Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allows CAS SSO flow to provide user IDs composed of numbers only #17098

Merged
merged 19 commits into from
May 14, 2024

Conversation

agrimpard
Copy link
Contributor

@agrimpard agrimpard commented Apr 16, 2024

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct
    (run the linters)

Signed-off-by: Aurélien Grimpard aurelien@grimpard.net

Why : We use CAS and we have user IDs with only numbers so we need a way to let them connect to Synapse with CAS

Allows CAS SSO flow to provide user IDs composed of numbers only which will be prefixed
Allows CAS SSO flow to provide user IDs composed of numbers only which will be prefixed
Allows CAS SSO flow to provide user IDs composed of numbers only which will be prefixed
Allows CAS SSO flow to provide user IDs composed of numbers only which will be prefixed
@agrimpard agrimpard requested a review from a team as a code owner April 16, 2024 15:58
@CLAassistant
Copy link

CLAassistant commented Apr 16, 2024

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:00 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:07 Active
Fix lint + miss c/p
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:12 Active
Reformate proposed by lint test ...
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:15 Active
unique def for test
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:23 Active
Fix useless %
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:26 Active
reformate proposed by lint test
@github-actions github-actions bot deployed to PR Documentation Preview April 16, 2024 16:30 Active
Copy link
Contributor

@reivilibre reivilibre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wasn't entirely meaning to review right now, but just an early look with a few comments, seems fine overall but I should look a bit more closely

synapse/config/cas.py Outdated Show resolved Hide resolved
docs/usage/configuration/config_documentation.md Outdated Show resolved Hide resolved
tests/handlers/test_cas.py Outdated Show resolved Hide resolved
@reivilibre reivilibre requested a review from a team April 16, 2024 16:47
@clokep
Copy link
Contributor

clokep commented Apr 16, 2024

I think for the other SSO providers we suggest using templates for this!

@agrimpard
Copy link
Contributor Author

I think for the other SSO providers we suggest using templates for this!

Are you thinking about user_mapping_provider ?
It is documented for OIDC but CAS is not inside OIDC and the parameter user_mapping_provider doesn't seems to be related to CAS.
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#cas_config

@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 09:19 Active
@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 09:25 Active
Removed test, need real devops !
@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 09:39 Active
Remove test, need real devops !
@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 09:41 Active
lower case prefix for uid
@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 11:47 Active
@clokep
Copy link
Contributor

clokep commented Apr 18, 2024

I think for the other SSO providers we suggest using templates for this!

Are you thinking about user_mapping_provider ? It is documented for OIDC but CAS is not inside OIDC and the parameter user_mapping_provider doesn't seems to be related to CAS. matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#oidc_providers matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#cas_config

Yes -- I wasn't suggesting it exists, but that there's benefit in doing things the same across the providers. You'll need to ask @reivilibre which way he prefers though!

lower case prefix uid
@github-actions github-actions bot deployed to PR Documentation Preview April 18, 2024 11:50 Active
Copy link
Member

@erikjohnston erikjohnston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're happy to land this as is

@erikjohnston erikjohnston merged commit 7d82987 into element-hq:develop May 14, 2024
40 checks passed
yingziwu added a commit to yingziwu/synapse that referenced this pull request Jun 7, 2024
No significant changes since 1.108.0rc1.

- Add a feature that allows clients to query the configured federation whitelist. Disabled by default. ([\#16848](element-hq/synapse#16848), [\#17199](element-hq/synapse#17199))
- Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard. ([\#17098](element-hq/synapse#17098))

- Fix bug where push rules would be empty in `/sync` for some accounts. Introduced in v1.93.0. ([\#17142](element-hq/synapse#17142))
- Add support for optional whitespace around the Federation API's `Authorization` header's parameter commas. ([\#17145](element-hq/synapse#17145))
- Fix bug where disabling room publication prevented public rooms being created on workers. ([\#17177](element-hq/synapse#17177), [\#17184](element-hq/synapse#17184))

- Document [`/v1/make_knock`](https://spec.matrix.org/v1.10/server-server-api/#get_matrixfederationv1make_knockroomiduserid) and [`/v1/send_knock/`](https://spec.matrix.org/v1.10/server-server-api/#put_matrixfederationv1send_knockroomideventid) federation endpoints as worker-compatible. ([\#17058](element-hq/synapse#17058))
- Update User Admin API with note about prefixing OIDC external_id providers. ([\#17139](element-hq/synapse#17139))
- Clarify the state of the created room when using the `autocreate_auto_join_room_preset` config option. ([\#17150](element-hq/synapse#17150))
- Update the Admin FAQ with the current libjemalloc version for latest Debian stable. Additionally update the name of the "push_rules" stream in the Workers documentation. ([\#17171](element-hq/synapse#17171))

