This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Combine the SSO Redirect Servlets #9015
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
One thing I don't really like here: an "Identity Provider" here is essentially the same thing as the So, opinions? |
richvdh
force-pushed
the
rav/multi_idp/auth_provider_class
branch
2 times, most recently
from
d78c9d1
to
b3924c2
Compare
richvdh
commented
Jan 4, 2021
synapse/rest/client/v1/login.py
Outdated
Comment on lines
407
to
411
| return await self._oidc_handler.handle_redirect_request( | ||
| request, client_redirect_url | ||
| ) | ||
| return ( | ||
| await self._oidc_handler.handle_redirect_request( | ||
| request, client_redirect_url | ||
| ) | ||
| ).encode("utf8") |
There was a problem hiding this comment.
note that this was previously returning a str where a bytes was expected. (It worked ok because you can request.redirect() to either a str or a bytes, but it was violating the type annotation)
richvdh
force-pushed
the
rav/multi_idp/auth_provider_class
branch
3 times, most recently
from
8323dd7
to
c5a6b19
Compare
richvdh
commented
Jan 4, 2021
| request: SynapseRequest, | ||
| client_redirect_url: Optional[bytes], | ||
| ui_auth_session_id: Optional[str] = None, | ||
| ) -> str: |
There was a problem hiding this comment.
it always returned a str, but the declaration was incorrect. Again, it worked because you can request.redirect to a bytes or a str.
... to make it match OidcHandler and SamlHandler
Make it accept `client_redirect_url=None`.
... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`.
Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP.
richvdh
force-pushed
the
rav/multi_idp/auth_provider_class
branch
from
c5a6b19
to
1df4714
Compare
clokep
reviewed
Jan 4, 2021
| return await ap.handle_redirect_request(request, client_redirect_url) | ||
|
|
||
| # otherwise, we have a configuration error | ||
| raise Exception("Multiple SSO identity providers have been configured!") |
There was a problem hiding this comment.
I think this is a slight behavior change, previously if you had multiple SSO providers enabled than we would prioritize CAS, then SAML, then OIDC. I think this was broken / kind of unsupported though so I don't mind making it more explicit. Should we raise this error during register_identity_provider instead of waiting for a request?
I assume there's a master plan here to support pivoting here eventually when there's multiple SSO provider support?
There was a problem hiding this comment.
yup, a PR is about to arrive! I literally just threw in this exception so that there's something sensible between PRs. I think it's fine for now.
| def register_servlets(hs, http_server): | ||
| LoginRestServlet(hs).register(http_server) | ||
| SsoRedirectServlet(hs).register(http_server) |
There was a problem hiding this comment.
Do we care if this gets enabled when SSO isn't enabled? Seems a bit odd, but theoretically nothing should call it.
There was a problem hiding this comment.
Yeah, I don't think it matters really?
There was a problem hiding this comment.
I don't think it matters. Just wanted to point it out.
Comment on lines
+103
to
+105
| sso_redirect_url = await sso_auth_provider.handle_redirect_request( | ||
| request, None, session | ||
| ) |
There was a problem hiding this comment.
It seems like this code should be replaced with a call to the SsoHandler which passes onto whatever is registered?
There was a problem hiding this comment.
yes, probably. Can I punt that for now?
There was a problem hiding this comment.
Yeah. I'd love if we eventually go to the point where there wasn't if-statements all over that choose which SSO provider to use. I think that fits into your plans though.
