Merge pull request #7067 from matrix-org/babolivier/saml_error_moar
Move the default SAML2 error HTML to a dedicated file
This commit is contained in:
commit
d8d91983bc
|
@ -0,0 +1 @@
|
||||||
|
Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process.
|
|
@ -1360,12 +1360,24 @@ saml2_config:
|
||||||
#
|
#
|
||||||
#grandfathered_mxid_source_attribute: upn
|
#grandfathered_mxid_source_attribute: upn
|
||||||
|
|
||||||
# Path to a file containing HTML content to serve in case an error happens
|
# Directory in which Synapse will try to find the template files below.
|
||||||
# when the user gets redirected from the SAML IdP back to Synapse.
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
# If no file is provided, this defaults to some minimalistic HTML telling the
|
|
||||||
# user that something went wrong and they should try authenticating again.
|
|
||||||
#
|
#
|
||||||
#error_html_path: /path/to/static/content/saml_error.html
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# authentication process: 'saml_error.html'.
|
||||||
|
#
|
||||||
|
# This template doesn't currently need any variable to render.
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,9 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
import os
|
||||||
|
|
||||||
|
import pkg_resources
|
||||||
|
|
||||||
from synapse.python_dependencies import DependencyException, check_requirements
|
from synapse.python_dependencies import DependencyException, check_requirements
|
||||||
from synapse.util.module_loader import load_module, load_python_module
|
from synapse.util.module_loader import load_module, load_python_module
|
||||||
|
@ -27,18 +30,6 @@ DEFAULT_USER_MAPPING_PROVIDER = (
|
||||||
"synapse.handlers.saml_handler.DefaultSamlMappingProvider"
|
"synapse.handlers.saml_handler.DefaultSamlMappingProvider"
|
||||||
)
|
)
|
||||||
|
|
||||||
SAML2_ERROR_DEFAULT_HTML = """
|
|
||||||
<html>
|
|
||||||
<body>
|
|
||||||
<p>Oops! Something went wrong</p>
|
|
||||||
<p>
|
|
||||||
Try logging in again from your Matrix client and if the problem persists
|
|
||||||
please contact the server's administrator.
|
|
||||||
</p>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
"""
|
|
||||||
|
|
||||||
|
|
||||||
def _dict_merge(merge_dict, into_dict):
|
def _dict_merge(merge_dict, into_dict):
|
||||||
"""Do a deep merge of two dicts
|
"""Do a deep merge of two dicts
|
||||||
|
@ -172,12 +163,13 @@ class SAML2Config(Config):
|
||||||
saml2_config.get("saml_session_lifetime", "5m")
|
saml2_config.get("saml_session_lifetime", "5m")
|
||||||
)
|
)
|
||||||
|
|
||||||
if "error_html_path" in config:
|
template_dir = saml2_config.get("template_dir")
|
||||||
|
if not template_dir:
|
||||||
|
template_dir = pkg_resources.resource_filename("synapse", "res/templates",)
|
||||||
|
|
||||||
self.saml2_error_html_content = self.read_file(
|
self.saml2_error_html_content = self.read_file(
|
||||||
config["error_html_path"], "saml2_config.error_html_path",
|
os.path.join(template_dir, "saml_error.html"), "saml2_config.saml_error",
|
||||||
)
|
)
|
||||||
else:
|
|
||||||
self.saml2_error_html_content = SAML2_ERROR_DEFAULT_HTML
|
|
||||||
|
|
||||||
def _default_saml_config_dict(
|
def _default_saml_config_dict(
|
||||||
self, required_attributes: set, optional_attributes: set
|
self, required_attributes: set, optional_attributes: set
|
||||||
|
@ -345,12 +337,24 @@ class SAML2Config(Config):
|
||||||
#
|
#
|
||||||
#grandfathered_mxid_source_attribute: upn
|
#grandfathered_mxid_source_attribute: upn
|
||||||
|
|
||||||
# Path to a file containing HTML content to serve in case an error happens
|
# Directory in which Synapse will try to find the template files below.
|
||||||
# when the user gets redirected from the SAML IdP back to Synapse.
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
# If no file is provided, this defaults to some minimalistic HTML telling the
|
|
||||||
# user that something went wrong and they should try authenticating again.
|
|
||||||
#
|
#
|
||||||
#error_html_path: /path/to/static/content/saml_error.html
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# authentication process: 'saml_error.html'.
|
||||||
|
#
|
||||||
|
# This template doesn't currently need any variable to render.
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
""" % {
|
""" % {
|
||||||
"config_dir_path": config_dir_path
|
"config_dir_path": config_dir_path
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>SSO error</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<p>Oops! Something went wrong during authentication<span id="errormsg"></span>.</p>
|
||||||
|
<p>
|
||||||
|
If you are seeing this page after clicking a link sent to you via email, make
|
||||||
|
sure you only click the confirmation link once, and that you open the
|
||||||
|
validation link in the same client you're logging in from.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Try logging in again from your Matrix client and if the problem persists
|
||||||
|
please contact the server's administrator.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<script type="text/javascript">
|
||||||
|
// Error handling to support Auth0 errors that we might get through a GET request
|
||||||
|
// to the validation endpoint. If an error is provided, it's either going to be
|
||||||
|
// located in the query string or in a query string-like URI fragment.
|
||||||
|
// We try to locate the error from any of these two locations, but if we can't
|
||||||
|
// we just don't print anything specific.
|
||||||
|
let searchStr = "";
|
||||||
|
if (window.location.search) {
|
||||||
|
// window.location.searchParams isn't always defined when
|
||||||
|
// window.location.search is, so it's more reliable to parse the latter.
|
||||||
|
searchStr = window.location.search;
|
||||||
|
} else if (window.location.hash) {
|
||||||
|
// Replace the # with a ? so that URLSearchParams does the right thing and
|
||||||
|
// doesn't parse the first parameter incorrectly.
|
||||||
|
searchStr = window.location.hash.replace("#", "?");
|
||||||
|
}
|
||||||
|
|
||||||
|
// We might end up with no error in the URL, so we need to check if we have one
|
||||||
|
// to print one.
|
||||||
|
let errorDesc = new URLSearchParams(searchStr).get("error_description")
|
||||||
|
if (errorDesc) {
|
||||||
|
|
||||||
|
document.getElementById("errormsg").innerText = ` ("${errorDesc}")`;
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue