Shell Turner
29205e9596
Conform better to the CAS protocol specification
...
Redirect to CAS's /login endpoint properly, and
don't require an <attributes> element.
Signed-off-by: Shell Turner <cam.turn@gmail.com>
2016-09-09 21:20:14 +01:00
Erik Johnston
866a5320de
Dont invoke get_handlers fromClientV1RestServlet
...
hs.get_handlers() can not be invoked from split out processes. Moving
the invocations down a level means that we can slowly split out
individual servlets.
2016-08-12 10:03:19 +01:00
David Baker
cd41c6ece2
Merge pull request #995 from matrix-org/rav/clean_up_cas_login
...
Clean up CAS login code
2016-08-09 10:21:56 +01:00
Richard van der Hoff
65666fedd5
Clean up CAS login code
...
Remove some apparently unused code.
Clean up parse_cas_response, mostly to catch the exception if the CAS response
isn't valid XML.
2016-08-08 17:17:25 +01:00
Richard van der Hoff
0682ca04b3
Fix CAS login
...
Attempting to log in with CAS was giving a 500 error.
2016-08-08 17:01:30 +01:00
Richard van der Hoff
436bffd15f
Implement deleting devices
2016-07-26 07:35:48 +01:00
Richard van der Hoff
f863a52cea
Add device_id support to /login
...
Add a 'devices' table to the storage, as well as a 'device_id' column to
refresh_tokens.
Allow the client to pass a device_id, and initial_device_display_name, to
/login. If login is successful, then register the device in the devices table
if it wasn't known already. If no device_id was supplied, make one up.
Associate the device_id with the access token and refresh token, so that we can
get at it again later. Ensure that the device_id is copied from the refresh
token to the access_token when the token is refreshed.
2016-07-18 16:39:44 +01:00
Richard van der Hoff
dcfd71aa4c
Refactor login flow
...
Make sure that we have the canonical user_id *before* calling
get_login_tuple_for_user_id.
Replace login_with_password with a method which just validates the password,
and have the caller call get_login_tuple_for_user_id. This brings the password
flow into line with the other flows, and will give us a place to register the
device_id if necessary.
2016-07-18 15:23:54 +01:00
David Baker
4a10510cd5
Split out the auth handler
2016-06-02 13:31:45 +01:00
Erik Johnston
52ecbc2843
Make pyjwt dependency optional
2016-04-25 14:30:15 +01:00
Niklas Riekenbrauck
565c2edb0a
Fix issues with JWT login
2016-04-21 18:10:48 +02:00
Niklas Riekenbrauck
3f9948a069
Add JWT support
2016-03-29 14:36:36 +02:00
Mark Haines
b7dbe5147a
Add a parse_json_object function
...
to deduplicate all the copy+pasted _parse_json functions. Also document
the parse_.* functions.
2016-03-09 11:26:26 +00:00
Mark Haines
7076082ae6
Fix relative imports so they work in both py3 and py27
2016-03-08 11:45:50 +00:00
Mark Haines
239badea9b
Use syntax that works on both py2.7 and py3
2016-03-07 20:13:10 +00:00
Gergely Polonkai
87acd8fb07
Fix to appease the PEP8 dragon
2016-02-26 12:05:38 +01:00
Gergely Polonkai
a53774721a
Add error codes for malformed/bad JSON in /login
...
Signed-off-by: Gergely Polonkai <gergely@polonkaieu>
2016-02-26 10:22:35 +01:00
Mark Haines
58c9f20692
Catch the exceptions thrown by twisted when you write to a closed connection
2016-02-12 13:46:59 +00:00
Daniel Wagner-Hall
d83d004ccd
Fix flake8 warnings for new flake8
2016-02-02 17:18:50 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Richard van der Hoff
32d9fd0b26
Expose /login under r0
...
The spec says /login should be available at r0 and 'unstable', so make it so.
2016-01-02 17:24:28 +00:00
Daniel Wagner-Hall
872c134807
Update endpoints to reflect current spec
2015-12-02 15:45:04 +00:00
Mark Haines
37b2d69bbc
Reuse a single http client, rather than creating new ones
2015-12-02 11:36:02 +00:00
Daniel Wagner-Hall
14d7acfad4
Host /unstable and /r0 versions of r0 APIs
2015-12-01 17:34:32 +00:00
Erik Johnston
e3dae653e8
Comment
2015-11-20 14:05:22 +00:00
Erik Johnston
37de8a7f4a
Remove m.login.token from advertised flows.
