Support m.login.sso (#4220)

* Clean up the CSS for the fallback login form I was finding this hard to work with, so simplify a bunch of things. Each flow is now a form inside a div of class login_flow. The login_flow class now has a fixed width, as that looks much better than each flow having a differnt width. * Support m.login.sso MSC1721 renames m.login.cas to m.login.sso. This implements the change (retaining support for m.login.cas for older clients). * changelog
2024-10-01 11:49:51 -04:00 · 2018-11-27 08:51:52 +01:00 · 2018-11-27 08:51:52 +01:00 · 944d524f18
commit 944d524f18
parent a44c0a096f
5 changed files with 50 additions and 52 deletions
--- a/changelog.d/4220.feature
+++ b/changelog.d/4220.feature
@ -0,0 +1 @@
+Rename login type m.login.cas to m.login.sso
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@ -27,7 +27,7 @@ from twisted.web.client import PartialDownloadError

 from synapse.api.errors import Codes, LoginError, SynapseError
 from synapse.http.server import finish_request
-from synapse.http.servlet import parse_json_object_from_request
+from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.types import UserID
 from synapse.util.msisdn import phone_number_to_msisdn

@ -83,6 +83,7 @@ class LoginRestServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns("/login$")
    SAML2_TYPE = "m.login.saml2"
    CAS_TYPE = "m.login.cas"
+    SSO_TYPE = "m.login.sso"
    TOKEN_TYPE = "m.login.token"
    JWT_TYPE = "m.login.jwt"

@ -105,6 +106,10 @@ class LoginRestServlet(ClientV1RestServlet):
        if self.saml2_enabled:
            flows.append({"type": LoginRestServlet.SAML2_TYPE})
        if self.cas_enabled:
+            flows.append({"type": LoginRestServlet.SSO_TYPE})
+
+            # we advertise CAS for backwards compat, though MSC1721 renamed it
+            # to SSO.
            flows.append({"type": LoginRestServlet.CAS_TYPE})

            # While its valid for us to advertise this login type generally,
@ -384,11 +389,11 @@ class SAML2RestServlet(ClientV1RestServlet):
        defer.returnValue((200, {"status": "not_authenticated"}))


-class CasRedirectServlet(ClientV1RestServlet):
-    PATTERNS = client_path_patterns("/login/cas/redirect", releases=())
+class CasRedirectServlet(RestServlet):
+    PATTERNS = client_path_patterns("/login/(cas|sso)/redirect")

    def __init__(self, hs):
-        super(CasRedirectServlet, self).__init__(hs)
+        super(CasRedirectServlet, self).__init__()
        self.cas_server_url = hs.config.cas_server_url.encode('ascii')
        self.cas_service_url = hs.config.cas_service_url.encode('ascii')

--- a/synapse/static/client/login/index.html
+++ b/synapse/static/client/login/index.html
@ -12,35 +12,30 @@
        <h1>Log in with one of the following methods</h1>

        <span id="feedback" style="color: #f00"></span>
-        <br/>
-        <br/>

        <div id="loading">
            <img src="spinner.gif" />
        </div>

-        <div id="cas_flow" class="login_flow" style="display:none"
-                onclick="gotoCas(); return false;">
-            CAS Authentication: <button id="cas_button" style="margin: 10px">Log in</button>
+        <div id="sso_flow" class="login_flow" style="display:none">
+            Single-sign on:
+            <form id="sso_form" action="/_matrix/client/r0/login/sso/redirect" method="get">
+                <input id="sso_redirect_url" type="hidden" name="redirectUrl" value=""/>
+                <input type="submit" value="Log in"/>
+            </form>
        </div>

-        <br/>
+        <div id="password_flow" class="login_flow" style="display:none">
+            Password Authentication:
+            <form onsubmit="matrixLogin.password_login(); return false;">
+                <input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" />
+                <br/>
+                <input id="password" size="32" type="password" placeholder="Password"/>
+                <br/>

