Ensure that the OpenID Connect remote ID is a string. (#8190)

This commit is contained in:
Patrick Cloke 2020-08-28 08:56:36 -04:00 committed by GitHub
parent 5c03134d0f
commit b055dc9322
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 2 deletions

1
changelog.d/8190.bugfix Normal file
View file

@ -0,0 +1 @@
Fix logging in via OpenID Connect with a provider that uses integer user IDs.

View file

@ -869,6 +869,9 @@ class OidcHandler:
raise MappingException( raise MappingException(
"Failed to extract subject from OIDC response: %s" % (e,) "Failed to extract subject from OIDC response: %s" % (e,)
) )
# Some OIDC providers use integer IDs, but Synapse expects external IDs
# to be strings.
remote_user_id = str(remote_user_id)
logger.info( logger.info(
"Looking for existing mapping for user %s:%s", "Looking for existing mapping for user %s:%s",

View file

@ -75,7 +75,17 @@ COMMON_CONFIG = {
COOKIE_NAME = b"oidc_session" COOKIE_NAME = b"oidc_session"
COOKIE_PATH = "/_synapse/oidc" COOKIE_PATH = "/_synapse/oidc"
MockedMappingProvider = Mock(OidcMappingProvider)
class TestMappingProvider(OidcMappingProvider):
@staticmethod
def parse_config(config):
return
def get_remote_user_id(self, userinfo):
return userinfo["sub"]
async def map_user_attributes(self, userinfo, token):
return {"localpart": userinfo["username"], "display_name": None}
def simple_async_mock(return_value=None, raises=None): def simple_async_mock(return_value=None, raises=None):
@ -123,7 +133,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
oidc_config["issuer"] = ISSUER oidc_config["issuer"] = ISSUER
oidc_config["scopes"] = SCOPES oidc_config["scopes"] = SCOPES
oidc_config["user_mapping_provider"] = { oidc_config["user_mapping_provider"] = {
"module": __name__ + ".MockedMappingProvider" "module": __name__ + ".TestMappingProvider",
} }
config["oidc_config"] = oidc_config config["oidc_config"] = oidc_config
@ -580,3 +590,30 @@ class OidcHandlerTestCase(HomeserverTestCase):
with self.assertRaises(OidcError) as exc: with self.assertRaises(OidcError) as exc:
yield defer.ensureDeferred(self.handler._exchange_code(code)) yield defer.ensureDeferred(self.handler._exchange_code(code))
self.assertEqual(exc.exception.error, "some_error") self.assertEqual(exc.exception.error, "some_error")
def test_map_userinfo_to_user(self):
"""Ensure that mapping the userinfo returned from a provider to an MXID works properly."""
userinfo = {
"sub": "test_user",
"username": "test_user",
}
# The token doesn't matter with the default user mapping provider.
token = {}
mxid = self.get_success(
self.handler._map_userinfo_to_user(
userinfo, token, "user-agent", "10.10.10.10"
)
)
self.assertEqual(mxid, "@test_user:test")
# Some providers return an integer ID.
userinfo = {
"sub": 1234,
"username": "test_user_2",
}
mxid = self.get_success(
self.handler._map_userinfo_to_user(
userinfo, token, "user-agent", "10.10.10.10"
)
)
self.assertEqual(mxid, "@test_user_2:test")