Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
OIDC login: make the user attribute mapping async
Browse files Browse the repository at this point in the history
Also passes the token as parameter of the mapping provider

Signed-off-by: Quentin Gliech <quentin@connecteu.rs>
  • Loading branch information
sandhose committed May 7, 2020
1 parent c358f72 commit 9bd40d1
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 7 deletions.
18 changes: 13 additions & 5 deletions synapse/handlers/oidc_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -686,7 +686,7 @@ async def handle_oidc_callback(self, request: SynapseRequest) -> None:

# Call the mapper to register/login the user
try:
user_id = await self._map_userinfo_to_user(userinfo)
user_id = await self._map_userinfo_to_user(userinfo, token)
except MappingException as e:
logger.exception("Could not map user")
self._render_error(request, "mapping_error", str(e))
Expand Down Expand Up @@ -724,7 +724,7 @@ def _verify_expiry(self, caveat: str) -> bool:
now = self._clock.time_msec()
return now < expiry

async def _map_userinfo_to_user(self, userinfo: UserInfo) -> str:
async def _map_userinfo_to_user(self, userinfo: UserInfo, token: Token) -> str:
"""Maps a UserInfo object to a mxid.
UserInfo should have a claim that uniquely identifies users. This claim
Expand All @@ -738,6 +738,7 @@ async def _map_userinfo_to_user(self, userinfo: UserInfo) -> str:
Args:
userinfo: an object representing the user
token: a dict with the tokens obtained from the provider
Raises:
MappingException: if there was an error while mapping some properties
Expand Down Expand Up @@ -767,7 +768,9 @@ async def _map_userinfo_to_user(self, userinfo: UserInfo) -> str:
return registered_user_id

try:
attributes = self._user_mapping_provider.map_user_attributes(userinfo)
attributes = await self._user_mapping_provider.map_user_attributes(
userinfo, token
)
except Exception as e:
raise MappingException(
"Could not extract user attributes from OIDC response: " + str(e)
Expand Down Expand Up @@ -845,11 +848,14 @@ def get_remote_user_id(self, userinfo: UserInfo) -> str:
"""
raise NotImplementedError()

def map_user_attributes(self, userinfo: UserInfo) -> UserAttribute:
async def map_user_attributes(
self, userinfo: UserInfo, token: Token
) -> UserAttribute:
"""Map a ``UserInfo`` objects into user attributes.
Args:
userinfo: An object representing the user given by the OIDC provider
token: A dict with the tokens returned by the provider
Returns:
A dict containing the ``localpart`` and (optionally) the ``display_name``
Expand Down Expand Up @@ -919,7 +925,9 @@ def parse_config(config: dict) -> JinjaOidcMappingConfig:
def get_remote_user_id(self, userinfo: UserInfo) -> str:
return userinfo[self._config["subject_claim"]]

def map_user_attributes(self, userinfo: UserInfo) -> UserAttribute:
async def map_user_attributes(
self, userinfo: UserInfo, token: Token
) -> UserAttribute:
localpart = self._config["localpart_template"].render(user=userinfo).strip()

display_name = None # type: Optional[str]
Expand Down
4 changes: 2 additions & 2 deletions tests/handlers/test_oidc.py
Original file line number Diff line number Diff line change
Expand Up @@ -410,7 +410,7 @@ def test_callback(self):
)
self.handler._exchange_code.assert_called_once_with(code)
self.handler._parse_id_token.assert_called_once_with(token, nonce=nonce)
self.handler._map_userinfo_to_user.assert_called_once_with(userinfo)
self.handler._map_userinfo_to_user.assert_called_once_with(userinfo, token)
self.handler._fetch_userinfo.assert_not_called()
self.handler._render_error.assert_not_called()

Expand Down Expand Up @@ -442,7 +442,7 @@ def test_callback(self):
)
self.handler._exchange_code.assert_called_once_with(code)
self.handler._parse_id_token.assert_not_called()
self.handler._map_userinfo_to_user.assert_called_once_with(userinfo)
self.handler._map_userinfo_to_user.assert_called_once_with(userinfo, token)
self.handler._fetch_userinfo.assert_called_once_with(token)
self.handler._render_error.assert_not_called()

Expand Down

0 comments on commit 9bd40d1

Please sign in to comment.