- Add note to reflect that [MSC3886](matrix-org/matrix-spec-proposals#3886) is closed but will remain supported for some time. ([\#17151](element-hq/synapse#17151))
- Update dependency PyO3 to 0.21. ([\#17162](element-hq/synapse#17162))
- Fixes linter errors found in PR #17147. ([\#17166](element-hq/synapse#17166))
- Bump black from 24.2.0 to 24.4.2. ([\#17170](element-hq/synapse#17170))
- Cache literal sync filter validation for performance. ([\#17186](element-hq/synapse#17186))
- Improve performance by fixing a reactor pause. ([\#17192](element-hq/synapse#17192))
- Route `/make_knock` and `/send_knock` federation APIs to the federation reader worker in Complement test runs. ([\#17195](element-hq/synapse#17195))
- Prepare sync handler to be able to return different sync responses (`SyncVersion`). ([\#17200](element-hq/synapse#17200))
- Organize the sync cache key parameter outside of the sync config (separate concerns). ([\#17201](element-hq/synapse#17201))
- Refactor `SyncResultBuilder` assembly to its own function. ([\#17202](element-hq/synapse#17202))
- Rename to be obvious: `joined_rooms` -> `joined_room_ids`. ([\#17203](element-hq/synapse#17203), [\#17208](element-hq/synapse#17208))
- Add a short pause when rate-limiting a request. ([\#17210](element-hq/synapse#17210))

* Bump cryptography from 42.0.5 to 42.0.7. ([\#17180](element-hq/synapse#17180))
* Bump gitpython from 3.1.41 to 3.1.43. ([\#17181](element-hq/synapse#17181))
* Bump immutabledict from 4.1.0 to 4.2.0. ([\#17179](element-hq/synapse#17179))
* Bump sentry-sdk from 1.40.3 to 2.1.1. ([\#17178](element-hq/synapse#17178))
* Bump serde from 1.0.200 to 1.0.201. ([\#17183](element-hq/synapse#17183))
* Bump serde_json from 1.0.116 to 1.0.117. ([\#17182](element-hq/synapse#17182))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jun 18, 2024
# Synapse 1.109.0 (2024-06-18)

- Add the ability to auto-accept invites on the behalf of users. See
  the
  [`auto_accept_invites`](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#auto-accept-invites)
  config option for
  details. ([\#17147](element-hq/synapse#17147))

- Add experimental
  [MSC3575](matrix-org/matrix-spec-proposals#3575)
  Sliding Sync `/sync/e2ee` endpoint for to-device messages and device
  encryption
  info. ([\#17167](element-hq/synapse#17167))

- Support
  [MSC3916](matrix-org/matrix-spec-proposals#3916)
  by adding unstable media endpoints to
  `/_matrix/client`. ([\#17213](element-hq/synapse#17213))

- Add logging to tasks managed by the task scheduler, showing CPU and
  database
  usage. ([\#17219](element-hq/synapse#17219))


# Synapse 1.108.0 (2024-05-28)

- Add a feature that allows clients to query the configured federation
  whitelist. Disabled by
  default. ([\#16848](element-hq/synapse#16848),
  [\#17199](element-hq/synapse#17199))

- Add the ability to allow numeric user IDs with a specific prefix
  when in the CAS flow. Contributed by Aurélien
  Grimpard. ([\#17098](element-hq/synapse#17098))


Synapse 1.107.0 (2024-05-14)

- Add preliminary support for [MSC3823: Account
  Suspension](matrix-org/matrix-spec-proposals#3823).
  ([\#17051](element-hq/synapse#17051))

- Declare support for [Matrix
  v1.10](https://matrix.org/blog/2024/03/22/matrix-v1.10-release/). Contributed
  by
  @clokep. ([\#17082](element-hq/synapse#17082))

- Add support for [MSC4115: membership metadata on
  events](matrix-org/matrix-spec-proposals#4115).
  ([\#17104](element-hq/synapse#17104),
  [\#17137](element-hq/synapse#17137))


# Synapse 1.106.0 (2024-04-30)

- Send an email if the address is already bound to an user
  account. ([\#16819](element-hq/synapse#16819))

- Implement the rendezvous mechanism described by
  [MSC4108](matrix-org/matrix-spec-proposals#4108).
  ([\#17056](element-hq/synapse#17056))

- Support delegating the rendezvous mechanism described
  [MSC4108](matrix-org/matrix-spec-proposals#4108)
  to an external
  implementation. ([\#17086](element-hq/synapse#17086))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants