diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2020-11-19 14:25:17 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-19 14:25:17 -0500 |
| commit | 79bfe966e08a2212cc2fae2b00f5efb2c2185543 (patch) | |
| tree | 91ebd35fefb641e1e9fa6398a56d16ed51f92a01 /synapse/handlers/saml_handler.py | |
| parent | SAML: Allow specifying the IdP entityid to use. (#8630) (diff) | |
| download | synapse-79bfe966e08a2212cc2fae2b00f5efb2c2185543.tar.xz | |
Improve error checking for OIDC/SAML mapping providers (#8774)
Checks that the localpart returned by mapping providers for SAML and OIDC are valid before registering new users. Extends the OIDC tests for existing users and invalid data.
Diffstat (limited to 'synapse/handlers/saml_handler.py')
| -rw-r--r-- | synapse/handlers/saml_handler.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py index 9bf430b656..5d9b555b13 100644 --- a/synapse/handlers/saml_handler.py +++ b/synapse/handlers/saml_handler.py @@ -31,6 +31,7 @@ from synapse.http.site import SynapseRequest from synapse.module_api import ModuleApi from synapse.types import ( UserID, + contains_invalid_mxid_characters, map_username_to_mxid_localpart, mxid_localpart_allowed_characters, ) @@ -318,6 +319,11 @@ class SamlHandler(BaseHandler): "Unable to generate a Matrix ID from the SAML response" ) + # Since the localpart is provided via a potentially untrusted module, + # ensure the MXID is valid before registering. + if contains_invalid_mxid_characters(localpart): + raise MappingException("localpart is invalid: %s" % (localpart,)) + logger.info("Mapped SAML user to local part %s", localpart) registered_user_id = await self._registration_handler.register_user( localpart=localpart, |