mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-25 10:19:22 -05:00
Carry IdP Session IDs through user-mapping sessions. (#13839)
Since #11482, we're saving sessions IDs from upstream IdPs, but we've been losing them when the user goes through a user mapping session on account registration.
This commit is contained in:
parent
a95ce6dd08
commit
50c92f3a69
1
changelog.d/13839.misc
Normal file
1
changelog.d/13839.misc
Normal file
@ -0,0 +1 @@
|
|||||||
|
Carry IdP Session IDs through user-mapping sessions.
|
@ -147,6 +147,9 @@ class UsernameMappingSession:
|
|||||||
# A unique identifier for this SSO provider, e.g. "oidc" or "saml".
|
# A unique identifier for this SSO provider, e.g. "oidc" or "saml".
|
||||||
auth_provider_id: str
|
auth_provider_id: str
|
||||||
|
|
||||||
|
# An optional session ID from the IdP.
|
||||||
|
auth_provider_session_id: Optional[str]
|
||||||
|
|
||||||
# user ID on the IdP server
|
# user ID on the IdP server
|
||||||
remote_user_id: str
|
remote_user_id: str
|
||||||
|
|
||||||
@ -464,6 +467,7 @@ class SsoHandler:
|
|||||||
client_redirect_url,
|
client_redirect_url,
|
||||||
next_step_url,
|
next_step_url,
|
||||||
extra_login_attributes,
|
extra_login_attributes,
|
||||||
|
auth_provider_session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
user_id = await self._register_mapped_user(
|
user_id = await self._register_mapped_user(
|
||||||
@ -585,6 +589,7 @@ class SsoHandler:
|
|||||||
client_redirect_url: str,
|
client_redirect_url: str,
|
||||||
next_step_url: bytes,
|
next_step_url: bytes,
|
||||||
extra_login_attributes: Optional[JsonDict],
|
extra_login_attributes: Optional[JsonDict],
|
||||||
|
auth_provider_session_id: Optional[str],
|
||||||
) -> NoReturn:
|
) -> NoReturn:
|
||||||
"""Creates a UsernameMappingSession and redirects the browser
|
"""Creates a UsernameMappingSession and redirects the browser
|
||||||
|
|
||||||
@ -607,6 +612,8 @@ class SsoHandler:
|
|||||||
extra_login_attributes: An optional dictionary of extra
|
extra_login_attributes: An optional dictionary of extra
|
||||||
attributes to be provided to the client in the login response.
|
attributes to be provided to the client in the login response.
|
||||||
|
|
||||||
|
auth_provider_session_id: An optional session ID from the IdP.
|
||||||
|
|
||||||
Raises:
|
Raises:
|
||||||
RedirectException
|
RedirectException
|
||||||
"""
|
"""
|
||||||
@ -615,6 +622,7 @@ class SsoHandler:
|
|||||||
now = self._clock.time_msec()
|
now = self._clock.time_msec()
|
||||||
session = UsernameMappingSession(
|
session = UsernameMappingSession(
|
||||||
auth_provider_id=auth_provider_id,
|
auth_provider_id=auth_provider_id,
|
||||||
|
auth_provider_session_id=auth_provider_session_id,
|
||||||
remote_user_id=remote_user_id,
|
remote_user_id=remote_user_id,
|
||||||
display_name=attributes.display_name,
|
display_name=attributes.display_name,
|
||||||
emails=attributes.emails,
|
emails=attributes.emails,
|
||||||
@ -968,6 +976,7 @@ class SsoHandler:
|
|||||||
session.client_redirect_url,
|
session.client_redirect_url,
|
||||||
session.extra_login_attributes,
|
session.extra_login_attributes,
|
||||||
new_user=True,
|
new_user=True,
|
||||||
|
auth_provider_session_id=session.auth_provider_session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
def _expire_old_sessions(self) -> None:
|
def _expire_old_sessions(self) -> None:
|
||||||
|
Loading…
Reference in New Issue
Block a user