Support m.login.sso (#4220)

* Clean up the CSS for the fallback login form

I was finding this hard to work with, so simplify a bunch of things. Each
flow is now a form inside a div of class login_flow.

The login_flow class now has a fixed width, as that looks much better than each
flow having a differnt width.

* Support m.login.sso

MSC1721 renames m.login.cas to m.login.sso. This implements the change
(retaining support for m.login.cas for older clients).

* changelog
This commit is contained in:
Richard van der Hoff 2018-11-27 08:51:52 +01:00 committed by Amber Brown
parent a44c0a096f
commit 944d524f18
5 changed files with 50 additions and 52 deletions

1
changelog.d/4220.feature Normal file
View File

@ -0,0 +1 @@
Rename login type m.login.cas to m.login.sso

View File

@ -27,7 +27,7 @@ from twisted.web.client import PartialDownloadError
from synapse.api.errors import Codes, LoginError, SynapseError from synapse.api.errors import Codes, LoginError, SynapseError
from synapse.http.server import finish_request from synapse.http.server import finish_request
from synapse.http.servlet import parse_json_object_from_request from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.types import UserID from synapse.types import UserID
from synapse.util.msisdn import phone_number_to_msisdn from synapse.util.msisdn import phone_number_to_msisdn
@ -83,6 +83,7 @@ class LoginRestServlet(ClientV1RestServlet):
PATTERNS = client_path_patterns("/login$") PATTERNS = client_path_patterns("/login$")
SAML2_TYPE = "m.login.saml2" SAML2_TYPE = "m.login.saml2"
CAS_TYPE = "m.login.cas" CAS_TYPE = "m.login.cas"
SSO_TYPE = "m.login.sso"
TOKEN_TYPE = "m.login.token" TOKEN_TYPE = "m.login.token"
JWT_TYPE = "m.login.jwt" JWT_TYPE = "m.login.jwt"
@ -105,6 +106,10 @@ class LoginRestServlet(ClientV1RestServlet):
if self.saml2_enabled: if self.saml2_enabled:
flows.append({"type": LoginRestServlet.SAML2_TYPE}) flows.append({"type": LoginRestServlet.SAML2_TYPE})
if self.cas_enabled: if self.cas_enabled:
flows.append({"type": LoginRestServlet.SSO_TYPE})
# we advertise CAS for backwards compat, though MSC1721 renamed it
# to SSO.
flows.append({"type": LoginRestServlet.CAS_TYPE}) flows.append({"type": LoginRestServlet.CAS_TYPE})
# While its valid for us to advertise this login type generally, # While its valid for us to advertise this login type generally,
@ -384,11 +389,11 @@ class SAML2RestServlet(ClientV1RestServlet):
defer.returnValue((200, {"status": "not_authenticated"})) defer.returnValue((200, {"status": "not_authenticated"}))
class CasRedirectServlet(ClientV1RestServlet): class CasRedirectServlet(RestServlet):
PATTERNS = client_path_patterns("/login/cas/redirect", releases=()) PATTERNS = client_path_patterns("/login/(cas|sso)/redirect")
def __init__(self, hs): def __init__(self, hs):
super(CasRedirectServlet, self).__init__(hs) super(CasRedirectServlet, self).__init__()
self.cas_server_url = hs.config.cas_server_url.encode('ascii') self.cas_server_url = hs.config.cas_server_url.encode('ascii')
self.cas_service_url = hs.config.cas_service_url.encode('ascii') self.cas_service_url = hs.config.cas_service_url.encode('ascii')

View File

@ -12,35 +12,30 @@
<h1>Log in with one of the following methods</h1> <h1>Log in with one of the following methods</h1>
<span id="feedback" style="color: #f00"></span> <span id="feedback" style="color: #f00"></span>
<br/>
<br/>
<div id="loading"> <div id="loading">
<img src="spinner.gif" /> <img src="spinner.gif" />
</div> </div>
<div id="cas_flow" class="login_flow" style="display:none" <div id="sso_flow" class="login_flow" style="display:none">
onclick="gotoCas(); return false;"> Single-sign on:
CAS Authentication: <button id="cas_button" style="margin: 10px">Log in</button> <form id="sso_form" action="/_matrix/client/r0/login/sso/redirect" method="get">
<input id="sso_redirect_url" type="hidden" name="redirectUrl" value=""/>
<input type="submit" value="Log in"/>
</form>
</div> </div>
<br/> <div id="password_flow" class="login_flow" style="display:none">
Password Authentication:
<form id="password_form" class="login_flow" style="display:none" <form onsubmit="matrixLogin.password_login(); return false;">
onsubmit="matrixLogin.password_login(); return false;">
<div>
Password Authentication:<br/>
<div style="text-align: center">
<input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" /> <input id="user_id" size="32" type="text" placeholder="Matrix ID (e.g. bob)" autocapitalize="off" autocorrect="off" />
<br/> <br/>
<input id="password" size="32" type="password" placeholder="Password"/> <input id="password" size="32" type="password" placeholder="Password"/>
<br/> <br/>
<button type="submit" style="margin: 10px">Log in</button> <input type="submit" value="Log in"/>
</div>
</div>
</form> </form>
</div>
<div id="no_login_types" type="button" class="login_flow" style="display:none"> <div id="no_login_types" type="button" class="login_flow" style="display:none">
Log in currently unavailable. Log in currently unavailable.

