Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Tighten the restrictions on idp_id #9177

Merged
merged 3 commits into from
Jan 20, 2021
Merged

Tighten the restrictions on idp_id #9177

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3be0d8d
Tighten the restrictions on `idp_id`
richvdh Jan 20, 2021
7afd38c
Merge branch 'release-v1.26.0' into rav/idp_id_validity
clokep Jan 20, 2021
678c9bd
Fix typo.
clokep Jan 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/9177.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add support for multiple SSO Identity Providers.
10 changes: 8 additions & 2 deletions synapse/config/oidc_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,15 +327,21 @@ def _parse_oidc_config_dict(

# MSC2858 will appy certain limits in what can be used as an IdP id, so let's
# enforce those limits now.
# TODO: factor out this stuff to a generic function
idp_id = oidc_config.get("idp_id", "oidc")
valid_idp_chars = set(string.ascii_letters + string.digits + "-._~")
valid_idp_chars = set(string.ascii_lowercase + string.digits + "-._")

if any(c not in valid_idp_chars for c in idp_id):
raise ConfigError(
'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"',
'idp_id may only contain a-z, 0-9, "-", ".", "_"',
config_path + ("idp_id",),
)

if idp_id[0] not in string.ascii_lowercase:
raise ConfigError(
"idp_id must start with a-z", config_path + ("idp_id",),
)

return OidcProviderConfig(
idp_id=idp_id,
idp_name=oidc_config.get("idp_name", "OIDC"),
Expand Down