Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Use a template for the SSO success page to allow for customization. (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep authored Apr 17, 2020
1 parent 701788a commit 054c231
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 37 deletions.
9 changes: 5 additions & 4 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
Next version
============

* Two new templates (`sso_auth_confirm.html` and `sso_account_deactivated.html`)
were added to Synapse. If your Synapse is configured to use SSO and a custom
`sso_redirect_confirm_template_dir` configuration then these templates will
need to be duplicated into that directory.
* New templates (`sso_auth_confirm.html`, `sso_auth_success.html`, and
`sso_account_deactivated.html`) were added to Synapse. If your Synapse is
configured to use SSO and a custom `sso_redirect_confirm_template_dir`
configuration then these templates will need to be duplicated into that
directory.

* Plugins using the `complete_sso_login` method of `synapse.module_api.ModuleApi`
should update to using the async/await version `complete_sso_login_async` which
Expand Down
1 change: 1 addition & 0 deletions changelog.d/7279.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Support SSO in the user interactive authentication workflow.
6 changes: 6 additions & 0 deletions synapse/config/sso.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ def read_config(self, config, **kwargs):
),
"sso_account_deactivated_template",
)
self.sso_auth_success_template = self.read_file(
os.path.join(
self.sso_redirect_confirm_template_dir, "sso_auth_success.html"
),
"sso_auth_success_template",
)

self.sso_client_whitelist = sso_config.get("client_whitelist") or []

Expand Down
44 changes: 12 additions & 32 deletions synapse/handlers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,31 +51,6 @@
logger = logging.getLogger(__name__)


SUCCESS_TEMPLATE = """
<html>
<head>
<title>Success!</title>
<meta name='viewport' content='width=device-width, initial-scale=1,
user-scalable=no, minimum-scale=1.0, maximum-scale=1.0'>
<link rel="stylesheet" href="/_matrix/static/client/register/style.css">
<script>
if (window.onAuthDone) {
window.onAuthDone();
} else if (window.opener && window.opener.postMessage) {
window.opener.postMessage("authDone", "*");
}
</script>
</head>
<body>
<div>
<p>Thank you</p>
<p>You may now close this window and return to the application</p>
</div>
</body>
</html>
"""


class AuthHandler(BaseHandler):
SESSION_EXPIRE_MS = 48 * 60 * 60 * 1000

Expand Down Expand Up @@ -159,6 +134,11 @@ def __init__(self, hs):
self._sso_auth_confirm_template = load_jinja2_templates(
hs.config.sso_redirect_confirm_template_dir, ["sso_auth_confirm.html"],
)[0]
# The following template is shown after a successful user interactive
# authentication session. It tells the user they can close the window.
self._sso_auth_success_template = hs.config.sso_auth_success_template
# The following template is shown during the SSO authentication process if
# the account is deactivated.
self._sso_account_deactivated_template = (
hs.config.sso_account_deactivated_template
)
Expand Down Expand Up @@ -1080,7 +1060,7 @@ def complete_sso_ui_auth(
self._save_session(sess)

# Render the HTML and return.
html_bytes = SUCCESS_TEMPLATE.encode("utf8")
html_bytes = self._sso_auth_success_template.encode("utf-8")
request.setResponseCode(200)
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
Expand All @@ -1106,12 +1086,12 @@ async def complete_sso_login(
# flow.
deactivated = await self.store.get_user_deactivated_status(registered_user_id)
if deactivated:
html = self._sso_account_deactivated_template.encode("utf-8")
html_bytes = self._sso_account_deactivated_template.encode("utf-8")

request.setResponseCode(403)
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
request.setHeader(b"Content-Length", b"%d" % (len(html),))
request.write(html)
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
request.write(html_bytes)
finish_request(request)
return

Expand Down Expand Up @@ -1153,16 +1133,16 @@ def _complete_sso_login(
# URL we redirect users to.
redirect_url_no_params = client_redirect_url.split("?")[0]

html = self._sso_redirect_confirm_template.render(
html_bytes = self._sso_redirect_confirm_template.render(
display_url=redirect_url_no_params,
redirect_url=redirect_url,
server_name=self._server_name,
).encode("utf-8")

request.setResponseCode(200)
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
request.setHeader(b"Content-Length", b"%d" % (len(html),))
request.write(html)
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
request.write(html_bytes)
finish_request(request)

@staticmethod
Expand Down
18 changes: 18 additions & 0 deletions synapse/res/templates/sso_auth_success.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<html>
<head>
<title>Authentication Successful</title>
<script>
if (window.onAuthDone) {
window.onAuthDone();
} else if (window.opener && window.opener.postMessage) {
window.opener.postMessage("authDone", "*");
}
</script>
</head>
<body>
<div>
<p>Thank you</p>
<p>You may now close this window and return to the application</p>
</div>
</body>
</html>
25 changes: 24 additions & 1 deletion synapse/rest/client/v2_alpha/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
from synapse.api.constants import LoginType
from synapse.api.errors import SynapseError
from synapse.api.urls import CLIENT_API_PREFIX
from synapse.handlers.auth import SUCCESS_TEMPLATE
from synapse.http.server import finish_request
from synapse.http.servlet import RestServlet, parse_string

Expand Down Expand Up @@ -90,6 +89,30 @@
</html>
"""

SUCCESS_TEMPLATE = """
<html>
<head>
<title>Success!</title>
<meta name='viewport' content='width=device-width, initial-scale=1,
user-scalable=no, minimum-scale=1.0, maximum-scale=1.0'>
<link rel="stylesheet" href="/_matrix/static/client/register/style.css">
<script>
if (window.onAuthDone) {
window.onAuthDone();
} else if (window.opener && window.opener.postMessage) {
window.opener.postMessage("authDone", "*");
}
</script>
</head>
<body>
<div>
<p>Thank you</p>
<p>You may now close this window and return to the application</p>
</div>
</body>
</html>
"""


class AuthRestServlet(RestServlet):
"""
Expand Down

0 comments on commit 054c231

Please sign in to comment.