Disallow user_consent where experimental MSC3861 is enabled (#16127)

pull/16151/head
Hugh Nimmo-Smith 2023-08-22 12:42:08 +01:00 committed by GitHub
parent d6ae4041a4
commit 7dbac123f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 0 deletions

1
changelog.d/16127.bugfix Normal file
View File

@ -0,0 +1 @@
User consent features cannot be enabled when using experimental MSC3861.

View File

@ -173,6 +173,13 @@ class MSC3861:
("enable_registration",), ("enable_registration",),
) )
# We only need to test the user consent version, as if it must be set if the user_consent section was present in the config
if root.consent.user_consent_version is not None:
raise ConfigError(
"User consent cannot be enabled when OAuth delegation is enabled",
("user_consent",),
)
if ( if (
root.oidc.oidc_enabled root.oidc.oidc_enabled
or root.saml2.saml2_enabled or root.saml2.saml2_enabled

View File

@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import os
from unittest.mock import Mock from unittest.mock import Mock
from synapse.config import ConfigError from synapse.config import ConfigError
@ -167,6 +168,21 @@ class MSC3861OAuthDelegation(TestCase):
with self.assertRaises(ConfigError): with self.assertRaises(ConfigError):
self.parse_config() self.parse_config()
def test_user_consent_cannot_be_enabled(self) -> None:
tmpdir = self.mktemp()
os.mkdir(tmpdir)
self.config_dict["user_consent"] = {
"require_at_registration": True,
"version": "1",
"template_dir": tmpdir,
"server_notice_content": {
"msgtype": "m.text",
"body": "foo",
},
}
with self.assertRaises(ConfigError):
self.parse_config()
def test_password_config_cannot_be_enabled(self) -> None: def test_password_config_cannot_be_enabled(self) -> None:
self.config_dict["password_config"] = {"enabled": True} self.config_dict["password_config"] = {"enabled": True}
with self.assertRaises(ConfigError): with self.assertRaises(ConfigError):