summary refs log tree commit diff
path: root/synapse/rest/synapse (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add back the deprecated SAML endpoint. (#9474)Patrick Cloke2021-02-231-1/+6
|
* Remove deprecated SAML2 callback URL since it does not work. (#9434)Patrick Cloke2021-02-181-5/+1
| | | | Updates documentation from #9289 and removes a deprecated endpoint which didn't work as expected.
* Support for form_post in OIDC responses (#9376)Richard van der Hoff2021-02-171-1/+12
| | | Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
* Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-024-3/+114
|
* Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-013-2/+63
|
* Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+99
|
* Make importing display name and email optional (#9277)Richard van der Hoff2021-02-011-3/+11
|
* Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-20/+59
| | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
* Fix SSO on workers (#9271)Richard van der Hoff2021-02-011-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
* Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-012-10/+56
| | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-1/+3
| | | | | | | | | | | | | | | | * Factor out a common TestHtmlParser Looks like I'm doing this in a few different places. * Improve OIDC login test Complete the OIDC login flow, rather than giving up halfway through. * Ensure that OIDC login works with multiple OIDC providers * Fix bugs in handling clientRedirectUrl - don't drop duplicate query-params, or params with no value - allow utf-8 in query-params
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+82
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-0/+88
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-103-0/+155
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.