View File

@ -1,7 +1,8 @@
window.matrixLogin = { window.matrixLogin = {
endpoint: location.origin + "/_matrix/client/api/v1/login", endpoint: location.origin + "/_matrix/client/r0/login",
serverAcceptsPassword: false, serverAcceptsPassword: false,
serverAcceptsCas: false serverAcceptsCas: false,
serverAcceptsSso: false,
}; };
var submitPassword = function(user, pwd) { var submitPassword = function(user, pwd) {
@ -40,12 +41,6 @@ var errorFunc = function(err) {
} }
}; };
var gotoCas = function() {
var this_page = window.location.origin + window.location.pathname;
var redirect_url = matrixLogin.endpoint + "/cas/redirect?redirectUrl=" + encodeURIComponent(this_page);
window.location.replace(redirect_url);
}
var setFeedbackString = function(text) { var setFeedbackString = function(text) {
$("#feedback").text(text); $("#feedback").text(text);
}; };
@ -53,12 +48,18 @@ var setFeedbackString = function(text) {
var show_login = function() { var show_login = function() {
$("#loading").hide(); $("#loading").hide();
var this_page = window.location.origin + window.location.pathname;
$("#sso_redirect_url").val(encodeURIComponent(this_page));
if (matrixLogin.serverAcceptsPassword) { if (matrixLogin.serverAcceptsPassword) {
$("#password_form").show(); $("#password_flow").show();
} }
if (matrixLogin.serverAcceptsCas) { if (matrixLogin.serverAcceptsSso) {
$("#cas_flow").show(); $("#sso_flow").show();
} else if (matrixLogin.serverAcceptsCas) {
$("#sso_form").attr("action", "/_matrix/client/r0/login/cas/redirect");
$("#sso_flow").show();
} }
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) { if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) {
@ -67,8 +68,8 @@ var show_login = function() {
}; };
var show_spinner = function() { var show_spinner = function() {
$("#password_form").hide(); $("#password_flow").hide();
$("#cas_flow").hide(); $("#sso_flow").hide();
$("#no_login_types").hide(); $("#no_login_types").hide();
$("#loading").show(); $("#loading").show();
}; };
@ -84,7 +85,10 @@ var fetch_info = function(cb) {
matrixLogin.serverAcceptsCas = true; matrixLogin.serverAcceptsCas = true;
console.log("Server accepts CAS"); console.log("Server accepts CAS");
} }
if ("m.login.sso" === flow.type) {
matrixLogin.serverAcceptsSso = true;
console.log("Server accepts SSO");
}
if ("m.login.password" === flow.type) { if ("m.login.password" === flow.type) {
matrixLogin.serverAcceptsPassword = true; matrixLogin.serverAcceptsPassword = true;
console.log("Server accepts password"); console.log("Server accepts password");

View File

@ -19,30 +19,23 @@ a:hover { color: #000; }
a:active { color: #000; } a:active { color: #000; }
input { input {
width: 90%
}
textarea, input {
font-family: inherit;
font-size: inherit;
margin: 5px; margin: 5px;
} }
.smallPrint { textbox, input[type="text"], input[type="password"] {
color: #888; width: 90%;
font-size: 9pt ! important;
font-style: italic ! important;
} }
.g-recaptcha div { form {
margin: auto; text-align: center;
margin: 10px 0 0 0;
} }
.login_flow { .login_flow {
width: 300px;
text-align: left; text-align: left;
padding: 10px; padding: 10px;
margin-bottom: 40px; margin-bottom: 40px;
display: inline-block;
-webkit-border-radius: 10px; -webkit-border-radius: 10px;
-moz-border-radius: 10px; -moz-border-radius: 10px;