mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Support m.login.sso (#4220)
* Clean up the CSS for the fallback login form I was finding this hard to work with, so simplify a bunch of things. Each flow is now a form inside a div of class login_flow. The login_flow class now has a fixed width, as that looks much better than each flow having a differnt width. * Support m.login.sso MSC1721 renames m.login.cas to m.login.sso. This implements the change (retaining support for m.login.cas for older clients). * changelog
This commit is contained in:
parent
a44c0a096f
commit
944d524f18
1
changelog.d/4220.feature
Normal file
1
changelog.d/4220.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Rename login type m.login.cas to m.login.sso
|
@ -27,7 +27,7 @@ from twisted.web.client import PartialDownloadError
|
|||||||
|
|
||||||
from synapse.api.errors import Codes, LoginError, SynapseError
|
from synapse.api.errors import Codes, LoginError, SynapseError
|
||||||
from synapse.http.server import finish_request
|
from synapse.http.server import finish_request
|
||||||
from synapse.http.servlet import parse_json_object_from_request
|
from synapse.http.servlet import RestServlet, parse_json_object_from_request
|
||||||
from synapse.types import UserID
|
from synapse.types import UserID
|
||||||
from synapse.util.msisdn import phone_number_to_msisdn
|
from synapse.util.msisdn import phone_number_to_msisdn
|
||||||
|
|
||||||
@ -83,6 +83,7 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||||||
PATTERNS = client_path_patterns("/login$")
|
PATTERNS = client_path_patterns("/login$")
|
||||||
SAML2_TYPE = "m.login.saml2"
|
SAML2_TYPE = "m.login.saml2"
|
||||||
CAS_TYPE = "m.login.cas"
|
CAS_TYPE = "m.login.cas"
|
||||||
|
SSO_TYPE = "m.login.sso"
|
||||||
TOKEN_TYPE = "m.login.token"
|
TOKEN_TYPE = "m.login.token"
|
||||||
JWT_TYPE = "m.login.jwt"
|
JWT_TYPE = "m.login.jwt"
|
||||||
|
|
||||||
@ -105,6 +106,10 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||||||
if self.saml2_enabled:
|
if self.saml2_enabled:
|
||||||
flows.append({"type": LoginRestServlet.SAML2_TYPE})
|
flows.append({"type": LoginRestServlet.SAML2_TYPE})
|
||||||
if self.cas_enabled:
|
if self.cas_enabled:
|
||||||
|
flows.append({"type": LoginRestServlet.SSO_TYPE})
|
||||||
|
|
||||||
|
# we advertise CAS for backwards compat, though MSC1721 renamed it
|
||||||
|
# to SSO.
|
||||||
flows.append({"type": LoginRestServlet.CAS_TYPE})
|
flows.append({"type": LoginRestServlet.CAS_TYPE})
|
||||||
|
|
||||||
# While its valid for us to advertise this login type generally,
|
# While its valid for us to advertise this login type generally,
|
||||||
@ -384,11 +389,11 @@ class SAML2RestServlet(ClientV1RestServlet):
|
|||||||
defer.returnValue((200, {"status": "not_authenticated"}))
|
defer.returnValue((200, {"status": "not_authenticated"}))
|
||||||
|
|
||||||
|
|
||||||
class CasRedirectServlet(ClientV1RestServlet):
|
class CasRedirectServlet(RestServlet):
|
||||||
PATTERNS = client_path_patterns("/login/cas/redirect", releases=())
|
PATTERNS = client_path_patterns("/login/(cas|sso)/redirect")
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(CasRedirectServlet, self).__init__(hs)
|
super(CasRedirectServlet, self).__init__()
|
||||||
self.cas_server_url = hs.config.cas_server_url.encode('ascii')
|
self.cas_server_url = hs.config.cas_server_url.encode('ascii')
|
||||||
self.cas_service_url = hs.config.cas_service_url.encode('ascii')
|
self.cas_service_url = hs.config.cas_service_url.encode('ascii')
|
||||||
|
|
||||||
|
@ -12,35 +12,30 @@
|
|||||||
<h1>Log in with one of the following methods</h1>
|
<h1>Log in with one of the following methods</h1>
|
||||||
|
|
||||||
<span id="feedback" style="color: #f00"></span>
|
<span id="feedback" style="color: #f00"></span>
|
||||||
<br/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
<div id="loading">
|
<div id="loading">
|
||||||
<img src="spinner.gif" />
|
<img src="spinner.gif" />
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="cas_flow" class="login_flow" style="display:none"
|
<div id="sso_flow" class="login_flow" style="display:none">
|
||||||
onclick="gotoCas(); return false;">
|
Single-sign on:
|
||||||
CAS Authentication: <button id="cas_button" style="margin: 10px">Log in</button>
|
<form id="sso_form" action="/_matrix/client/r0/login/sso/redirect" method="get">
|
||||||
|
<input id="sso_redirect_url" type="hidden" name="redirectUrl" value=""/>
|
||||||
|
<input type="submit" value="Log in"/>
|
||||||
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<br/>
|
<div id="password_flow" class="login_flow" style="display:none">
|
||||||
|
Password Authentication:
|
||||||
|
<form onsubmit="matrixLogin.password_login(); return false;">
|
||||||
|
<input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" />
|
||||||
|
<br/>
|
||||||
|
<input id="password" size="32" type="password" placeholder="Password"/>
|
||||||
|
<br/>
|
||||||
|
|
||||||
<form id="password_form" class="login_flow" style="display:none"
|
<input type="submit" value="Log in"/>
|
||||||
onsubmit="matrixLogin.password_login(); return false;">
|
</form>
|
||||||
<div>
|
</div>
|
||||||
Password Authentication:<br/>
|
|
||||||
|
|
||||||
<div style="text-align: center">
|
|
||||||
<input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" />
|
|
||||||
<br/>
|
|
||||||
<input id="password" size="32" type="password" placeholder="Password"/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
<button type="submit" style="margin: 10px">Log in</button>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</form>
|
|
||||||
|
|
||||||
<div id="no_login_types" type="button" class="login_flow" style="display:none">
|
<div id="no_login_types" type="button" class="login_flow" style="display:none">
|
||||||
Log in currently unavailable.
|
Log in currently unavailable.
