Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Remove unstable/unspecced login types. (#12597)
Browse files Browse the repository at this point in the history
* `m.login.jwt`, which was never specced and has been deprecated
  since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.)
* `uk.half-shot.msc2778.login.application_service`, which was
  stabilized as part of the Matrix spec v1.2 release.
  • Loading branch information
clokep authored May 4, 2022
1 parent b2df071 commit ba3fd54
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 20 deletions.
6 changes: 6 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
Synapse 1.59.0
==============

The non-standard `m.login.jwt` login type has been removed from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration.


Synapse 1.58.0 (2022-05-03)
===========================

Expand Down
2 changes: 2 additions & 0 deletions changelog.d/12597.removal
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from
[MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778).
3 changes: 0 additions & 3 deletions docs/jwt.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,6 @@ follows:
}
```

Note that the login type of `m.login.jwt` is supported, but is deprecated. This
will be removed in a future version of Synapse.

The `token` field should include the JSON web token with the following claims:

* A claim that encodes the local part of the user ID is required. By default,
Expand Down
15 changes: 4 additions & 11 deletions synapse/rest/client/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,7 @@ class LoginRestServlet(RestServlet):
SSO_TYPE = "m.login.sso"
TOKEN_TYPE = "m.login.token"
JWT_TYPE = "org.matrix.login.jwt"
JWT_TYPE_DEPRECATED = "m.login.jwt"
APPSERVICE_TYPE = "m.login.application_service"
APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service"
REFRESH_TOKEN_PARAM = "refresh_token"

def __init__(self, hs: "HomeServer"):
Expand Down Expand Up @@ -126,7 +124,6 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
flows: List[JsonDict] = []
if self.jwt_enabled:
flows.append({"type": LoginRestServlet.JWT_TYPE})
flows.append({"type": LoginRestServlet.JWT_TYPE_DEPRECATED})

if self.cas_enabled:
# we advertise CAS for backwards compat, though MSC1721 renamed it
Expand Down Expand Up @@ -156,7 +153,6 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
flows.extend({"type": t} for t in self.auth_handler.get_supported_login_types())

flows.append({"type": LoginRestServlet.APPSERVICE_TYPE})
flows.append({"type": LoginRestServlet.APPSERVICE_TYPE_UNSTABLE})

return 200, {"flows": flows}

Expand All @@ -175,10 +171,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
)

try:
if login_submission["type"] in (
LoginRestServlet.APPSERVICE_TYPE,
LoginRestServlet.APPSERVICE_TYPE_UNSTABLE,
):
if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
appservice = self.auth.get_appservice_by_req(request)

if appservice.is_rate_limited():
Expand All @@ -191,9 +184,9 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
appservice,
should_issue_refresh_token=should_issue_refresh_token,
)
elif self.jwt_enabled and (
login_submission["type"] == LoginRestServlet.JWT_TYPE
or login_submission["type"] == LoginRestServlet.JWT_TYPE_DEPRECATED
elif (
self.jwt_enabled
and login_submission["type"] == LoginRestServlet.JWT_TYPE
):
await self._address_ratelimiter.ratelimit(None, request.getClientIP())
result = await self._do_jwt_login(
Expand Down
4 changes: 1 addition & 3 deletions tests/handlers/test_password_providers.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,9 @@
from tests.test_utils import make_awaitable
from tests.unittest import override_config

# (possibly experimental) login flows we expect to appear in the list after the normal
# ones
# Login flows we expect to appear in the list after the normal ones.
ADDITIONAL_LOGIN_FLOWS = [
{"type": "m.login.application_service"},
{"type": "uk.half-shot.msc2778.login.application_service"},
]

# a mock instance which the dummy auth providers delegate to, so we can see what's going
Expand Down
4 changes: 1 addition & 3 deletions tests/rest/client/test_login.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,11 +81,9 @@
# the query params in TEST_CLIENT_REDIRECT_URL
EXPECTED_CLIENT_REDIRECT_URL_PARAMS = [("<ab c>", ""), ('q" =+"', '"fö&=o"')]

# (possibly experimental) login flows we expect to appear in the list after the normal
# ones
# Login flows we expect to appear in the list after the normal ones.
ADDITIONAL_LOGIN_FLOWS = [
{"type": "m.login.application_service"},
{"type": "uk.half-shot.msc2778.login.application_service"},
]


Expand Down

0 comments on commit ba3fd54

Please sign in to comment.