summary refs log tree commit diff
path: root/synapse/handlers/sso.py
diff options
context:
space:
mode:
authormeise <meise@users.noreply.github.com>2025-02-10 16:36:21 +0100
committerGitHub <noreply@github.com>2025-02-10 15:36:21 +0000
commit8f07ef5c93baed5b1259ed9ce3ed1087b7a2d168 (patch)
tree412f7ffb320f0edd3af6c68cf6cdc3d406d28d06 /synapse/handlers/sso.py
parentDon't log exceptions for obviously incorrect stream tokens (#18139) (diff)
downloadsynapse-8f07ef5c93baed5b1259ed9ce3ed1087b7a2d168.tar.xz
feat: Allow multiple values for SSO attribute_requirements via comma separation (#17949)
In the current `attribute_requirements` implementation it is only
possible to allow exact matching attribute values. Multiple allowed
values for one attribute are not possible as described in #13238.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

---------

Co-authored-by: Sebastian Neuser <pzkz@infra.run>
Co-authored-by: Quentin Gliech <quenting@element.io>
Diffstat (limited to 'synapse/handlers/sso.py')
-rw-r--r--synapse/handlers/sso.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/synapse/handlers/sso.py b/synapse/handlers/sso.py

index cee2eefbb3..531ed57110 100644
--- a/synapse/handlers/sso.py
+++ b/synapse/handlers/sso.py
@@ -1277,12 +1277,16 @@ def _check_attribute_requirement(
         return False
 
     # If the requirement is None, the attribute existing is enough.
-    if req.value is None:
+    if req.value is None and req.one_of is None:
         return True
 
     values = attributes[req.attribute]
     if req.value in values:
         return True
+    if req.one_of:
+        for value in req.one_of:
+            if value in values:
+                return True
 
     logger.info(
         "SSO attribute %s did not match required value '%s' (was '%s')",
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-30 19:57:36 +0000