comment.
clokep Nov 25, 2020
18fcaee
Clarify another comment.
clokep Nov 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions synapse/handlers/oidc_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -883,6 +883,12 @@ async def oidc_response_to_user_attributes(failures):
userinfo, token, failures
)
else:
# If the mapping provider does not support processing failures,
# do not continually generate the same Matrix ID since this will
# likely continue to fail.
if failures:
raise RuntimeError("Mapping provider does not support de-duplicating Matrix IDs")
clokep marked this conversation as resolved.
Show resolved Hide resolved

attributes = await self._user_mapping_provider.map_user_attributes( # type: ignore
userinfo, token
)
Expand Down
3 changes: 2 additions & 1 deletion tests/handlers/test_oidc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -705,7 +705,8 @@ def test_map_userinfo_to_user(self):
MappingException,
)
self.assertEqual(
str(e.value), "Unable to generate a Matrix ID from the SSO response"
str(e.value),
"Could not extract user attributes from SSO response: Mapping provider does not support de-duplicating Matrix IDs",
)

@override_config({"oidc_config": {"allow_existing_users": True}})
Expand Down