diff options
| author | Andrew Yasinishyn <yasinishyn.a.n@gmail.com> | 2023-12-01 16:31:50 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-01 14:31:50 +0000 |
| commit | 63d96bfc61fcbf53e9607c63f215d2dde387de29 (patch) | |
| tree | 59f4d2bab25d0b39e291cc1063132170f846eec9 /synapse/handlers | |
| parent | Drop unused tables & unneeded access token ID for events. (#16522) (diff) | |
| download | synapse-63d96bfc61fcbf53e9607c63f215d2dde387de29.tar.xz | |
ModuleAPI SSO auth callbacks (#15207)
Signed-off-by: Andrii Yasynyshyn yasinishyn.a.n@gmail.com
Diffstat (limited to 'synapse/handlers')
| -rw-r--r-- | synapse/handlers/account_validity.py | 16 | ||||
| -rw-r--r-- | synapse/handlers/auth.py | 8 |
2 files changed, 24 insertions, 0 deletions
diff --git a/synapse/handlers/account_validity.py b/synapse/handlers/account_validity.py index 6c2a49a3b9..c66bb6364f 100644 --- a/synapse/handlers/account_validity.py +++ b/synapse/handlers/account_validity.py @@ -98,6 +98,22 @@ class AccountValidityHandler: for callback in self._module_api_callbacks.on_user_registration_callbacks: await callback(user_id) + async def on_user_login( + self, + user_id: str, + auth_provider_type: Optional[str], + auth_provider_id: Optional[str], + ) -> None: + """Tell third-party modules about a user logins. + + Args: + user_id: The mxID of the user. + auth_provider_type: The type of login. + auth_provider_id: The ID of the auth provider. + """ + for callback in self._module_api_callbacks.on_user_login_callbacks: + await callback(user_id, auth_provider_type, auth_provider_id) + @wrap_as_background_process("send_renewals") async def _send_renewal_emails(self) -> None: """Gets the list of users whose account is expiring in the amount of time diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 2b0c505130..89cbaff864 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -212,6 +212,7 @@ class AuthHandler: self._password_enabled_for_reauth = hs.config.auth.password_enabled_for_reauth self._password_localdb_enabled = hs.config.auth.password_localdb_enabled self._third_party_rules = hs.get_module_api_callbacks().third_party_event_rules + self._account_validity_handler = hs.get_account_validity_handler() # Ratelimiter for failed auth during UIA. Uses same ratelimit config # as per `rc_login.failed_attempts`. @@ -1783,6 +1784,13 @@ class AuthHandler: client_redirect_url, "loginToken", login_token ) + # Run post-login module callback handlers + await self._account_validity_handler.on_user_login( + user_id=registered_user_id, + auth_provider_type=LoginType.SSO, + auth_provider_id=auth_provider_id, + ) + # if the client is whitelisted, we can redirect straight to it if client_redirect_url.startswith(self._whitelisted_sso_clients): request.redirect(redirect_url) |