Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Fix advertised flows when SSO is not in use
Browse files Browse the repository at this point in the history
  • Loading branch information
hughns committed Apr 4, 2023
1 parent 97e4775 commit 54fe012
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 17 deletions.
21 changes: 8 additions & 13 deletions synapse/rest/client/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -148,12 +148,10 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
# to SSO.
flows.append({"type": LoginRestServlet.CAS_TYPE})

if (
self.cas_enabled
or self.saml2_enabled
or self.oidc_enabled
or self._get_login_token_enabled
):
# MSC3882 requires m.login.token to be advertised
supportLoginTokenFlow = self._get_login_token_enabled

if self.cas_enabled or self.saml2_enabled or self.oidc_enabled:
flows.append(
{
"type": LoginRestServlet.SSO_TYPE,
Expand All @@ -164,13 +162,10 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
}
)

# While it's valid for us to advertise this login type generally,
# synapse currently only gives out these tokens as part of the
# SSO login flow.
# Generally we don't want to advertise login flows that clients
# don't know how to implement, since they (currently) will always
# fall back to the fallback API if they don't understand one of the
# login flow types returned.
# SSO requires a login token to be generated, so we need to advertise that flow
supportLoginTokenFlow = True

if supportLoginTokenFlow:
tokenTypeFlow: Dict[str, Any] = {"type": LoginRestServlet.TOKEN_TYPE}
# If MSC3882 is enabled we advertise the get_login_token flag.
if self._get_login_token_enabled:
Expand Down
12 changes: 8 additions & 4 deletions tests/rest/client/test_login.py
Original file line number Diff line number Diff line change
Expand Up @@ -464,10 +464,14 @@ def test_get_login_flows_with_msc3882_enabled(self) -> None:
channel = self.make_request("GET", "/_matrix/client/r0/login")
self.assertEqual(channel.code, 200, channel.result)

print(channel.json_body)

flows = {flow["type"]: flow for flow in channel.json_body["flows"]}
self.assertTrue(flows["m.login.token"]["org.matrix.msc3882.get_login_token"])
self.assertCountEqual(
channel.json_body["flows"],
[
{"type": "m.login.token", "org.matrix.msc3882.get_login_token": True},
{"type": "m.login.password"},
{"type": "m.login.application_service"},
],
)


@skip_unless(has_saml2 and HAS_OIDC, "Requires SAML2 and OIDC")
Expand Down

0 comments on commit 54fe012

Please sign in to comment.