clokep
approved these changes
Jan 4, 2021
clokep
added a commit
that referenced
this pull request
Jan 20, 2021
Synapse 1.26.0rc1 (2021-01-20) ============================== This release brings a new schema version for Synapse and rolling back to a previous verious is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. Features -------- - Add support for multiple SSO Identity Providers. ([\#9015](#9015), [\#9017](#9017), [\#9036](#9036), [\#9067](#9067), [\#9081](#9081), [\#9082](#9082), [\#9105](#9105), [\#9107](#9107), [\#9109](#9109), [\#9110](#9110), [\#9127](#9127), [\#9153](#9153), [\#9154](#9154), [\#9177](#9177)) - During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](#9091)) - Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](#9159)) - Improve performance when calculating ignored users in large rooms. ([\#9024](#9024)) - Implement [MSC2176](matrix-org/matrix-spec-proposals#2176) in an experimental room version. ([\#8984](#8984)) - Add an admin API for protecting local media from quarantine. ([\#9086](#9086)) - Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](#8932)) - Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](#8948)) - Add experimental support for handling to-device messages on worker processes. ([\#9042](#9042), [\#9043](#9043), [\#9044](#9044), [\#9130](#9130)) - Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](#9068)) - Add experimental support for handling `/devices` API on worker processes. ([\#9092](#9092)) - Add experimental support for moving off receipts and account data persistence off master. ([\#9104](#9104), [\#9166](#9166)) Bugfixes -------- - Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](#9023)) - Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](#9028)) - Fix error handling during insertion of client IPs into the database. ([\#9051](#9051)) - Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](#9053)) - Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](#9054)) - Fix incorrect exit code when there is an error at startup. ([\#9059](#9059)) - Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](#9070)) - Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](#9071)) - Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](#9114), [\#9116](#9116)) - Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](#9117)) - Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](#9128)) - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](#9108)) - Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](#9145)) - Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](#9161)) Improved Documentation ---------------------- - Add some extra docs for getting Synapse running on macOS. ([\#8997](#8997)) - Correct a typo in the `systemd-with-workers` documentation. ([\#9035](#9035)) - Correct a typo in `INSTALL.md`. ([\#9040](#9040)) - Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](#9057)) - Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](#9151)) Deprecations and Removals ------------------------- - Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](#9039)) Internal Changes ---------------- - Improve efficiency of large state resolutions. ([\#8868](#8868), [\#9029](#9029), [\#9115](#9115), [\#9118](#9118), [\#9124](#9124)) - Various clean-ups to the structured logging and logging context code. ([\#8939](#8939)) - Ensure rejected events get added to some metadata tables. ([\#9016](#9016)) - Ignore date-rotated homeserver logs saved to disk. ([\#9018](#9018)) - Remove an unused column from `access_tokens` table. ([\#9025](#9025)) - Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](#9030)) - Fix running unit tests when optional dependencies are not installed. ([\#9031](#9031)) - Allow bumping schema version when using split out state database. ([\#9033](#9033)) - Configure the linters to run on a consistent set of files. ([\#9038](#9038)) - Various cleanups to device inbox store. ([\#9041](#9041)) - Drop unused database tables. ([\#9055](#9055)) - Remove unused `SynapseService` class. ([\#9058](#9058)) - Remove unnecessary declarations in the tests for the admin API. ([\#9063](#9063)) - Remove `SynapseRequest.get_user_agent`. ([\#9069](#9069)) - Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](#9080)) - Add type hints to media repository. ([\#9093](#9093)) - Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](#9098)) - Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](#9106)) - Improve `UsernamePickerTestCase`. ([\#9112](#9112)) - Remove dependency on `distutils`. ([\#9125](#9125)) - Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](#9144)) - Fix the Python 3.5 / old dependencies build in CI. ([\#9146](#9146)) - Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](#9157))
richvdh
added a commit
that referenced
this pull request
Jan 27, 2021
Synapse 1.26.0 (2021-01-27) =========================== This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. No significant changes since 1.26.0rc2. Synapse 1.26.0rc2 (2021-01-25) ============================== Bugfixes -------- - Fix receipts and account data not being sent down sync. Introduced in v1.26.0rc1. ([\#9193](#9193), [\#9195](#9195)) - Fix chain cover update to handle events with duplicate auth events. Introduced in v1.26.0rc1. ([\#9210](#9210)) Internal Changes ---------------- - Add an `oidc-` prefix to any `idp_id`s which are given in the `oidc_providers` configuration. ([\#9189](#9189)) - Bump minimum `psycopg2` version to v2.8. ([\#9204](#9204)) Synapse 1.26.0rc1 (2021-01-20) ============================== This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. Features -------- - Add support for multiple SSO Identity