summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorQuentin Gliech <quenting@element.io>2022-09-27 15:38:14 +0200
committerGitHub <noreply@github.com>2022-09-27 14:38:14 +0100
commit50c92f3a692a745d2b42f9731af4da493fa27715 (patch)
tree34652c0b269047168978754d21148ec97182b3ac /synapse/handlers
parentMerge branch 'master' into develop (diff)
downloadsynapse-50c92f3a692a745d2b42f9731af4da493fa27715.tar.xz
Carry IdP Session IDs through user-mapping sessions. (#13839)
Since #11482, we're saving sessions IDs from upstream IdPs, but we've been losing them when the user goes through a user mapping session on account registration.
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/sso.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/handlers/sso.py b/synapse/handlers/sso.py
index 6bc1cbd787..e035677b8a 100644
--- a/synapse/handlers/sso.py
+++ b/synapse/handlers/sso.py
@@ -147,6 +147,9 @@ class UsernameMappingSession:
     # A unique identifier for this SSO provider, e.g.  "oidc" or "saml".
     auth_provider_id: str
 
+    # An optional session ID from the IdP.
+    auth_provider_session_id: Optional[str]
+
     # user ID on the IdP server
     remote_user_id: str
 
@@ -464,6 +467,7 @@ class SsoHandler:
                         client_redirect_url,
                         next_step_url,
                         extra_login_attributes,
+                        auth_provider_session_id,
                     )
 
                 user_id = await self._register_mapped_user(
@@ -585,6 +589,7 @@ class SsoHandler:
         client_redirect_url: str,
         next_step_url: bytes,
         extra_login_attributes: Optional[JsonDict],
+        auth_provider_session_id: Optional[str],
     ) -> NoReturn:
         """Creates a UsernameMappingSession and redirects the browser
 
@@ -607,6 +612,8 @@ class SsoHandler:
             extra_login_attributes: An optional dictionary of extra
                 attributes to be provided to the client in the login response.
 
+            auth_provider_session_id: An optional session ID from the IdP.
+
         Raises:
             RedirectException
         """
@@ -615,6 +622,7 @@ class SsoHandler:
         now = self._clock.time_msec()
         session = UsernameMappingSession(
             auth_provider_id=auth_provider_id,
+            auth_provider_session_id=auth_provider_session_id,
             remote_user_id=remote_user_id,
             display_name=attributes.display_name,
             emails=attributes.emails,
@@ -968,6 +976,7 @@ class SsoHandler:
             session.client_redirect_url,
             session.extra_login_attributes,
             new_user=True,
+            auth_provider_session_id=session.auth_provider_session_id,
         )
 
     def _expire_old_sessions(self) -> None: