From 63d96bfc61fcbf53e9607c63f215d2dde387de29 Mon Sep 17 00:00:00 2001
From: Andrew Yasinishyn <yasinishyn.a.n@gmail.com>
Date: Fri, 1 Dec 2023 16:31:50 +0200
Subject: ModuleAPI SSO auth callbacks (#15207)

Signed-off-by: Andrii Yasynyshyn yasinishyn.a.n@gmail.com
---
 synapse/handlers/auth.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'synapse/handlers/auth.py')

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 2b0c505130..89cbaff864 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -212,6 +212,7 @@ class AuthHandler:
         self._password_enabled_for_reauth = hs.config.auth.password_enabled_for_reauth
         self._password_localdb_enabled = hs.config.auth.password_localdb_enabled
         self._third_party_rules = hs.get_module_api_callbacks().third_party_event_rules
+        self._account_validity_handler = hs.get_account_validity_handler()
 
         # Ratelimiter for failed auth during UIA. Uses same ratelimit config
         # as per `rc_login.failed_attempts`.
@@ -1783,6 +1784,13 @@ class AuthHandler:
             client_redirect_url, "loginToken", login_token
         )
 
+        # Run post-login module callback handlers
+        await self._account_validity_handler.on_user_login(
+            user_id=registered_user_id,
+            auth_provider_type=LoginType.SSO,
+            auth_provider_id=auth_provider_id,
+        )
+
         # if the client is whitelisted, we can redirect straight to it
         if client_redirect_url.startswith(self._whitelisted_sso_clients):
             request.redirect(redirect_url)
-- 
cgit 1.5.1