mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-14 13:13:50 +01:00
Remove unstable/unspecced login types. (#12597)
* `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release.
This commit is contained in:
parent
b2df0716bc
commit
ba3fd54bad
6 changed files with 14 additions and 20 deletions
|
@ -1,3 +1,9 @@
|
||||||
|
Synapse 1.59.0
|
||||||
|
==============
|
||||||
|
|
||||||
|
The non-standard `m.login.jwt` login type has been removed from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration.
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.58.0 (2022-05-03)
|
Synapse 1.58.0 (2022-05-03)
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
|
2
changelog.d/12597.removal
Normal file
2
changelog.d/12597.removal
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from
|
||||||
|
[MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778).
|
|
@ -17,9 +17,6 @@ follows:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that the login type of `m.login.jwt` is supported, but is deprecated. This
|
|
||||||
will be removed in a future version of Synapse.
|
|
||||||
|
|
||||||
The `token` field should include the JSON web token with the following claims:
|
The `token` field should include the JSON web token with the following claims:
|
||||||
|
|
||||||
* A claim that encodes the local part of the user ID is required. By default,
|
* A claim that encodes the local part of the user ID is required. By default,
|
||||||
|
|
|
@ -69,9 +69,7 @@ class LoginRestServlet(RestServlet):
|
||||||
SSO_TYPE = "m.login.sso"
|
SSO_TYPE = "m.login.sso"
|
||||||
TOKEN_TYPE = "m.login.token"
|
TOKEN_TYPE = "m.login.token"
|
||||||
JWT_TYPE = "org.matrix.login.jwt"
|
JWT_TYPE = "org.matrix.login.jwt"
|
||||||
JWT_TYPE_DEPRECATED = "m.login.jwt"
|
|
||||||
APPSERVICE_TYPE = "m.login.application_service"
|
APPSERVICE_TYPE = "m.login.application_service"
|
||||||
APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service"
|
|
||||||
REFRESH_TOKEN_PARAM = "refresh_token"
|
REFRESH_TOKEN_PARAM = "refresh_token"
|
||||||
|
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
|
@ -126,7 +124,6 @@ class LoginRestServlet(RestServlet):
|
||||||
flows: List[JsonDict] = []
|
flows: List[JsonDict] = []
|
||||||
if self.jwt_enabled:
|
if self.jwt_enabled:
|
||||||
flows.append({"type": LoginRestServlet.JWT_TYPE})
|
flows.append({"type": LoginRestServlet.JWT_TYPE})
|
||||||
flows.append({"type": LoginRestServlet.JWT_TYPE_DEPRECATED})
|
|
||||||
|
|
||||||
if self.cas_enabled:
|
if self.cas_enabled:
|
||||||
# we advertise CAS for backwards compat, though MSC1721 renamed it
|
# we advertise CAS for backwards compat, though MSC1721 renamed it
|
||||||
|
@ -156,7 +153,6 @@ class LoginRestServlet(RestServlet):
|
||||||
flows.extend({"type": t} for t in self.auth_handler.get_supported_login_types())
|
flows.extend({"type": t} for t in self.auth_handler.get_supported_login_types())
|
||||||
|
|
||||||
flows.append({"type": LoginRestServlet.APPSERVICE_TYPE})
|
flows.append({"type": LoginRestServlet.APPSERVICE_TYPE})
|
||||||
flows.append({"type": LoginRestServlet.APPSERVICE_TYPE_UNSTABLE})
|
|
||||||
|
|
||||||
return 200, {"flows": flows}
|
return 200, {"flows": flows}
|
||||||
|
|
||||||
|
@ -175,10 +171,7 @@ class LoginRestServlet(RestServlet):
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if login_submission["type"] in (
|
if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
|
||||||
LoginRestServlet.APPSERVICE_TYPE,
|
|
||||||
LoginRestServlet.APPSERVICE_TYPE_UNSTABLE,
|
|
||||||
):
|
|
||||||
appservice = self.auth.get_appservice_by_req(request)
|
appservice = self.auth.get_appservice_by_req(request)
|
||||||
|
|
||||||
if appservice.is_rate_limited():
|
if appservice.is_rate_limited():
|
||||||
|
@ -191,9 +184,9 @@ class LoginRestServlet(RestServlet):
|
||||||
appservice,
|
appservice,
|
||||||
should_issue_refresh_token=should_issue_refresh_token,
|
should_issue_refresh_token=should_issue_refresh_token,
|
||||||
)
|
)
|
||||||
elif self.jwt_enabled and (
|
elif (
|
||||||
login_submission["type"] == LoginRestServlet.JWT_TYPE
|
self.jwt_enabled
|
||||||
or login_submission["type"] == LoginRestServlet.JWT_TYPE_DEPRECATED
|
and login_submission["type"] == LoginRestServlet.JWT_TYPE
|
||||||
):
|
):
|
||||||
await self._address_ratelimiter.ratelimit(None, request.getClientIP())
|
await self._address_ratelimiter.ratelimit(None, request.getClientIP())
|
||||||
result = await self._do_jwt_login(
|
result = await self._do_jwt_login(
|
||||||
|
|
|
@ -30,11 +30,9 @@ from tests.server import FakeChannel
|
||||||
from tests.test_utils import make_awaitable
|
from tests.test_utils import make_awaitable
|
||||||
from tests.unittest import override_config
|
from tests.unittest import override_config
|
||||||
|
|
||||||
# (possibly experimental) login flows we expect to appear in the list after the normal
|
# Login flows we expect to appear in the list after the normal ones.
|
||||||
# ones
|
|
||||||
ADDITIONAL_LOGIN_FLOWS = [
|
ADDITIONAL_LOGIN_FLOWS = [
|
||||||
{"type": "m.login.application_service"},
|
{"type": "m.login.application_service"},
|
||||||
{"type": "uk.half-shot.msc2778.login.application_service"},
|
|
||||||
]
|
]
|
||||||
|
|
||||||
# a mock instance which the dummy auth providers delegate to, so we can see what's going
|
# a mock instance which the dummy auth providers delegate to, so we can see what's going
|
||||||
|
|
|
@ -81,11 +81,9 @@ TEST_CLIENT_REDIRECT_URL = 'https://x?<ab c>&q"+%3D%2B"="fö%26=o"'
|
||||||
# the query params in TEST_CLIENT_REDIRECT_URL
|
# the query params in TEST_CLIENT_REDIRECT_URL
|
||||||
EXPECTED_CLIENT_REDIRECT_URL_PARAMS = [("<ab c>", ""), ('q" =+"', '"fö&=o"')]
|
EXPECTED_CLIENT_REDIRECT_URL_PARAMS = [("<ab c>", ""), ('q" =+"', '"fö&=o"')]
|
||||||
|
|
||||||
# (possibly experimental) login flows we expect to appear in the list after the normal
|
# Login flows we expect to appear in the list after the normal ones.
|
||||||
# ones
|
|
||||||
ADDITIONAL_LOGIN_FLOWS = [
|
ADDITIONAL_LOGIN_FLOWS = [
|
||||||
{"type": "m.login.application_service"},
|
{"type": "m.login.application_service"},
|
||||||
{"type": "uk.half-shot.msc2778.login.application_service"},
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue