forked from MirrorHub/synapse
Ensure that the OpenID Connect remote ID is a string. (#8190)
This commit is contained in:
parent
5c03134d0f
commit
b055dc9322
3 changed files with 43 additions and 2 deletions
1
changelog.d/8190.bugfix
Normal file
1
changelog.d/8190.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix logging in via OpenID Connect with a provider that uses integer user IDs.
|
|
@ -869,6 +869,9 @@ class OidcHandler:
|
||||||
raise MappingException(
|
raise MappingException(
|
||||||
"Failed to extract subject from OIDC response: %s" % (e,)
|
"Failed to extract subject from OIDC response: %s" % (e,)
|
||||||
)
|
)
|
||||||
|
# Some OIDC providers use integer IDs, but Synapse expects external IDs
|
||||||
|
# to be strings.
|
||||||
|
remote_user_id = str(remote_user_id)
|
||||||
|
|
||||||
logger.info(
|
logger.info(
|
||||||
"Looking for existing mapping for user %s:%s",
|
"Looking for existing mapping for user %s:%s",
|
||||||
|
|
|
@ -75,7 +75,17 @@ COMMON_CONFIG = {
|
||||||
COOKIE_NAME = b"oidc_session"
|
COOKIE_NAME = b"oidc_session"
|
||||||
COOKIE_PATH = "/_synapse/oidc"
|
COOKIE_PATH = "/_synapse/oidc"
|
||||||
|
|
||||||
MockedMappingProvider = Mock(OidcMappingProvider)
|
|
||||||
|
class TestMappingProvider(OidcMappingProvider):
|
||||||
|
@staticmethod
|
||||||
|
def parse_config(config):
|
||||||
|
return
|
||||||
|
|
||||||
|
def get_remote_user_id(self, userinfo):
|
||||||
|
return userinfo["sub"]
|
||||||
|
|
||||||
|
async def map_user_attributes(self, userinfo, token):
|
||||||
|
return {"localpart": userinfo["username"], "display_name": None}
|
||||||
|
|
||||||
|
|
||||||
def simple_async_mock(return_value=None, raises=None):
|
def simple_async_mock(return_value=None, raises=None):
|
||||||
|
@ -123,7 +133,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
|
||||||
oidc_config["issuer"] = ISSUER
|
oidc_config["issuer"] = ISSUER
|
||||||
oidc_config["scopes"] = SCOPES
|
oidc_config["scopes"] = SCOPES
|
||||||
oidc_config["user_mapping_provider"] = {
|
oidc_config["user_mapping_provider"] = {
|
||||||
"module": __name__ + ".MockedMappingProvider"
|
"module": __name__ + ".TestMappingProvider",
|
||||||
}
|
}
|
||||||
config["oidc_config"] = oidc_config
|
config["oidc_config"] = oidc_config
|
||||||
|
|
||||||
|
@ -580,3 +590,30 @@ class OidcHandlerTestCase(HomeserverTestCase):
|
||||||
with self.assertRaises(OidcError) as exc:
|
with self.assertRaises(OidcError) as exc:
|
||||||
yield defer.ensureDeferred(self.handler._exchange_code(code))
|
yield defer.ensureDeferred(self.handler._exchange_code(code))
|
||||||
self.assertEqual(exc.exception.error, "some_error")
|
self.assertEqual(exc.exception.error, "some_error")
|
||||||
|
|
||||||
|
def test_map_userinfo_to_user(self):
|
||||||
|
"""Ensure that mapping the userinfo returned from a provider to an MXID works properly."""
|
||||||
|
userinfo = {
|
||||||
|
"sub": "test_user",
|
||||||
|
"username": "test_user",
|
||||||
|
}
|
||||||
|
# The token doesn't matter with the default user mapping provider.
|
||||||
|
token = {}
|
||||||
|
mxid = self.get_success(
|
||||||
|
self.handler._map_userinfo_to_user(
|
||||||
|
userinfo, token, "user-agent", "10.10.10.10"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
self.assertEqual(mxid, "@test_user:test")
|
||||||
|
|
||||||
|
# Some providers return an integer ID.
|
||||||
|
userinfo = {
|
||||||
|
"sub": 1234,
|
||||||
|
"username": "test_user_2",
|
||||||
|
}
|
||||||
|
mxid = self.get_success(
|
||||||
|
self.handler._map_userinfo_to_user(
|
||||||
|
userinfo, token, "user-agent", "10.10.10.10"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
self.assertEqual(mxid, "@test_user_2:test")
|
||||||
|
|
Loading…
Reference in a new issue