Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Fix error messages from OIDC config parsing #9153

Merged
merged 2 commits into from
Jan 19, 2021
Merged

Fix error messages from OIDC config parsing #9153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6027d58
Fix error messages from OIDC config parsing
richvdh Jan 18, 2021
5f0bdad
fix enumeration of `oidc_providers`.
richvdh Jan 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/9153.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for multiple SSO Identity Providers.
25 changes: 15 additions & 10 deletions synapse/config/oidc_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
# limitations under the License.

import string
from typing import Iterable, Optional, Type
from typing import Iterable, Optional, Tuple, Type

import attr

Expand Down Expand Up @@ -280,8 +280,8 @@ def _parse_oidc_provider_configs(config: JsonDict) -> Iterable["OidcProviderConf
"""
validate_config(MAIN_CONFIG_SCHEMA, config, ())

for p in config.get("oidc_providers") or []:
yield _parse_oidc_config_dict(p)
for i, p in enumerate(config.get("oidc_providers") or []):
yield _parse_oidc_config_dict(p, ("oidc_providers", "<item %i>" % (i,)))

# for backwards-compatibility, it is also possible to provide a single "oidc_config"
# object with an "enabled: True" property.
Expand All @@ -291,10 +291,12 @@ def _parse_oidc_provider_configs(config: JsonDict) -> Iterable["OidcProviderConf
# it matches OIDC_PROVIDER_CONFIG_SCHEMA (see the comments on OIDC_CONFIG_SCHEMA
# above), so now we need to validate it.
validate_config(OIDC_PROVIDER_CONFIG_SCHEMA, oidc_config, ("oidc_config",))
yield _parse_oidc_config_dict(oidc_config)
yield _parse_oidc_config_dict(oidc_config, ("oidc_config",))


def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
def _parse_oidc_config_dict(
oidc_config: JsonDict, config_path: Tuple[str, ...]
) -> "OidcProviderConfig":
"""Take the configuration dict and parse it into an OidcProviderConfig

Raises:
Expand All @@ -305,7 +307,7 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
ump_config.setdefault("config", {})

(user_mapping_provider_class, user_mapping_provider_config,) = load_module(
ump_config, ("oidc_config", "user_mapping_provider")
ump_config, config_path + ("user_mapping_provider",)
)

# Ensure loaded user mapping module has defined all necessary methods
Expand All @@ -320,9 +322,9 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
]
if missing_methods:
raise ConfigError(
"Class specified by oidc_config."
"user_mapping_provider.module is missing required "
"methods: %s" % (", ".join(missing_methods),)
"Class %s is missing required "
"methods: %s" % (user_mapping_provider_class, ", ".join(missing_methods),),
config_path + ("user_mapping_provider", "module"),
)

# MSC2858 will appy certain limits in what can be used as an IdP id, so let's
Expand All @@ -331,7 +333,10 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
valid_idp_chars = set(string.ascii_letters + string.digits + "-._~")

if any(c not in valid_idp_chars for c in idp_id):
raise ConfigError('idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"')
raise ConfigError(
'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"',
config_path + ("idp_id",),
)

return OidcProviderConfig(
idp_id=idp_id,
Expand Down