Merge commit 'a0b8bf023f52bbfc4d4f2abe7a029c37ec14c644' into erikj/modular_1.3.2_prerelease

2024-10-01 01:36:05 -04:00 · 2019-09-20 10:21:29 +01:00 · 2019-09-20 10:21:29 +01:00 · 2ed75d2589
commit 2ed75d2589
parent 321c054366 a0b8bf023f
4 changed files with 17 additions and 2 deletions
--- a/changelog.d/6070.feature
+++ b/changelog.d/6070.feature
@ -0,0 +1 @@
+Handle userid clashes when authenticating via SAML by appending an integer suffix.
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@ -1115,6 +1115,8 @@ saml2_config:
  # Options include:
  #  * 'hexencode' (which maps unpermitted characters to '=xx')
  #  * 'dotreplace' (which replaces unpermitted characters with '.').
+  #  * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
+  #         unpermitted characters with '.')
  # The default is 'hexencode'.
  #
  #mxid_mapping: dotreplace
--- a/synapse/config/saml2_config.py
+++ b/synapse/config/saml2_config.py
@ -184,6 +184,8 @@ class SAML2Config(Config):
          # Options include:
          #  * 'hexencode' (which maps unpermitted characters to '=xx')
          #  * 'dotreplace' (which replaces unpermitted characters with '.').
+          #  * 'dotreplace_email_localpart' (truncates at the first '@' and replaces
+          #         unpermitted characters with '.')
          # The default is 'hexencode'.
          #
          #mxid_mapping: dotreplace
@ -210,7 +212,7 @@ DOT_REPLACE_PATTERN = re.compile(
 )


-def dot_replace_for_mxid(username: str) -> str:
+def dotreplace_for_mxid(username: str) -> str:
    username = username.lower()
    username = DOT_REPLACE_PATTERN.sub(".", username)

@ -219,7 +221,15 @@ def dot_replace_for_mxid(username: str) -> str:
    return username


+def dotreplace_email_localpart_for_mxid(username: str) -> str:
+    pos = username.find("@")
+    if pos >= 0:
+        username = username[:pos]
+    return dotreplace_for_mxid(username)
+
+
 MXID_MAPPER_MAP = {
    "hexencode": map_username_to_mxid_localpart,
-    "dotreplace": dot_replace_for_mxid,
+    "dotreplace": dotreplace_for_mxid,
+    "dotreplace_email_localpart": dotreplace_email_localpart_for_mxid,
 }
--- a/synapse/handlers/saml_handler.py
+++ b/synapse/handlers/saml_handler.py
@ -111,6 +111,8 @@ class SamlHandler:
            logger.warning("SAML2 response was not signed")
            raise SynapseError(400, "SAML2 response was not signed")

+        logger.info("Got SAML2 reponse with attributes: %s", saml2_auth.ava)
+
        try:
            remote_user_id = saml2_auth.ava["uid"][0]
        except KeyError:
				`@ -0,0 +1 @@`
				`Handle userid clashes when authenticating via SAML by appending an integer suffix.`