Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Document why auth providers aren't validated in the admin API #12004

Merged
merged 5 commits into from
Feb 18, 2022
Merged

Document why auth providers aren't validated in the admin API #12004

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
35348ae
Add some comments.
clokep Feb 16, 2022
af9b7dc
Newsfragment
clokep Feb 16, 2022
dd6c60f
Clarify changelog.
clokep Feb 17, 2022
797dbaa
Fix typo.
clokep Feb 17, 2022
cdd5f4b
Update more documentation.
clokep Feb 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/12004.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Clarify information about external IdP IDs.
clokep marked this conversation as resolved.
Show resolved Hide resolved
21 changes: 21 additions & 0 deletions synapse/storage/databases/main/registration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -622,10 +622,13 @@ async def record_user_external_id(
) -> None:
"""Record a mapping from an external user id to a mxid

See notes in _record_user_external_id_txn about what constitutes validate data.
clokep marked this conversation as resolved.
Show resolved Hide resolved

Args:
auth_provider: identifier for the remote auth provider
external_id: id on that system
user_id: complete mxid that it is mapped to

Raises:
ExternalIDReuseException if the new external_id could not be mapped.
"""
Expand All @@ -648,6 +651,21 @@ def _record_user_external_id_txn(
external_id: str,
user_id: str,
) -> None:
"""
Record a mapping from an external user id to a mxid.

Note that the auth provider IDs (and the external IDs) are not validated
against configured IdPs as Synapse does not know its relationship to
external systems. For example, it might be useful to pre-configure users
before enabling a new IdP or an IdP might be temporarily offline, but
still valid.

Args:
txn: The database transaction.
auth_provider: identifier for the remote auth provider
external_id: id on that system
user_id: complete mxid that it is mapped to
"""

self.db_pool.simple_insert_txn(
txn,
Expand Down Expand Up @@ -687,10 +705,13 @@ async def replace_user_external_id(
"""Replace mappings from external user ids to a mxid in a single transaction.
All mappings are deleted and the new ones are created.

See notes in _record_user_external_id_txn about what constitutes validate data.

Args:
record_external_ids:
List with tuple of auth_provider and external_id to record
user_id: complete mxid that it is mapped to

Raises:
ExternalIDReuseException if the new external_id could not be mapped.
"""
Expand Down