diff options
| author | Brendan Abolivier <babolivier@matrix.org> | 2020-03-10 13:49:11 +0000 |
|---|---|---|
| committer | Brendan Abolivier <babolivier@matrix.org> | 2020-03-10 13:59:22 +0000 |
| commit | 6b0efe73e21a5d346111df4dd367bc39a03108bb (patch) | |
| tree | 0e20756775f5c628bc33d3b5b2a5b51a425cc70e /synapse/handlers | |
| parent | Merge pull request #7055 from matrix-org/babolivier/get_time_of_last_push_act... (diff) | |
| download | synapse-6b0efe73e21a5d346111df4dd367bc39a03108bb.tar.xz | |
SAML2: render a comprehensible error page if something goes wrong
If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error.
Diffstat (limited to 'synapse/handlers')
| -rw-r--r-- | synapse/handlers/saml_handler.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py index 9406753393..72c109981b 100644 --- a/synapse/handlers/saml_handler.py +++ b/synapse/handlers/saml_handler.py @@ -23,6 +23,7 @@ from saml2.client import Saml2Client from synapse.api.errors import SynapseError from synapse.config import ConfigError +from synapse.http.server import finish_request from synapse.http.servlet import parse_string from synapse.module_api import ModuleApi from synapse.types import ( @@ -73,6 +74,8 @@ class SamlHandler: # a lock on the mappings self._mapping_lock = Linearizer(name="saml_mapping", clock=self._clock) + self._error_html_content = hs.config.saml2_error_html_content + def handle_redirect_request(self, client_redirect_url): """Handle an incoming request to /login/sso/redirect @@ -114,7 +117,22 @@ class SamlHandler: # the dict. self.expire_sessions() - user_id = await self._map_saml_response_to_user(resp_bytes, relay_state) + try: + user_id = await self._map_saml_response_to_user(resp_bytes, relay_state) + except Exception as e: + # If decoding the response or mapping it to a user failed, then log the + # error and tell the user that something went wrong. + logger.error(e) + + request.setResponseCode(400) + request.setHeader(b"Content-Type", b"text/html; charset=utf-8") + request.setHeader( + b"Content-Length", b"%d" % (len(self._error_html_content),) + ) + request.write(self._error_html_content.encode("utf8")) + finish_request(request) + return + self._auth_handler.complete_sso_login(user_id, request, relay_state) async def _map_saml_response_to_user(self, resp_bytes, client_redirect_url): |