-        <form id="password_form" class="login_flow" style="display:none"
-                onsubmit="matrixLogin.password_login(); return false;">
-            <div>
-                Password Authentication:<br/>
-
-                <div style="text-align: center">
-                    <input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" />
-                    <br/>
-                    <input id="password" size="32" type="password" placeholder="Password"/>
-                    <br/>
-
-                    <button type="submit" style="margin: 10px">Log in</button>
-                </div>
-            </div>
-        </form>
+                <input type="submit" value="Log in"/>
+            </form>
+        </div>

        <div id="no_login_types" type="button" class="login_flow" style="display:none">
            Log in currently unavailable.
--- a/synapse/static/client/login/js/login.js
+++ b/synapse/static/client/login/js/login.js
@ -1,7 +1,8 @@
 window.matrixLogin = {
-    endpoint: location.origin + "/_matrix/client/api/v1/login",
+    endpoint: location.origin + "/_matrix/client/r0/login",
    serverAcceptsPassword: false,
-    serverAcceptsCas: false
+    serverAcceptsCas: false,
+    serverAcceptsSso: false,
 };

 var submitPassword = function(user, pwd) {
@ -40,12 +41,6 @@ var errorFunc = function(err) {
    }
 };

-var gotoCas = function() {
-    var this_page = window.location.origin + window.location.pathname;
-    var redirect_url = matrixLogin.endpoint + "/cas/redirect?redirectUrl=" + encodeURIComponent(this_page);
-    window.location.replace(redirect_url);
-}
-
 var setFeedbackString = function(text) {
    $("#feedback").text(text);
 };
@ -53,12 +48,18 @@ var setFeedbackString = function(text) {
 var show_login = function() {
    $("#loading").hide();

+    var this_page = window.location.origin + window.location.pathname;
+    $("#sso_redirect_url").val(encodeURIComponent(this_page));
+
    if (matrixLogin.serverAcceptsPassword) {
-        $("#password_form").show();
+        $("#password_flow").show();
    }

-    if (matrixLogin.serverAcceptsCas) {
-        $("#cas_flow").show();
+    if (matrixLogin.serverAcceptsSso) {
+        $("#sso_flow").show();
+    } else if (matrixLogin.serverAcceptsCas) {
+        $("#sso_form").attr("action", "/_matrix/client/r0/login/cas/redirect");
+        $("#sso_flow").show();
    }

    if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) {
@ -67,8 +68,8 @@ var show_login = function() {
 };

 var show_spinner = function() {
-    $("#password_form").hide();
-    $("#cas_flow").hide();
+    $("#password_flow").hide();
+    $("#sso_flow").hide();
    $("#no_login_types").hide();
    $("#loading").show();
 };
@ -84,7 +85,10 @@ var fetch_info = function(cb) {
                matrixLogin.serverAcceptsCas = true;
                console.log("Server accepts CAS");
            }
-
+            if ("m.login.sso" === flow.type) {
+                matrixLogin.serverAcceptsSso = true;
+                console.log("Server accepts SSO");
+            }
            if ("m.login.password" === flow.type) {
                matrixLogin.serverAcceptsPassword = true;
                console.log("Server accepts password");
--- a/synapse/static/client/login/style.css
+++ b/synapse/static/client/login/style.css
@ -19,30 +19,23 @@ a:hover   { color: #000; }
 a:active  { color: #000; }

 input {
-   width: 90%
-}
-
-textarea, input {
-   font-family: inherit;
-   font-size: inherit;
   margin: 5px;
 }

-.smallPrint {
-    color: #888;
-    font-size: 9pt ! important;
-    font-style: italic ! important;
+textbox, input[type="text"], input[type="password"] {
+   width: 90%;
 }

-.g-recaptcha div {
-    margin: auto;
+form {
+    text-align: center;
+    margin: 10px 0 0 0;
 }

 .login_flow {
+    width: 300px;
    text-align: left;
    padding: 10px;
    margin-bottom: 40px;
-    display: inline-block;

    -webkit-border-radius: 10px;
    -moz-border-radius: 10px;
				`@ -0,0 +1 @@`
				`Rename login type m.login.cas to m.login.sso`