diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2021-01-20 13:55:14 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-20 08:55:14 -0500 |
commit | e51b2f3f912534c8f6af70c746c993352a05c1be (patch) | |
tree | 07f43a599c078d9c2861d0035def617fb2a33a39 /synapse/config/oidc_config.py | |
parent | Support icons for Identity Providers (#9154) (diff) | |
download | synapse-e51b2f3f912534c8f6af70c746c993352a05c1be.tar.xz |
Tighten the restrictions on `idp_id` (#9177)
Diffstat (limited to '')
-rw-r--r-- | synapse/config/oidc_config.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/synapse/config/oidc_config.py b/synapse/config/oidc_config.py index f257fcd412..8cb0c42f36 100644 --- a/synapse/config/oidc_config.py +++ b/synapse/config/oidc_config.py @@ -331,17 +331,23 @@ def _parse_oidc_config_dict( config_path + ("user_mapping_provider", "module"), ) - # MSC2858 will appy certain limits in what can be used as an IdP id, so let's + # MSC2858 will apply certain limits in what can be used as an IdP id, so let's # enforce those limits now. + # TODO: factor out this stuff to a generic function idp_id = oidc_config.get("idp_id", "oidc") - valid_idp_chars = set(string.ascii_letters + string.digits + "-._~") + valid_idp_chars = set(string.ascii_lowercase + string.digits + "-._") if any(c not in valid_idp_chars for c in idp_id): raise ConfigError( - 'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"', + 'idp_id may only contain a-z, 0-9, "-", ".", "_"', config_path + ("idp_id",), ) + if idp_id[0] not in string.ascii_lowercase: + raise ConfigError( + "idp_id must start with a-z", config_path + ("idp_id",), + ) + # MSC2858 also specifies that the idp_icon must be a valid MXC uri idp_icon = oidc_config.get("idp_icon") if idp_icon is not None: |