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
window.matrixLogin = {
|
window.matrixLogin = {
|
||||||
endpoint: location.origin + "/_matrix/client/api/v1/login",
|
endpoint: location.origin + "/_matrix/client/r0/login",
|
||||||
serverAcceptsPassword: false,
|
serverAcceptsPassword: false,
|
||||||
serverAcceptsCas: false
|
serverAcceptsCas: false,
|
||||||
|
serverAcceptsSso: false,
|
||||||
};
|
};
|
||||||
|
|
||||||
var submitPassword = function(user, pwd) {
|
var submitPassword = function(user, pwd) {
|
||||||
@ -40,12 +41,6 @@ var errorFunc = function(err) {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
var gotoCas = function() {
|
|
||||||
var this_page = window.location.origin + window.location.pathname;
|
|
||||||
var redirect_url = matrixLogin.endpoint + "/cas/redirect?redirectUrl=" + encodeURIComponent(this_page);
|
|
||||||
window.location.replace(redirect_url);
|
|
||||||
}
|
|
||||||
|
|
||||||
var setFeedbackString = function(text) {
|
var setFeedbackString = function(text) {
|
||||||
$("#feedback").text(text);
|
$("#feedback").text(text);
|
||||||
};
|
};
|
||||||
@ -53,12 +48,18 @@ var setFeedbackString = function(text) {
|
|||||||
var show_login = function() {
|
var show_login = function() {
|
||||||
$("#loading").hide();
|
$("#loading").hide();
|
||||||
|
|
||||||
|
var this_page = window.location.origin + window.location.pathname;
|
||||||
|
$("#sso_redirect_url").val(encodeURIComponent(this_page));
|
||||||
|
|
||||||
if (matrixLogin.serverAcceptsPassword) {
|
if (matrixLogin.serverAcceptsPassword) {
|
||||||
$("#password_form").show();
|
$("#password_flow").show();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (matrixLogin.serverAcceptsCas) {
|
if (matrixLogin.serverAcceptsSso) {
|
||||||
$("#cas_flow").show();
|
$("#sso_flow").show();
|
||||||
|
} else if (matrixLogin.serverAcceptsCas) {
|
||||||
|
$("#sso_form").attr("action", "/_matrix/client/r0/login/cas/redirect");
|
||||||
|
$("#sso_flow").show();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) {
|
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) {
|
||||||
@ -67,8 +68,8 @@ var show_login = function() {
|
|||||||
};
|
};
|
||||||
|
|
||||||
var show_spinner = function() {
|
var show_spinner = function() {
|
||||||
$("#password_form").hide();
|
$("#password_flow").hide();
|
||||||
$("#cas_flow").hide();
|
$("#sso_flow").hide();
|
||||||
$("#no_login_types").hide();
|
$("#no_login_types").hide();
|
||||||
$("#loading").show();
|
$("#loading").show();
|
||||||
};
|
};
|
||||||
@ -84,7 +85,10 @@ var fetch_info = function(cb) {
|
|||||||
matrixLogin.serverAcceptsCas = true;
|
matrixLogin.serverAcceptsCas = true;
|
||||||
console.log("Server accepts CAS");
|
console.log("Server accepts CAS");
|
||||||
}
|
}
|
||||||
|
if ("m.login.sso" === flow.type) {
|
||||||
|
matrixLogin.serverAcceptsSso = true;
|
||||||
|
console.log("Server accepts SSO");
|
||||||
|
}
|
||||||
if ("m.login.password" === flow.type) {
|
if ("m.login.password" === flow.type) {
|
||||||
matrixLogin.serverAcceptsPassword = true;
|
matrixLogin.serverAcceptsPassword = true;
|
||||||
console.log("Server accepts password");
|
console.log("Server accepts password");
|
||||||
|
@ -19,30 +19,23 @@ a:hover { color: #000; }
|
|||||||
a:active { color: #000; }
|
a:active { color: #000; }
|
||||||
|
|
||||||
input {
|
input {
|
||||||
width: 90%
|
|
||||||
}
|
|
||||||
|
|
||||||
textarea, input {
|
|
||||||
font-family: inherit;
|
|
||||||
font-size: inherit;
|
|
||||||
margin: 5px;
|
margin: 5px;
|
||||||
}
|
}
|
||||||
|
|
||||||
.smallPrint {
|
textbox, input[type="text"], input[type="password"] {
|
||||||
color: #888;
|
width: 90%;
|
||||||
font-size: 9pt ! important;
|
|
||||||
font-style: italic ! important;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
.g-recaptcha div {
|
form {
|
||||||
margin: auto;
|
text-align: center;
|
||||||
|
margin: 10px 0 0 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
.login_flow {
|
.login_flow {
|
||||||
|
width: 300px;
|
||||||
text-align: left;
|
text-align: left;
|
||||||
padding: 10px;
|
padding: 10px;
|
||||||
margin-bottom: 40px;
|
margin-bottom: 40px;
|
||||||
display: inline-block;
|
|
||||||
|
|
||||||
-webkit-border-radius: 10px;
|
-webkit-border-radius: 10px;
|
||||||
-moz-border-radius: 10px;
|
-moz-border-radius: 10px;
|
||||||
|
Loading…
Reference in New Issue
Block a user