forked from MirrorHub/synapse
Tighten the restrictions on idp_id
(#9177)
This commit is contained in:
parent
0cd2938bc8
commit
e51b2f3f91
2 changed files with 10 additions and 3 deletions
1
changelog.d/9177.feature
Normal file
1
changelog.d/9177.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add support for multiple SSO Identity Providers.
|
|
@ -331,17 +331,23 @@ def _parse_oidc_config_dict(
|
||||||
config_path + ("user_mapping_provider", "module"),
|
config_path + ("user_mapping_provider", "module"),
|
||||||
)
|
)
|
||||||
|
|
||||||
# MSC2858 will appy certain limits in what can be used as an IdP id, so let's
|
# MSC2858 will apply certain limits in what can be used as an IdP id, so let's
|
||||||
# enforce those limits now.
|
# enforce those limits now.
|
||||||
|
# TODO: factor out this stuff to a generic function
|
||||||
idp_id = oidc_config.get("idp_id", "oidc")
|
idp_id = oidc_config.get("idp_id", "oidc")
|
||||||
valid_idp_chars = set(string.ascii_letters + string.digits + "-._~")
|
valid_idp_chars = set(string.ascii_lowercase + string.digits + "-._")
|
||||||
|
|
||||||
if any(c not in valid_idp_chars for c in idp_id):
|
if any(c not in valid_idp_chars for c in idp_id):
|
||||||
raise ConfigError(
|
raise ConfigError(
|
||||||
'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"',
|
'idp_id may only contain a-z, 0-9, "-", ".", "_"',
|
||||||
config_path + ("idp_id",),
|
config_path + ("idp_id",),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if idp_id[0] not in string.ascii_lowercase:
|
||||||
|
raise ConfigError(
|
||||||
|
"idp_id must start with a-z", config_path + ("idp_id",),
|
||||||
|
)
|
||||||
|
|
||||||
# MSC2858 also specifies that the idp_icon must be a valid MXC uri
|
# MSC2858 also specifies that the idp_icon must be a valid MXC uri
|
||||||
idp_icon = oidc_config.get("idp_icon")
|
idp_icon = oidc_config.get("idp_icon")
|
||||||
if idp_icon is not None:
|
if idp_icon is not None:
|
||||||
|
|
Loading…
Reference in a new issue