move configuration into oidc configuartion

matrix-org · Feb 24, 2023 · 0f3c788 · 0f3c788
1 parent 7d4d248
commit 0f3c788
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
@@ -1239,6 +1239,7 @@ async def grandfather_existing_users() -> Optional[str]:
             grandfather_existing_users,
             extra_attributes,
             auth_provider_session_id=sid,
+            registration_enabled=self._config.enable_registration,
         )
 
     def _remote_id_from_userinfo(self, userinfo: UserInfo) -> str:

diff --git a/synapse/handlers/sso.py b/synapse/handlers/sso.py
@@ -224,8 +224,6 @@ def __init__(self, hs: "HomeServer"):
 
         self._consent_at_registration = hs.config.consent.user_consent_at_registration
 
-        self._registration_enabled = hs.config.odic.enable_registration
-
     def register_identity_provider(self, p: SsoIdentityProvider) -> None:
         p_id = p.idp_id
         assert p_id not in self._identity_providers
@@ -385,6 +383,7 @@ async def complete_sso_login_request(
         grandfather_existing_users: Callable[[], Awaitable[Optional[str]]],
         extra_login_attributes: Optional[JsonDict] = None,
         auth_provider_session_id: Optional[str] = None,
+        registration_enabled: bool = True,
     ) -> None:
         """
         Given an SSO ID, retrieve the user ID for it and possibly register the user.
@@ -437,6 +436,10 @@ async def complete_sso_login_request(
 
             auth_provider_session_id: An optional session ID from the IdP.
 
+            registration_enabled: An optional boolean to enable/disable automatic
+            registrations of new users. If false and the user does not exist then the
+            flow is aborted. Defaults to true.
+
         Raises:
             MappingException if there was a problem mapping the response to a user.
             RedirectException: if the mapping provider needs to redirect the user
@@ -464,7 +467,7 @@ async def complete_sso_login_request(
                         auth_provider_id, remote_user_id, user_id
                     )
 
-            if not user_id and not self._registration_enabled:
+            if not user_id and not registration_enabled:
                 logger.info(
                     "User does not exist and registration are disabled for IdP '%s' and remote_user_id '%s'",
                     auth_provider_id,

diff --git a/tests/handlers/test_oidc.py b/tests/handlers/test_oidc.py
@@ -922,7 +922,7 @@ def test_extra_attributes(self) -> None:
             auth_provider_session_id=None,
         )
 
-    @override_config({"oidc_config": DEFAULT_CONFIG, "enable_registration": True})
+    @override_config({"oidc_config": {**DEFAULT_CONFIG, "enable_registration": True}})
     def test_map_userinfo_to_user(self) -> None:
         """Ensure that mapping the userinfo returned from a provider to an MXID works properly."""
         userinfo: dict = {
@@ -975,7 +975,7 @@ def test_map_userinfo_to_user(self) -> None:
             "Mapping provider does not support de-duplicating Matrix IDs",
         )
 
-    @override_config({"oidc_config": DEFAULT_CONFIG, "enable_registration": False})
+    @override_config({"oidc_config": {**DEFAULT_CONFIG, "enable_registration": False}})
     def test_map_userinfo_to_user_does_not_register_new_user(self) -> None:
         """Ensures new users are not registered if the enabled registration flag is disabled."""
         userinfo: dict = {