summary refs log tree commit diff
path: root/synapse/config/experimental.py
diff options
context:
space:
mode:
authorQuentin Gliech <quenting@element.io>2023-05-26 14:50:19 +0200
committerPatrick Cloke <clokep@users.noreply.github.com>2023-05-30 09:43:06 -0400
commit32a2f050042531ad4673b42789e833e9cd307740 (patch)
tree6df6ae800d27076ac4795d41c548b5ccad3d0016 /synapse/config/experimental.py
parentReject tokens with multiple device scopes (diff)
downloadsynapse-32a2f050042531ad4673b42789e833e9cd307740.tar.xz
Make the config tests spawn the homeserver only when needed
Diffstat (limited to 'synapse/config/experimental.py')
-rw-r--r--synapse/config/experimental.py40


1 files changed, 28 insertions, 12 deletions
diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index d4dff22b0b..1d189b2e26 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -69,7 +69,8 @@ class MSC3861:
         if value and not HAS_AUTHLIB:
             raise ConfigError(
                 "MSC3861 is enabled but authlib is not installed. "
-                "Please install authlib to use MSC3861."
+                "Please install authlib to use MSC3861.",
+                ("experimental", "msc3861", "enabled"),
             )
 
     issuer: str = attr.ib(default="", validator=attr.validators.instance_of(str))
@@ -114,7 +115,8 @@ class MSC3861:
 
         if value == ClientAuthMethod.PRIVATE_KEY_JWT and self.jwk is None:
             raise ConfigError(
-                "A JWKS must be provided when using the private_key_jwt client auth method"
+                "A JWKS must be provided when using the private_key_jwt client auth method",
+                ("experimental", "msc3861", "client_auth_method"),
             )
 
         if (
@@ -127,7 +129,8 @@ class MSC3861:
             and self.client_secret is None
         ):
             raise ConfigError(
-                f"A client secret must be provided when using the {value} client auth method"
+                f"A client secret must be provided when using the {value} client auth method",
+                ("experimental", "msc3861", "client_auth_method"),
             )
 
     account_management_url: Optional[str] = attr.ib(
@@ -160,12 +163,14 @@ class MSC3861:
             or root.auth.password_enabled_for_login
         ):
             raise ConfigError(
-                "Password auth cannot be enabled when OAuth delegation is enabled"
+                "Password auth cannot be enabled when OAuth delegation is enabled",
+                ("password_config", "enabled"),
             )
 
         if root.registration.enable_registration:
             raise ConfigError(
-                "Registration cannot be enabled when OAuth delegation is enabled"
+                "Registration cannot be enabled when OAuth delegation is enabled",
+                ("enable_registration",),
             )
 
         if (
@@ -183,32 +188,38 @@ class MSC3861:
 
         if root.captcha.enable_registration_captcha:
             raise ConfigError(
-                "CAPTCHA cannot be enabled when OAuth delegation is enabled"
+                "CAPTCHA cannot be enabled when OAuth delegation is enabled",
+                ("captcha", "enable_registration_captcha"),
             )
 
         if root.experimental.msc3882_enabled:
             raise ConfigError(
-                "MSC3882 cannot be enabled when OAuth delegation is enabled"
+                "MSC3882 cannot be enabled when OAuth delegation is enabled",
+                ("experimental_features", "msc3882_enabled"),
             )
 
         if root.registration.refresh_token_lifetime:
             raise ConfigError(
-                "refresh_token_lifetime cannot be set when OAuth delegation is enabled"
+                "refresh_token_lifetime cannot be set when OAuth delegation is enabled",
+                ("refresh_token_lifetime",),
             )
 
         if root.registration.nonrefreshable_access_token_lifetime:
             raise ConfigError(
-                "nonrefreshable_access_token_lifetime cannot be set when OAuth delegation is enabled"
+                "nonrefreshable_access_token_lifetime cannot be set when OAuth delegation is enabled",
+                ("nonrefreshable_access_token_lifetime",),
             )
 
         if root.registration.session_lifetime:
             raise ConfigError(
-                "session_lifetime cannot be set when OAuth delegation is enabled"
+                "session_lifetime cannot be set when OAuth delegation is enabled",
+                ("session_lifetime",),
             )
 
         if not root.experimental.msc3970_enabled:
             raise ConfigError(
-                "experimental_features.msc3970_enabled must be 'true' when OAuth delegation is enabled"
+                "experimental_features.msc3970_enabled must be 'true' when OAuth delegation is enabled",
+                ("experimental_features", "msc3970_enabled"),
             )
 
 
@@ -373,7 +384,12 @@ class ExperimentalConfig(Config):
         )
 
         # MSC3861: Matrix architecture change to delegate authentication via OIDC
-        self.msc3861 = MSC3861(**experimental.get("msc3861", {}))
+        try:
+            self.msc3861 = MSC3861(**experimental.get("msc3861", {}))
+        except ValueError as exc:
+            raise ConfigError(
+                "Invalid MSC3861 configuration", ("experimental", "msc3861")
+            ) from exc
 
         # MSC3970: Scope transaction IDs to devices
         self.msc3970_enabled = experimental.get("msc3970_enabled", self.msc3861.enabled)

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-01 09:26:38 +0000