Providers. ([\#9015](#9015), [\#9017](#9017), [\#9036](#9036), [\#9067](#9067), [\#9081](#9081), [\#9082](#9082), [\#9105](#9105), [\#9107](#9107), [\#9109](#9109), [\#9110](#9110), [\#9127](#9127), [\#9153](#9153), [\#9154](#9154), [\#9177](#9177)) - During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](#9091)) - Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](#9159)) - Improve performance when calculating ignored users in large rooms. ([\#9024](#9024)) - Implement [MSC2176](matrix-org/matrix-spec-proposals#2176) in an experimental room version. ([\#8984](#8984)) - Add an admin API for protecting local media from quarantine. ([\#9086](#9086)) - Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](#8932)) - Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](#8948)) - Add experimental support for handling to-device messages on worker processes. ([\#9042](#9042), [\#9043](#9043), [\#9044](#9044), [\#9130](#9130)) - Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](#9068)) - Add experimental support for handling `/devices` API on worker processes. ([\#9092](#9092)) - Add experimental support for moving off receipts and account data persistence off master. ([\#9104](#9104), [\#9166](#9166)) Bugfixes -------- - Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](#9023)) - Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](#9028)) - Fix error handling during insertion of client IPs into the database. ([\#9051](#9051)) - Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](#9053)) - Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](#9054)) - Fix incorrect exit code when there is an error at startup. ([\#9059](#9059)) - Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](#9070)) - Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](#9071)) - Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](#9114), [\#9116](#9116)) - Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](#9117)) - Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](#9128)) - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](#9108)) - Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](#9145)) - Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](#9161)) Improved Documentation ---------------------- - Add some extra docs for getting Synapse running on macOS. ([\#8997](#8997)) - Correct a typo in the `systemd-with-workers` documentation. ([\#9035](#9035)) - Correct a typo in `INSTALL.md`. ([\#9040](#9040)) - Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](#9057)) - Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](#9151)) Deprecations and Removals ------------------------- - Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](#9039)) Internal Changes ---------------- - Improve efficiency of large state resolutions. ([\#8868](#8868), [\#9029](#9029), [\#9115](#9115), [\#9118](#9118), [\#9124](#9124)) - Various clean-ups to the structured logging and logging context code. ([\#8939](#8939)) - Ensure rejected events get added to some metadata tables. ([\#9016](#9016)) - Ignore date-rotated homeserver logs saved to disk. ([\#9018](#9018)) - Remove an unused column from `access_tokens` table. ([\#9025](#9025)) - Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](#9030)) - Fix running unit tests when optional dependencies are not installed. ([\#9031](#9031)) - Allow bumping schema version when using split out state database. ([\#9033](#9033)) - Configure the linters to run on a consistent set of files. ([\#9038](#9038)) - Various cleanups to device inbox store. ([\#9041](#9041)) - Drop unused database tables. ([\#9055](#9055)) - Remove unused `SynapseService` class. ([\#9058](#9058)) - Remove unnecessary declarations in the tests for the admin API. ([\#9063](#9063)) - Remove `SynapseRequest.get_user_agent`. ([\#9069](#9069)) - Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](#9080)) - Add type hints to media repository. ([\#9093](#9093)) - Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](#9098)) - Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](#9106)) - Improve `UsernamePickerTestCase`. ([\#9112](#9112)) - Remove dependency on `distutils`. ([\#9125](#9125)) - Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](#9144)) - Fix the Python 3.5 / old dependencies build in CI. ([\#9146](#9146)) - Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](#9157))
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jan 31, 2021
Synapse 1.26.0 (2021-01-27) =========================== This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. No significant changes since 1.26.0rc2. Synapse 1.26.0rc2 (2021-01-25) ============================== Bugfixes -------- - Fix receipts and account data not being sent down sync. Introduced in v1.26.0rc1. ([\#9193](matrix-org/synapse#9193), [\#9195](matrix-org/synapse#9195)) - Fix chain cover update to handle events with duplicate auth events. Introduced in v1.26.0rc1. ([\#9210](matrix-org/synapse#9210)) Internal Changes ---------------- - Add an `oidc-` prefix to any `idp_id`s which are given in the `oidc_providers` configuration. ([\#9189](matrix-org/synapse#9189)) - Bump minimum `psycopg2` version to v2.8. ([\#9204](matrix-org/synapse#9204)) Synapse 1.26.0rc1 (2021-01-20) ============================== This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. Features -------- - Add support for multiple SSO Identity Providers. ([\#9015](matrix-org/synapse#9015), [\#9017](matrix-org/synapse#9017), [\#9036](matrix-org/synapse#9036), [\#9067](matrix-org/synapse#9067), [\#9081](matrix-org/synapse#9081), [\#9082](matrix-org/synapse#9082), [\#9105](matrix-org/synapse#9105), [\#9107](matrix-org/synapse#9107), [\#9109](matrix-org/synapse#9109), [\#9110](matrix-org/synapse#9110), [\#9127](matrix-org/synapse#9127), [\#9153](matrix-org/synapse#9153), [\#9154](matrix-org/synapse#9154), [\#9177](matrix-org/synapse#9177)) - During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](matrix-org/synapse#9091)) - Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](matrix-org/synapse#9159)) - Improve