mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-22 20:50:23 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit 'a0b8bf023f52bbfc4d4f2abe7a029c37ec14c644' into erikj/modular_1.3.2_prerelease

Browse source
This commit is contained in:
Richard van der Hoff 2019-09-20 10:21:29 +01:00
commit 2ed75d2589
4 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/6070.feature Normal file
View file

@ -0,0 +1 @@
Handle userid clashes when authenticating via SAML by appending an integer suffix.

2
docs/sample_config.yaml
View file

@ -1115,6 +1115,8 @@ saml2_config:
# Options include: # Options include:
# * 'hexencode' (which maps unpermitted characters to '=xx') # * 'hexencode' (which maps unpermitted characters to '=xx')
# * 'dotreplace' (which replaces unpermitted characters with '.'). # * 'dotreplace' (which replaces unpermitted characters with '.').
# * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
# unpermitted characters with '.')
# The default is 'hexencode'. # The default is 'hexencode'.
# #
#mxid_mapping: dotreplace #mxid_mapping: dotreplace

14
synapse/config/saml2_config.py
View file

@ -184,6 +184,8 @@ class SAML2Config(Config):
# Options include: # Options include:
# * 'hexencode' (which maps unpermitted characters to '=xx') # * 'hexencode' (which maps unpermitted characters to '=xx')
# * 'dotreplace' (which replaces unpermitted characters with '.'). # * 'dotreplace' (which replaces unpermitted characters with '.').
# * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
# unpermitted characters with '.')
# The default is 'hexencode'. # The default is 'hexencode'.
# #
#mxid_mapping: dotreplace #mxid_mapping: dotreplace
@ -210,7 +212,7 @@ DOT_REPLACE_PATTERN = re.compile(
) )
def dot_replace_for_mxid(username: str) -> str: def dotreplace_for_mxid(username: str) -> str:
username = username.lower() username = username.lower()
username = DOT_REPLACE_PATTERN.sub(".", username) username = DOT_REPLACE_PATTERN.sub(".", username)
@ -219,7 +221,15 @@ def dot_replace_for_mxid(username: str) -> str:
return username return username
def dotreplace_email_localpart_for_mxid(username: str) -> str:
pos = username.find("@")
if pos >= 0:
username = username[:pos]
return dotreplace_for_mxid(username)
MXID_MAPPER_MAP = { MXID_MAPPER_MAP = {
"hexencode": map_username_to_mxid_localpart, "hexencode": map_username_to_mxid_localpart,
"dotreplace": dot_replace_for_mxid, "dotreplace": dotreplace_for_mxid,
"dotreplace_email_localpart": dotreplace_email_localpart_for_mxid,
} }

2
synapse/handlers/saml_handler.py
View file

@ -111,6 +111,8 @@ class SamlHandler:
logger.warning("SAML2 response was not signed") logger.warning("SAML2 response was not signed")
raise SynapseError(400, "SAML2 response was not signed") raise SynapseError(400, "SAML2 response was not signed")
logger.info("Got SAML2 reponse with attributes: %s", saml2_auth.ava)
try: try:
remote_user_id = saml2_auth.ava["uid"][0] remote_user_id = saml2_auth.ava["uid"][0]
except KeyError: except KeyError: