Carry IdP Session IDs through user-mapping sessions. (#13839)

Since #11482, we're saving sessions IDs from upstream IdPs, but we've been losing them when the user goes through a user mapping session on account registration.
This commit is contained in:
Quentin Gliech 2022-09-27 15:38:14 +02:00 committed by GitHub
parent a95ce6dd08
commit 50c92f3a69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions

1
changelog.d/13839.misc Normal file
View File

@ -0,0 +1 @@
Carry IdP Session IDs through user-mapping sessions.

View File

@ -147,6 +147,9 @@ class UsernameMappingSession:
# A unique identifier for this SSO provider, e.g. "oidc" or "saml". # A unique identifier for this SSO provider, e.g. "oidc" or "saml".
auth_provider_id: str auth_provider_id: str
# An optional session ID from the IdP.
auth_provider_session_id: Optional[str]
# user ID on the IdP server # user ID on the IdP server
remote_user_id: str remote_user_id: str
@ -464,6 +467,7 @@ class SsoHandler:
client_redirect_url, client_redirect_url,
next_step_url, next_step_url,
extra_login_attributes, extra_login_attributes,
auth_provider_session_id,
) )
user_id = await self._register_mapped_user( user_id = await self._register_mapped_user(
@ -585,6 +589,7 @@ class SsoHandler:
client_redirect_url: str, client_redirect_url: str,
next_step_url: bytes, next_step_url: bytes,
extra_login_attributes: Optional[JsonDict], extra_login_attributes: Optional[JsonDict],
auth_provider_session_id: Optional[str],
) -> NoReturn: ) -> NoReturn:
"""Creates a UsernameMappingSession and redirects the browser """Creates a UsernameMappingSession and redirects the browser
@ -607,6 +612,8 @@ class SsoHandler:
extra_login_attributes: An optional dictionary of extra extra_login_attributes: An optional dictionary of extra
attributes to be provided to the client in the login response. attributes to be provided to the client in the login response.
auth_provider_session_id: An optional session ID from the IdP.
Raises: Raises:
RedirectException RedirectException
""" """
@ -615,6 +622,7 @@ class SsoHandler:
now = self._clock.time_msec() now = self._clock.time_msec()
session = UsernameMappingSession( session = UsernameMappingSession(
auth_provider_id=auth_provider_id, auth_provider_id=auth_provider_id,
auth_provider_session_id=auth_provider_session_id,
remote_user_id=remote_user_id, remote_user_id=remote_user_id,
display_name=attributes.display_name, display_name=attributes.display_name,
emails=attributes.emails, emails=attributes.emails,
@ -968,6 +976,7 @@ class SsoHandler:
session.client_redirect_url, session.client_redirect_url,
session.extra_login_attributes, session.extra_login_attributes,
new_user=True, new_user=True,
auth_provider_session_id=session.auth_provider_session_id,
) )
def _expire_old_sessions(self) -> None: def _expire_old_sessions(self) -> None: