Add configuration setting for CAS protocol version (#15816)

author: Aurélien Grimpard <aurelien@grimpard.net> 2023-08-24 22:11:23 +0200
committer: GitHub <noreply@github.com> 2023-08-24 16:11:23 -0400
commit: aeeca2a62ebfb601efa7930acae0897c8d3e43df (patch)
tree: ed4401902543aebd0ac8090472fe01d4a68e993f /synapse
parent: Bump anyhow from 1.0.72 to 1.0.75 (#16141) (diff)
download: synapse-aeeca2a62ebfb601efa7930acae0897c8d3e43df.tar.xz
2 files changed, 17 insertions, 2 deletions
diff --git a/synapse/config/cas.py b/synapse/config/cas.py
index c4e63e7411..6e2d9addbf 100644
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@@ -18,7 +18,7 @@ from typing import Any, List
 from synapse.config.sso import SsoAttributeRequirement
 from synapse.types import JsonDict
 
-from ._base import Config
+from ._base import Config, ConfigError
 from ._util import validate_config
 
 
@@ -41,6 +41,16 @@ class CasConfig(Config):
             public_baseurl = self.root.server.public_baseurl
             self.cas_service_url = public_baseurl + "_matrix/client/r0/login/cas/ticket"
 
+            self.cas_protocol_version = cas_config.get("protocol_version")
+            if (
+                self.cas_protocol_version is not None
+                and self.cas_protocol_version not in [1, 2, 3]
+            ):
+                raise ConfigError(
+                    "Unsupported CAS protocol version %s (only versions 1, 2, 3 are supported)"
+                    % (self.cas_protocol_version,),
+                    ("cas_config", "protocol_version"),
+                )
             self.cas_displayname_attribute = cas_config.get("displayname_attribute")
             required_attributes = cas_config.get("required_attributes") or {}
             self.cas_required_attributes = _parsed_required_attributes_def(
@@ -54,6 +64,7 @@ class CasConfig(Config):
         else:
             self.cas_server_url = None
             self.cas_service_url = None
+            self.cas_protocol_version = None
             self.cas_displayname_attribute = None
             self.cas_required_attributes = []
 
diff --git a/synapse/handlers/cas.py b/synapse/handlers/cas.py
index 5c71637038..a850545453 100644
--- a/synapse/handlers/cas.py
+++ b/synapse/handlers/cas.py
@@ -67,6 +67,7 @@ class CasHandler:
 
         self._cas_server_url = hs.config.cas.cas_server_url
         self._cas_service_url = hs.config.cas.cas_service_url
+        self._cas_protocol_version = hs.config.cas.cas_protocol_version
         self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
         self._cas_required_attributes = hs.config.cas.cas_required_attributes
 
@@ -121,7 +122,10 @@ class CasHandler:
         Returns:
             The parsed CAS response.
         """
-        uri = self._cas_server_url + "/proxyValidate"
+        if self._cas_protocol_version == 3:
+            uri = self._cas_server_url + "/p3/proxyValidate"
+        else:
+            uri = self._cas_server_url + "/proxyValidate"
         args = {
             "ticket": ticket,
             "service": self._build_service_param(service_args),
author	Aurélien Grimpard <aurelien@grimpard.net>	2023-08-24 22:11:23 +0200
committer	GitHub <noreply@github.com>	2023-08-24 16:11:23 -0400
commit	aeeca2a62ebfb601efa7930acae0897c8d3e43df (patch)
tree	ed4401902543aebd0ac8090472fe01d4a68e993f /synapse
parent	Bump anyhow from 1.0.72 to 1.0.75 (#16141) (diff)
download	synapse-aeeca2a62ebfb601efa7930acae0897c8d3e43df.tar.xz