performance when calculating ignored users in large rooms. ([\#9024](matrix-org/synapse#9024)) - Implement [MSC2176](matrix-org/matrix-spec-proposals#2176) in an experimental room version. ([\#8984](matrix-org/synapse#8984)) - Add an admin API for protecting local media from quarantine. ([\#9086](matrix-org/synapse#9086)) - Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](matrix-org/synapse#8932)) - Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](matrix-org/synapse#8948)) - Add experimental support for handling to-device messages on worker processes. ([\#9042](matrix-org/synapse#9042), [\#9043](matrix-org/synapse#9043), [\#9044](matrix-org/synapse#9044), [\#9130](matrix-org/synapse#9130)) - Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](matrix-org/synapse#9068)) - Add experimental support for handling `/devices` API on worker processes. ([\#9092](matrix-org/synapse#9092)) - Add experimental support for moving off receipts and account data persistence off master. ([\#9104](matrix-org/synapse#9104), [\#9166](matrix-org/synapse#9166)) Bugfixes -------- - Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](matrix-org/synapse#9023)) - Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](matrix-org/synapse#9028)) - Fix error handling during insertion of client IPs into the database. ([\#9051](matrix-org/synapse#9051)) - Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](matrix-org/synapse#9053)) - Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](matrix-org/synapse#9054)) - Fix incorrect exit code when there is an error at startup. ([\#9059](matrix-org/synapse#9059)) - Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](matrix-org/synapse#9070)) - Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](matrix-org/synapse#9071)) - Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](matrix-org/synapse#9114), [\#9116](matrix-org/synapse#9116)) - Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](matrix-org/synapse#9117)) - Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](matrix-org/synapse#9128)) - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](matrix-org/synapse#9108)) - Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](matrix-org/synapse#9145)) - Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](matrix-org/synapse#9161)) Improved Documentation ---------------------- - Add some extra docs for getting Synapse running on macOS. ([\#8997](matrix-org/synapse#8997)) - Correct a typo in the `systemd-with-workers` documentation. ([\#9035](matrix-org/synapse#9035)) - Correct a typo in `INSTALL.md`. ([\#9040](matrix-org/synapse#9040)) - Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](matrix-org/synapse#9057)) - Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](matrix-org/synapse#9151)) Deprecations and Removals ------------------------- - Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](matrix-org/synapse#9039)) Internal Changes ---------------- - Improve efficiency of large state resolutions. ([\#8868](matrix-org/synapse#8868), [\#9029](matrix-org/synapse#9029), [\#9115](matrix-org/synapse#9115), [\#9118](matrix-org/synapse#9118), [\#9124](matrix-org/synapse#9124)) - Various clean-ups to the structured logging and logging context code. ([\#8939](matrix-org/synapse#8939)) - Ensure rejected events get added to some metadata tables. ([\#9016](matrix-org/synapse#9016)) - Ignore date-rotated homeserver logs saved to disk. ([\#9018](matrix-org/synapse#9018)) - Remove an unused column from `access_tokens` table. ([\#9025](matrix-org/synapse#9025)) - Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](matrix-org/synapse#9030)) - Fix running unit tests when optional dependencies are not installed. ([\#9031](matrix-org/synapse#9031)) - Allow bumping schema version when using split out state database. ([\#9033](matrix-org/synapse#9033)) - Configure the linters to run on a consistent set of files. ([\#9038](matrix-org/synapse#9038)) - Various cleanups to device inbox store. ([\#9041](matrix-org/synapse#9041)) - Drop unused database tables. ([\#9055](matrix-org/synapse#9055)) - Remove unused `SynapseService` class. ([\#9058](matrix-org/synapse#9058)) - Remove unnecessary declarations in the tests for the admin API. ([\#9063](matrix-org/synapse#9063)) - Remove `SynapseRequest.get_user_agent`. ([\#9069](matrix-org/synapse#9069)) - Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](matrix-org/synapse#9080)) - Add type hints to media repository. ([\#9093](matrix-org/synapse#9093)) - Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](matrix-org/synapse#9098)) - Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](matrix-org/synapse#9106)) - Improve `UsernamePickerTestCase`. ([\#9112](matrix-org/synapse#9112)) - Remove dependency on `distutils`. ([\#9125](matrix-org/synapse#9125)) - Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](matrix-org/synapse#9144)) - Fix the Python 3.5 / old dependencies build in CI. ([\#9146](matrix-org/synapse#9146)) - Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](matrix-org/synapse#9157))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is some prep work for supporting multiple SSO identity providers. First of all, I've extracted a common
Protocolclass for things which implement an identity provider. Currently this is just CAS, SAML and OIDC, but the intention is to split theOidcHandlerup a bit in future so that we have oneOidcProviderfor each OIDC IdP, each of which implements theSsoIdentityProviderprotocol.Then we can combine the current
*RedirectServlets into a singleSsoRedirectServletwhich delegates (for now) to which ever IdP has been configured.Suggest reviewing the PR commit by commit.