mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-23 05:00:24 +03:00
Merge commit 'a0b8bf023f52bbfc4d4f2abe7a029c37ec14c644' into erikj/modular_1.3.2_prerelease
This commit is contained in:
commit
2ed75d2589
4 changed files with 17 additions and 2 deletions
1
changelog.d/6070.feature
Normal file
1
changelog.d/6070.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Handle userid clashes when authenticating via SAML by appending an integer suffix.
|
|
@ -1115,6 +1115,8 @@ saml2_config:
|
||||||
# Options include:
|
# Options include:
|
||||||
# * 'hexencode' (which maps unpermitted characters to '=xx')
|
# * 'hexencode' (which maps unpermitted characters to '=xx')
|
||||||
# * 'dotreplace' (which replaces unpermitted characters with '.').
|
# * 'dotreplace' (which replaces unpermitted characters with '.').
|
||||||
|
# * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
|
||||||
|
# unpermitted characters with '.')
|
||||||
# The default is 'hexencode'.
|
# The default is 'hexencode'.
|
||||||
#
|
#
|
||||||
#mxid_mapping: dotreplace
|
#mxid_mapping: dotreplace
|
||||||
|
|
|
@ -184,6 +184,8 @@ class SAML2Config(Config):
|
||||||
# Options include:
|
# Options include:
|
||||||
# * 'hexencode' (which maps unpermitted characters to '=xx')
|
# * 'hexencode' (which maps unpermitted characters to '=xx')
|
||||||
# * 'dotreplace' (which replaces unpermitted characters with '.').
|
# * 'dotreplace' (which replaces unpermitted characters with '.').
|
||||||
|
# * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
|
||||||
|
# unpermitted characters with '.')
|
||||||
# The default is 'hexencode'.
|
# The default is 'hexencode'.
|
||||||
#
|
#
|
||||||
#mxid_mapping: dotreplace
|
#mxid_mapping: dotreplace
|
||||||
|
@ -210,7 +212,7 @@ DOT_REPLACE_PATTERN = re.compile(
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def dot_replace_for_mxid(username: str) -> str:
|
def dotreplace_for_mxid(username: str) -> str:
|
||||||
username = username.lower()
|
username = username.lower()
|
||||||
username = DOT_REPLACE_PATTERN.sub(".", username)
|
username = DOT_REPLACE_PATTERN.sub(".", username)
|
||||||
|
|
||||||
|
@ -219,7 +221,15 @@ def dot_replace_for_mxid(username: str) -> str:
|
||||||
return username
|
return username
|
||||||
|
|
||||||
|
|
||||||
|
def dotreplace_email_localpart_for_mxid(username: str) -> str:
|
||||||
|
pos = username.find("@")
|
||||||
|
if pos >= 0:
|
||||||
|
username = username[:pos]
|
||||||
|
return dotreplace_for_mxid(username)
|
||||||
|
|
||||||
|
|
||||||
MXID_MAPPER_MAP = {
|
MXID_MAPPER_MAP = {
|
||||||
"hexencode": map_username_to_mxid_localpart,
|
"hexencode": map_username_to_mxid_localpart,
|
||||||
"dotreplace": dot_replace_for_mxid,
|
"dotreplace": dotreplace_for_mxid,
|
||||||
|
"dotreplace_email_localpart": dotreplace_email_localpart_for_mxid,
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,6 +111,8 @@ class SamlHandler:
|
||||||
logger.warning("SAML2 response was not signed")
|
logger.warning("SAML2 response was not signed")
|
||||||
raise SynapseError(400, "SAML2 response was not signed")
|
raise SynapseError(400, "SAML2 response was not signed")
|
||||||
|
|
||||||
|
logger.info("Got SAML2 reponse with attributes: %s", saml2_auth.ava)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
remote_user_id = saml2_auth.ava["uid"][0]
|
remote_user_id = saml2_auth.ava["uid"][0]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
|
|
Loading…
Reference in a new issue