diff options
| author | Hugh Nimmo-Smith <hughns@users.noreply.github.com> | 2023-08-22 12:42:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-22 07:42:08 -0400 |
| commit | 7dbac123f98a2d59d09a63efe4543ee850a8d630 (patch) | |
| tree | 465085760bdc53e7d79322d44618c31d207de1a3 | |
| parent | Add `client_secret_path` as alternative for `client_secret` for OIDC config (... (diff) | |
| download | synapse-7dbac123f98a2d59d09a63efe4543ee850a8d630.tar.xz | |
Disallow user_consent where experimental MSC3861 is enabled (#16127)
| -rw-r--r-- | changelog.d/16127.bugfix | 1 | ||||
| -rw-r--r-- | synapse/config/experimental.py | 7 | ||||
| -rw-r--r-- | tests/config/test_oauth_delegation.py | 16 |
3 files changed, 24 insertions, 0 deletions
diff --git a/changelog.d/16127.bugfix b/changelog.d/16127.bugfix new file mode 100644 index 0000000000..0308fdfd45 --- /dev/null +++ b/changelog.d/16127.bugfix @@ -0,0 +1 @@ +User consent features cannot be enabled when using experimental MSC3861. diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py index ac9449b18f..d4cf9a0555 100644 --- a/synapse/config/experimental.py +++ b/synapse/config/experimental.py @@ -173,6 +173,13 @@ class MSC3861: ("enable_registration",), ) + # We only need to test the user consent version, as if it must be set if the user_consent section was present in the config + if root.consent.user_consent_version is not None: + raise ConfigError( + "User consent cannot be enabled when OAuth delegation is enabled", + ("user_consent",), + ) + if ( root.oidc.oidc_enabled or root.saml2.saml2_enabled diff --git a/tests/config/test_oauth_delegation.py b/tests/config/test_oauth_delegation.py index f57c813a58..35f7b85dc7 100644 --- a/tests/config/test_oauth_delegation.py +++ b/tests/config/test_oauth_delegation.py @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +import os from unittest.mock import Mock from synapse.config import ConfigError @@ -167,6 +168,21 @@ class MSC3861OAuthDelegation(TestCase): with self.assertRaises(ConfigError): self.parse_config() + def test_user_consent_cannot_be_enabled(self) -> None: + tmpdir = self.mktemp() + os.mkdir(tmpdir) + self.config_dict["user_consent"] = { + "require_at_registration": True, + "version": "1", + "template_dir": tmpdir, + "server_notice_content": { + "msgtype": "m.text", + "body": "foo", + }, + } + with self.assertRaises(ConfigError): + self.parse_config() + def test_password_config_cannot_be_enabled(self) -> None: self.config_dict["password_config"] = {"enabled": True} with self.assertRaises(ConfigError): |