Disallow user_consent where experimental MSC3861 is enabled (#16127)
parent
d6ae4041a4
commit
7dbac123f9
|
@ -0,0 +1 @@
|
||||||
|
User consent features cannot be enabled when using experimental MSC3861.
|
|
@ -173,6 +173,13 @@ class MSC3861:
|
||||||
("enable_registration",),
|
("enable_registration",),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# We only need to test the user consent version, as if it must be set if the user_consent section was present in the config
|
||||||
|
if root.consent.user_consent_version is not None:
|
||||||
|
raise ConfigError(
|
||||||
|
"User consent cannot be enabled when OAuth delegation is enabled",
|
||||||
|
("user_consent",),
|
||||||
|
)
|
||||||
|
|
||||||
if (
|
if (
|
||||||
root.oidc.oidc_enabled
|
root.oidc.oidc_enabled
|
||||||
or root.saml2.saml2_enabled
|
or root.saml2.saml2_enabled
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
import os
|
||||||
from unittest.mock import Mock
|
from unittest.mock import Mock
|
||||||
|
|
||||||
from synapse.config import ConfigError
|
from synapse.config import ConfigError
|
||||||
|
@ -167,6 +168,21 @@ class MSC3861OAuthDelegation(TestCase):
|
||||||
with self.assertRaises(ConfigError):
|
with self.assertRaises(ConfigError):
|
||||||
self.parse_config()
|
self.parse_config()
|
||||||
|
|
||||||
|
def test_user_consent_cannot_be_enabled(self) -> None:
|
||||||
|
tmpdir = self.mktemp()
|
||||||
|
os.mkdir(tmpdir)
|
||||||
|
self.config_dict["user_consent"] = {
|
||||||
|
"require_at_registration": True,
|
||||||
|
"version": "1",
|
||||||
|
"template_dir": tmpdir,
|
||||||
|
"server_notice_content": {
|
||||||
|
"msgtype": "m.text",
|
||||||
|
"body": "foo",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
with self.assertRaises(ConfigError):
|
||||||
|
self.parse_config()
|
||||||
|
|
||||||
def test_password_config_cannot_be_enabled(self) -> None:
|
def test_password_config_cannot_be_enabled(self) -> None:
|
||||||
self.config_dict["password_config"] = {"enabled": True}
|
self.config_dict["password_config"] = {"enabled": True}
|
||||||
with self.assertRaises(ConfigError):
|
with self.assertRaises(ConfigError):
|
||||||
|
|
Loading…
Reference in New Issue