mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-14 11:57:44 +00:00
Allows CAS SSO flow to provide user IDs composed of numbers only (#17098)
This commit is contained in:
parent
bd8d8865fb
commit
7d82987b27
4 changed files with 30 additions and 0 deletions
1
changelog.d/17098.feature
Normal file
1
changelog.d/17098.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard.
|
|
@ -3558,6 +3558,15 @@ Has the following sub-options:
|
||||||
users. This allows the CAS SSO flow to be limited to sign in only, rather than
|
users. This allows the CAS SSO flow to be limited to sign in only, rather than
|
||||||
automatically registering users that have a valid SSO login but do not have
|
automatically registering users that have a valid SSO login but do not have
|
||||||
a pre-registered account. Defaults to true.
|
a pre-registered account. Defaults to true.
|
||||||
|
* `allow_numeric_ids`: set to 'true' allow numeric user IDs (default false).
|
||||||
|
This allows CAS SSO flow to provide user IDs composed of numbers only.
|
||||||
|
These identifiers will be prefixed by the letter "u" by default.
|
||||||
|
The prefix can be configured using the "numeric_ids_prefix" option.
|
||||||
|
Be careful to choose the prefix correctly to avoid any possible conflicts
|
||||||
|
(e.g. user 1234 becomes u1234 when a user u1234 already exists).
|
||||||
|
* `numeric_ids_prefix`: the prefix you wish to add in front of a numeric user ID
|
||||||
|
when the "allow_numeric_ids" option is set to "true".
|
||||||
|
By default, the prefix is the letter "u" and only alphanumeric characters are allowed.
|
||||||
|
|
||||||
*Added in Synapse 1.93.0.*
|
*Added in Synapse 1.93.0.*
|
||||||
|
|
||||||
|
@ -3572,6 +3581,8 @@ cas_config:
|
||||||
userGroup: "staff"
|
userGroup: "staff"
|
||||||
department: None
|
department: None
|
||||||
enable_registration: true
|
enable_registration: true
|
||||||
|
allow_numeric_ids: true
|
||||||
|
numeric_ids_prefix: "numericuser"
|
||||||
```
|
```
|
||||||
---
|
---
|
||||||
### `sso`
|
### `sso`
|
||||||
|
|
|
@ -66,6 +66,17 @@ class CasConfig(Config):
|
||||||
|
|
||||||
self.cas_enable_registration = cas_config.get("enable_registration", True)
|
self.cas_enable_registration = cas_config.get("enable_registration", True)
|
||||||
|
|
||||||
|
self.cas_allow_numeric_ids = cas_config.get("allow_numeric_ids")
|
||||||
|
self.cas_numeric_ids_prefix = cas_config.get("numeric_ids_prefix")
|
||||||
|
if (
|
||||||
|
self.cas_numeric_ids_prefix is not None
|
||||||
|
and self.cas_numeric_ids_prefix.isalnum() is False
|
||||||
|
):
|
||||||
|
raise ConfigError(
|
||||||
|
"Only alphanumeric characters are allowed for numeric IDs prefix",
|
||||||
|
("cas_config", "numeric_ids_prefix"),
|
||||||
|
)
|
||||||
|
|
||||||
self.idp_name = cas_config.get("idp_name", "CAS")
|
self.idp_name = cas_config.get("idp_name", "CAS")
|
||||||
self.idp_icon = cas_config.get("idp_icon")
|
self.idp_icon = cas_config.get("idp_icon")
|
||||||
self.idp_brand = cas_config.get("idp_brand")
|
self.idp_brand = cas_config.get("idp_brand")
|
||||||
|
@ -77,6 +88,8 @@ class CasConfig(Config):
|
||||||
self.cas_displayname_attribute = None
|
self.cas_displayname_attribute = None
|
||||||
self.cas_required_attributes = []
|
self.cas_required_attributes = []
|
||||||
self.cas_enable_registration = False
|
self.cas_enable_registration = False
|
||||||
|
self.cas_allow_numeric_ids = False
|
||||||
|
self.cas_numeric_ids_prefix = "u"
|
||||||
|
|
||||||
|
|
||||||
# CAS uses a legacy required attributes mapping, not the one provided by
|
# CAS uses a legacy required attributes mapping, not the one provided by
|
||||||
|
|
|
@ -78,6 +78,8 @@ class CasHandler:
|
||||||
self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
|
self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
|
||||||
self._cas_required_attributes = hs.config.cas.cas_required_attributes
|
self._cas_required_attributes = hs.config.cas.cas_required_attributes
|
||||||
self._cas_enable_registration = hs.config.cas.cas_enable_registration
|
self._cas_enable_registration = hs.config.cas.cas_enable_registration
|
||||||
|
self._cas_allow_numeric_ids = hs.config.cas.cas_allow_numeric_ids
|
||||||
|
self._cas_numeric_ids_prefix = hs.config.cas.cas_numeric_ids_prefix
|
||||||
|
|
||||||
self._http_client = hs.get_proxied_http_client()
|
self._http_client = hs.get_proxied_http_client()
|
||||||
|
|
||||||
|
@ -188,6 +190,9 @@ class CasHandler:
|
||||||
for child in root[0]:
|
for child in root[0]:
|
||||||
if child.tag.endswith("user"):
|
if child.tag.endswith("user"):
|
||||||
user = child.text
|
user = child.text
|
||||||
|
# if numeric user IDs are allowed and username is numeric then we add the prefix so Synapse can handle it
|
||||||
|
if self._cas_allow_numeric_ids and user is not None and user.isdigit():
|
||||||
|
user = f"{self._cas_numeric_ids_prefix}{user}"
|
||||||
if child.tag.endswith("attributes"):
|
if child.tag.endswith("attributes"):
|
||||||
for attribute in child:
|
for attribute in child:
|
||||||
# ElementTree library expands the namespace in
|
# ElementTree library expands the namespace in
|
||||||
|
|
Loading…
Reference in a new issue