diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2020-12-15 20:56:10 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-15 20:56:10 +0000 |
commit | 01333681bc3db22541b49c194f5121a5415731c6 (patch) | |
tree | 981ef761d171545ec4d31f078bce355d819a4085 /synapse/handlers/saml_handler.py | |
parent | Fix handling of stream tokens for push. (#8943) (diff) | |
download | synapse-01333681bc3db22541b49c194f5121a5415731c6.tar.xz |
Preparatory refactoring of the SamlHandlerTestCase (#8938)
* move simple_async_mock to test_utils ... so that it can be re-used * Remove references to `SamlHandler._map_saml_response_to_user` from tests This method is going away, so we can no longer use it as a test point. Instead, factor out a higher-level method which takes a SAML object, and verify correct behaviour by mocking out `AuthHandler.complete_sso_login`. * changelog
Diffstat (limited to 'synapse/handlers/saml_handler.py')
-rw-r--r-- | synapse/handlers/saml_handler.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py index f2ca1ddb53..6001fe3e27 100644 --- a/synapse/handlers/saml_handler.py +++ b/synapse/handlers/saml_handler.py @@ -163,6 +163,29 @@ class SamlHandler(BaseHandler): return logger.debug("SAML2 response: %s", saml2_auth.origxml) + + await self._handle_authn_response(request, saml2_auth, relay_state) + + async def _handle_authn_response( + self, + request: SynapseRequest, + saml2_auth: saml2.response.AuthnResponse, + relay_state: str, + ) -> None: + """Handle an AuthnResponse, having parsed it from the request params + + Assumes that the signature on the response object has been checked. Maps + the user onto an MXID, registering them if necessary, and returns a response + to the browser. + + Args: + request: the incoming request from the browser. We'll respond to it with an + HTML page or a redirect + saml2_auth: the parsed AuthnResponse object + relay_state: the RelayState query param, which encodes the URI to rediret + back to + """ + for assertion in saml2_auth.assertions: # kibana limits the length of a log field, whereas this is all rather # useful, so split it up. |