diff options
author | Quentin Gliech <quenting@element.io> | 2023-05-10 16:08:43 +0200 |
---|---|---|
committer | Patrick Cloke <clokep@users.noreply.github.com> | 2023-05-30 09:43:06 -0400 |
commit | 31691d61511d41286272d779727502e396ce86eb (patch) | |
tree | 54be19a491abb565e5d4e9eb8394d627d69c2e36 /synapse/handlers/auth.py | |
parent | Actually enforce guest + return www-authenticate header (diff) | |
download | synapse-31691d61511d41286272d779727502e396ce86eb.tar.xz |
Disable account related endpoints when using OAuth delegation
Diffstat (limited to 'synapse/handlers/auth.py')
-rw-r--r-- | synapse/handlers/auth.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index d001f2fb2f..a53984be33 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -274,6 +274,8 @@ class AuthHandler: # response. self._extra_attributes: Dict[str, SsoLoginExtraAttributes] = {} + self.oauth_delegation_enabled = hs.config.auth.oauth_delegation_enabled + async def validate_user_via_ui_auth( self, requester: Requester, @@ -322,8 +324,12 @@ class AuthHandler: LimitExceededError if the ratelimiter's failed request count for this user is too high to proceed - """ + if self.oauth_delegation_enabled: + raise SynapseError( + HTTPStatus.INTERNAL_SERVER_ERROR, "UIA shouldn't be used with MSC3861" + ) + if not requester.access_token_id: raise ValueError("Cannot validate a user without an access token") if can_skip_ui_auth and self._ui_auth_session_timeout: |