diff options
author | Jason Robinson <jasonr@matrix.org> | 2021-01-23 21:41:35 +0200 |
---|---|---|
committer | Jason Robinson <jasonr@matrix.org> | 2021-01-23 21:41:35 +0200 |
commit | 8965b6cfec8a1de847efe3d1be4b9babf4622e2e (patch) | |
tree | 4551f104ee2ce840689aa5ecffa939938482ffd5 /synapse/config/sso.py | |
parent | Add depth and received_ts to forward_extremities admin API response (diff) | |
parent | Return a 404 if no valid thumbnail is found. (#9163) (diff) | |
download | synapse-8965b6cfec8a1de847efe3d1be4b9babf4622e2e.tar.xz |
Merge branch 'develop' into jaywink/admin-forward-extremities
Diffstat (limited to 'synapse/config/sso.py')
-rw-r--r-- | synapse/config/sso.py | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/synapse/config/sso.py b/synapse/config/sso.py index 1aeb1c5c92..59be825532 100644 --- a/synapse/config/sso.py +++ b/synapse/config/sso.py @@ -37,6 +37,7 @@ class SSOConfig(Config): self.sso_error_template, sso_account_deactivated_template, sso_auth_success_template, + self.sso_auth_bad_user_template, ) = self.read_templates( [ "sso_login_idp_picker.html", @@ -45,6 +46,7 @@ class SSOConfig(Config): "sso_error.html", "sso_account_deactivated.html", "sso_auth_success.html", + "sso_auth_bad_user.html", ], template_dir, ) @@ -62,11 +64,8 @@ class SSOConfig(Config): # gracefully to the client). This would make it pointless to ask the user for # confirmation, since the URL the confirmation page would be showing wouldn't be # the client's. - # public_baseurl is an optional setting, so we only add the fallback's URL to the - # list if it's provided (because we can't figure out what that URL is otherwise). - if self.public_baseurl: - login_fallback_url = self.public_baseurl + "_matrix/static/client/login" - self.sso_client_whitelist.append(login_fallback_url) + login_fallback_url = self.public_baseurl + "_matrix/static/client/login" + self.sso_client_whitelist.append(login_fallback_url) def generate_config_section(self, **kwargs): return """\ @@ -84,9 +83,9 @@ class SSOConfig(Config): # phishing attacks from evil.site. To avoid this, include a slash after the # hostname: "https://my.client/". # - # If public_baseurl is set, then the login fallback page (used by clients - # that don't natively support the required login flows) is whitelisted in - # addition to any URLs in this list. + # The login fallback page (used by clients that don't natively support the + # required login flows) is automatically whitelisted in addition to any URLs + # in this list. # # By default, this list is empty. # @@ -160,6 +159,14 @@ class SSOConfig(Config): # # This template has no additional variables. # + # * HTML page shown after a user-interactive authentication session which + # does not map correctly onto the expected user: 'sso_auth_bad_user.html'. + # + # When rendering, this template is given the following variables: + # * server_name: the homeserver's name. + # * user_id_to_verify: the MXID of the user that we are trying to + # validate. + # # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) # attempts to login: 'sso_account_deactivated.html'. # |