2015-11-19 16:16:49 +00:00
Steven Hammerton
ffdc8e5e1c
Snakes not camels
2015-11-11 14:26:47 +00:00
Steven Hammerton
2b779af10f
Minor review fixes
2015-11-11 11:21:43 +00:00
Steven Hammerton
414a4a71b4
Allow hs to do CAS login completely and issue the client with a login token that can be redeemed for the usual successful login response
2015-11-05 14:06:48 +00:00
Erik Johnston
259d10f0e4
Merge branch 'release-v0.10.1' of github.com:matrix-org/synapse into develop
2015-10-23 11:11:56 +01:00
Erik Johnston
5025ba959f
Add config option to disable password login
2015-10-22 10:37:04 +01:00
Kegan Dougal
ede07434e0
Use 403 and message to match handlers/auth
2015-10-21 09:42:07 +01:00
Kegan Dougal
b02a342750
Don't 500 when the email doesn't map to a valid user ID.
2015-10-20 11:07:50 +01:00
Mark Haines
1a934e8bfd
synapse.client.v1.login.LoginFallbackRestServlet and synapse.client.v1.login.PasswordResetRestServlet are unused
2015-10-15 11:09:57 +01:00
Steven Hammerton
739464fbc5
Add a comment to clarify why we split on closing curly brace when reading CAS attribute tags
2015-10-12 16:02:17 +01:00
Steven Hammerton
83b464e4f7
Unpack dictionary in for loop for nicer syntax
2015-10-12 15:05:34 +01:00
Steven Hammerton
7f8fdc9814
Remove not required parenthesis
2015-10-12 14:45:24 +01:00
Steven Hammerton
01a5f1991c
Support multiple required attributes in CAS response, and in a nicer config format too
2015-10-12 14:43:17 +01:00
Steven Hammerton
76421c496d
Allow optional config params for a required attribute and it's value, if specified any CAS user must have the given attribute and the value must equal
2015-10-12 11:11:49 +01:00
Steven Hammerton
7845f62c22
Parse both user and attributes from CAS response
2015-10-12 10:55:13 +01:00
Steven Hammerton
95f7661170
Raise LoginError if CasResponse doensn't contain user
2015-10-10 10:54:19 +01:00
Steven Hammerton
a9c299c0be
Fix my broken line splitting
2015-10-10 10:54:19 +01:00
Steven Hammerton
e52f4dc599
Use UserId to create FQ user id
2015-10-10 10:54:19 +01:00
Steven Hammerton
625e13bfde
Add get_raw method to SimpleHttpClient, use this in CAS auth rather than requests
2015-10-10 10:54:19 +01:00
Steven Hammerton
22112f8d14
Formatting changes
2015-10-10 10:49:42 +01:00
Steven Hammerton
c33f5c1a24
Provide ability to login using CAS
2015-10-10 10:49:42 +01:00
Daniel Wagner-Hall
d3c0e48859
Merge erikj/user_dedup to develop
2015-08-26 13:42:45 +01:00
David Baker
21b71b6d7c
Return fully qualified user_id as per spec
2015-08-20 21:54:53 +01:00
Daniel Wagner-Hall
e8cf77fa49
Merge branch 'develop' into refresh
...
Conflicts:
synapse/rest/client/v1/login.py
2015-08-20 16:25:40 +01:00
Daniel Wagner-Hall
cecbd636e9
/tokenrefresh POST endpoint
...
This allows refresh tokens to be exchanged for (access_token,
refresh_token).
It also starts issuing them on login, though no clients currently
interpret them.
2015-08-20 16:21:35 +01:00
David Baker
4cf302de5b
Comma comma comma comma comma chameleon
2015-08-20 10:31:18 +01:00
David Baker
c50ad14bae
Merge branch 'develop' into email_login
2015-08-20 10:16:01 +01:00
Daniel Wagner-Hall
415c2f0549
Simplify LoginHander and AuthHandler
...
* Merge LoginHandler -> AuthHandler
* Add a bunch of documentation
* Improve some naming
* Remove unused branches
I will start merging the actual logic of the two handlers shortly
2015-08-12 15:49:37 +01:00
David Baker
185ac7ee6c
Allow sign in using email address
2015-08-04 16:29:54 +01:00
Erik Johnston
f3049d0b81
Small tweaks to SAML2 configuration.
...
- Add saml2 config docs to default config.
- Use existence of saml2 config to indicate if saml2 should be enabled.
2015-07-10 10:50:14 +01:00
Muthu Subramanian
8cd34dfe95
Make SAML2 optional and add some references/comments
2015-07-09 13:34:47 +05:30
Muthu Subramanian
d2caa5351a
code beautify
2015-07-09 12:58:15 +05:30
Muthu Subramanian
77c5db5977
code beautify
2015-07-08 16:05:20 +05:30
Muthu Subramanian
81682d0f82
Integrate SAML2 basic authentication - uses pysaml2
2015-07-08 15:36:54 +05:30
Erik Johnston
4ebbaf0d43
Blunty replace json with simplejson
2015-02-11 14:23:10 +00:00
Mark Haines
4be637cb12
Extract the client v1 base RestServlet to a separate class
2015-01-23 14:09:51 +00:00
Mark Haines
97c68c508d
Move rest APIs back under the rest directory
2015-01-22 16:10:07 +00:00