From 37de8a7f4a017e5c62bd73f1c381374b464a6cc1 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 19 Nov 2015 16:16:49 +0000 Subject: [PATCH 1/2] Remove m.login.token from advertised flows. --- synapse/rest/client/v1/login.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index 0171f6c018..d6d2ebaba1 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -58,9 +58,10 @@ class LoginRestServlet(ClientV1RestServlet): flows.append({"type": LoginRestServlet.SAML2_TYPE}) if self.cas_enabled: flows.append({"type": LoginRestServlet.CAS_TYPE}) + flows.append({"type": LoginRestServlet.TOKEN_TYPE}) if self.password_enabled: flows.append({"type": LoginRestServlet.PASS_TYPE}) - flows.append({"type": LoginRestServlet.TOKEN_TYPE}) + return (200, {"flows": flows}) def on_OPTIONS(self, request): From e3dae653e89d7c8cc036eacb1ff7c02e4c55a76b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 20 Nov 2015 14:05:22 +0000 Subject: [PATCH 2/2] Comment --- synapse/rest/client/v1/login.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index d6d2ebaba1..720d6358e7 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -58,6 +58,14 @@ class LoginRestServlet(ClientV1RestServlet): flows.append({"type": LoginRestServlet.SAML2_TYPE}) if self.cas_enabled: flows.append({"type": LoginRestServlet.CAS_TYPE}) + + # While its valid for us to advertise this login type generally, + # synapse currently only gives out these tokens as part of the + # CAS login flow. + # Generally we don't want to advertise login flows that clients + # don't know how to implement, since they (currently) will always + # fall back to the fallback API if they don't understand one of the + # login flow types returned. flows.append({"type": LoginRestServlet.TOKEN_TYPE}) if self.password_enabled: flows.append({"type": LoginRestServlet.PASS_TYPE})