summary refs log tree commit diff
path: root/synapse/config/sso.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Default value for `public_baseurl` (#11210)Richard van der Hoff2021-11-081-11/+7
| | | | | We might as well use a default value for `public_baseurl` based on `server_name` - in many cases, it will be correct.
* Require direct references to configuration variables. (#10985)Patrick Cloke2021-10-061-2/+4
| | | | | | This removes the magic allowing accessing configurable variables directly from the config object. It is now required that a specific configuration class is used (e.g. `config.foo` must be replaced with `config.server.foo`).
* Add a warning when using deprecated template_dir settings (#10768)Brendan Abolivier2021-09-061-0/+13
| | | The deprecation itself happened in #10596 which shipped with Synapse v1.41.0. However, it doesn't seem fair to suddenly drop support for these settings in ~4-6w without being more vocal about said deprecation.
* Centralise the custom template directory (#10596)Brendan Abolivier2021-08-171-164/+9
| | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* Allow using several custom template directories (#10587)Brendan Abolivier2021-08-171-1/+1
| | | Allow using several directories in read_templates.
* Use inline type hints in various other places (in `synapse/`) (#10380)Jonathan de Jong2021-07-151-1/+1
|
* Implement config option `sso.update_profile_information` (#10108)jkanefendt2021-06-211-0/+15
| | | | | | Implemented config option sso.update_profile_information to keep user's display name in sync with the SSO displayname. Signed-off-by: Johannes Kanefendt <johannes.kanefendt@krzn.de>
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-2/+1
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-5/+8
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-5/+8
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Combine the CAS & SAML implementations for required attributes. (#9326)Patrick Cloke2021-02-111-1/+18
|/
* Clarify documentation about escaping URLs in templates. (#9310)Patrick Cloke2021-02-031-10/+4
|
* Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-011-0/+22
|
* Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-0/+15
| | | fixes #9171
* Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-2/+31
| | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
* Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-011-1/+13
|
* Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-8/+5
|
* Give the user a better error when they present bad SSO credsRichard van der Hoff2021-01-131-0/+10
| | | | | | | | | If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+27
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Clarify config template comments (#8891)Richard van der Hoff2020-12-081-5/+2
|
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-171-15/+22
| | | Fixes https://github.com/matrix-org/synapse/issues/6583
* Cleanups to the OpenID Connect integration (#7628)Richard van der Hoff2020-06-031-1/+2
| | | | docs, default configs, comments. Nothing very significant.
* Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-7/+10
|
* Add documentation to the sample config about the templates for SSO. (#7343)Patrick Cloke2020-04-241-0/+24
|
* Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-0/+6
|
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-0/+7
|
* Always whitelist the login fallback for SSO (#7153)Richard van der Hoff2020-03-271-0/+15
| | | | | | | That fallback sets the redirect URL to itself (so it can process the login token then return gracefully to the client). This would make it pointless to ask the user for confirmation, since the URL the confirmation page would be showing wouldn't be the client's.
* Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-1/+1
|
* Add a whitelist for the SSO confirmation step.Richard van der Hoff2020-03-021-0/+18
|
* Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-021-0/+74