Push login completion down into SsoHandler (#8941)

This is another part of my work towards fixing #8876. It moves some of the logic currently in the SAML and OIDC handlers - in particular the call to `AuthHandler.complete_sso_login` down into the `SsoHandler`.
2025-05-06 13:44:57 -04:00 · 2020-12-16 20:01:53 +00:00 · 2020-12-16 20:01:53 +00:00 · e1b8e37f93
commit e1b8e37f93
parent 44b7d4c6d6
5 changed files with 80 additions and 86 deletions
--- a/synapse/handlers/saml_handler.py
+++ b/synapse/handlers/saml_handler.py
@ -58,8 +58,6 @@ class SamlHandler(BaseHandler):
        super().__init__(hs)
        self._saml_client = Saml2Client(hs.config.saml2_sp_config)
        self._saml_idp_entityid = hs.config.saml2_idp_entityid
-        self._auth_handler = hs.get_auth_handler()
-        self._registration_handler = hs.get_registration_handler()

        self._saml2_session_lifetime = hs.config.saml2_session_lifetime
        self._grandfathered_mxid_source_attribute = (
@ -229,40 +227,29 @@ class SamlHandler(BaseHandler):
                )
                return

-        # Pull out the user-agent and IP from the request.
-        user_agent = request.get_user_agent("")
-        ip_address = self.hs.get_ip_from_request(request)
-
        # Call the mapper to register/login the user
        try:
-            user_id = await self._map_saml_response_to_user(
-                saml2_auth, relay_state, user_agent, ip_address
-            )
+            await self._complete_saml_login(saml2_auth, request, relay_state)
        except MappingException as e:
            logger.exception("Could not map user")
            self._sso_handler.render_error(request, "mapping_error", str(e))
-            return

-        await self._auth_handler.complete_sso_login(user_id, request, relay_state)
-
-    async def _map_saml_response_to_user(
+    async def _complete_saml_login(
        self,
        saml2_auth: saml2.response.AuthnResponse,
+        request: SynapseRequest,
        client_redirect_url: str,
-        user_agent: str,
-        ip_address: str,
-    ) -> str:
+    ) -> None:
        """
-        Given a SAML response, retrieve the user ID for it and possibly register the user.
+        Given a SAML response, complete the login flow
+
+        Retrieves the remote user ID, registers the user if necessary, and serves
+        a redirect back to the client with a login-token.

        Args:
            saml2_auth: The parsed SAML2 response.
+            request: The request to respond to
            client_redirect_url: The redirect URL passed in by the client.
-            user_agent: The user agent of the client making the request.
-            ip_address: The IP address of the client making the request.
-
-        Returns:
-             The user ID associated with this response.

        Raises:
            MappingException if there was a problem mapping the response to a user.
@ -318,11 +305,11 @@ class SamlHandler(BaseHandler):

            return None

-        return await self._sso_handler.get_mxid_from_sso(
+        await self._sso_handler.complete_sso_login_request(
            self._auth_provider_id,
            remote_user_id,
-            user_agent,
-            ip_address,
+            request,
+            client_redirect_url,
            saml_response_to_remapped_user_attributes,
            grandfather_existing_users,
        )