OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Delegate remote_user_id mapping to the saml mapping provider (#6723) 

Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
pull/6728/head
Richard van der Hoff 2020-01-17 10:32:47 +00:00 committed by GitHub
parent a8a50f5b57
commit 2b6a77fcde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/6723.misc Normal file
View File

@ -0,0 +1 @@
Updates to the SAML mapping provider API.

1
synapse/config/saml2_config.py
View File

@ -121,6 +121,7 @@ class SAML2Config(Config):
required_methods = [ required_methods = [
"get_saml_attributes", "get_saml_attributes",
"saml_response_to_user_attributes", "saml_response_to_user_attributes",
"get_remote_user_id",
] ]
missing_methods = [ missing_methods = [
method method

27
synapse/handlers/saml_handler.py
View File

@ -135,14 +135,15 @@ class SamlHandler:
logger.info("SAML2 response: %s", saml2_auth.origxml) logger.info("SAML2 response: %s", saml2_auth.origxml)
logger.info("SAML2 mapped attributes: %s", saml2_auth.ava) logger.info("SAML2 mapped attributes: %s", saml2_auth.ava)
try:
remote_user_id = saml2_auth.ava["uid"][0]
except KeyError:
logger.warning("SAML2 response lacks a 'uid' attestation")
raise SynapseError(400, "'uid' not in SAML2 response")
self._outstanding_requests_dict.pop(saml2_auth.in_response_to, None) self._outstanding_requests_dict.pop(saml2_auth.in_response_to, None)
remote_user_id = self._user_mapping_provider.get_remote_user_id(
saml2_auth, client_redirect_url
)
if not remote_user_id:
raise Exception("Failed to extract remote user id from SAML response")
with (await self._mapping_lock.queue(self._auth_provider_id)): with (await self._mapping_lock.queue(self._auth_provider_id)):
# first of all, check if we already have a mapping for this user # first of all, check if we already have a mapping for this user
logger.info( logger.info(
@ -279,6 +280,20 @@ class DefaultSamlMappingProvider(object):
self._mxid_source_attribute = parsed_config.mxid_source_attribute self._mxid_source_attribute = parsed_config.mxid_source_attribute
self._mxid_mapper = parsed_config.mxid_mapper self._mxid_mapper = parsed_config.mxid_mapper
self._grandfathered_mxid_source_attribute = (
module_api._hs.config.saml2_grandfathered_mxid_source_attribute
)
def get_remote_user_id(
self, saml_response: saml2.response.AuthnResponse, client_redirect_url: str
):
"""Extracts the remote user id from the SAML response"""
try:
return saml_response.ava["uid"][0]
except KeyError:
logger.warning("SAML2 response lacks a 'uid' attestation")
raise SynapseError(400, "'uid' not in SAML2 response")
def saml_response_to_user_attributes( def saml_response_to_user_attributes(
self, self,
saml_response: saml2.response.AuthnResponse, saml_response: saml2.response.AuthnResponse,