Move `complete_sso_ui_auth` into SSOHandler
since we're hacking on this code anyway, may as well move it out of the cluttered AuthHandler.pull/9091/head
parent
5310808d3b
commit
420031906a
|
@ -263,10 +263,6 @@ class AuthHandler(BaseHandler):
|
||||||
# authenticating for an operation to occur on their account.
|
# authenticating for an operation to occur on their account.
|
||||||
self._sso_auth_confirm_template = hs.config.sso_auth_confirm_template
|
self._sso_auth_confirm_template = hs.config.sso_auth_confirm_template
|
||||||
|
|
||||||
# The following template is shown after a successful user interactive
|
|
||||||
# authentication session. It tells the user they can close the window.
|
|
||||||
self._sso_auth_success_template = hs.config.sso_auth_success_template
|
|
||||||
|
|
||||||
# The following template is shown during the SSO authentication process if
|
# The following template is shown during the SSO authentication process if
|
||||||
# the account is deactivated.
|
# the account is deactivated.
|
||||||
self._sso_account_deactivated_template = (
|
self._sso_account_deactivated_template = (
|
||||||
|
@ -1394,27 +1390,6 @@ class AuthHandler(BaseHandler):
|
||||||
description=session.description, redirect_url=redirect_url,
|
description=session.description, redirect_url=redirect_url,
|
||||||
)
|
)
|
||||||
|
|
||||||
async def complete_sso_ui_auth(
|
|
||||||
self, registered_user_id: str, session_id: str, request: Request,
|
|
||||||
):
|
|
||||||
"""Having figured out a mxid for this user, complete the HTTP request
|
|
||||||
|
|
||||||
Args:
|
|
||||||
registered_user_id: The registered user ID to complete SSO login for.
|
|
||||||
session_id: The ID of the user-interactive auth session.
|
|
||||||
request: The request to complete.
|
|
||||||
"""
|
|
||||||
# Mark the stage of the authentication as successful.
|
|
||||||
# Save the user who authenticated with SSO, this will be used to ensure
|
|
||||||
# that the account be modified is also the person who logged in.
|
|
||||||
await self.store.mark_ui_auth_stage_complete(
|
|
||||||
session_id, LoginType.SSO, registered_user_id
|
|
||||||
)
|
|
||||||
|
|
||||||
# Render the HTML and return.
|
|
||||||
html = self._sso_auth_success_template
|
|
||||||
respond_with_html(request, 200, html)
|
|
||||||
|
|
||||||
async def complete_sso_login(
|
async def complete_sso_login(
|
||||||
self,
|
self,
|
||||||
registered_user_id: str,
|
registered_user_id: str,
|
||||||
|
|
|
@ -22,6 +22,7 @@ from typing_extensions import NoReturn, Protocol
|
||||||
|
|
||||||
from twisted.web.http import Request
|
from twisted.web.http import Request
|
||||||
|
|
||||||
|
from synapse.api.constants import LoginType
|
||||||
from synapse.api.errors import Codes, RedirectException, SynapseError
|
from synapse.api.errors import Codes, RedirectException, SynapseError
|
||||||
from synapse.handlers.ui_auth import UIAuthSessionDataConstants
|
from synapse.handlers.ui_auth import UIAuthSessionDataConstants
|
||||||
from synapse.http import get_request_user_agent
|
from synapse.http import get_request_user_agent
|
||||||
|
@ -147,9 +148,13 @@ class SsoHandler:
|
||||||
self._store = hs.get_datastore()
|
self._store = hs.get_datastore()
|
||||||
self._server_name = hs.hostname
|
self._server_name = hs.hostname
|
||||||
self._registration_handler = hs.get_registration_handler()
|
self._registration_handler = hs.get_registration_handler()
|
||||||
|
self._auth_handler = hs.get_auth_handler()
|
||||||
self._error_template = hs.config.sso_error_template
|
self._error_template = hs.config.sso_error_template
|
||||||
self._bad_user_template = hs.config.sso_auth_bad_user_template
|
self._bad_user_template = hs.config.sso_auth_bad_user_template
|
||||||
self._auth_handler = hs.get_auth_handler()
|
|
||||||
|
# The following template is shown after a successful user interactive
|
||||||
|
# authentication session. It tells the user they can close the window.
|
||||||
|
self._sso_auth_success_template = hs.config.sso_auth_success_template
|
||||||
|
|
||||||
# a lock on the mappings
|
# a lock on the mappings
|
||||||
self._mapping_lock = Linearizer(name="sso_user_mapping", clock=hs.get_clock())
|
self._mapping_lock = Linearizer(name="sso_user_mapping", clock=hs.get_clock())
|
||||||
|
@ -598,9 +603,14 @@ class SsoHandler:
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
# success!
|
# success!
|
||||||
await self._auth_handler.complete_sso_ui_auth(
|
# Mark the stage of the authentication as successful.
|
||||||
user_id, ui_auth_session_id, request
|
await self._store.mark_ui_auth_stage_complete(
|
||||||
|
ui_auth_session_id, LoginType.SSO, user_id
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Render the HTML confirmation page and return.
|
||||||
|
html = self._sso_auth_success_template
|
||||||
|
respond_with_html(request, 200, html)
|
||||||
return
|
return
|
||||||
|
|
||||||
# the user_id didn't match: mark the stage of the authentication as unsuccessful
|
# the user_id didn't match: mark the stage of the authentication as unsuccessful
|
||||||
|
|
Loading…
Reference in New Issue