diff --git a/changelog.d/4220.feature b/changelog.d/4220.feature
new file mode 100644
index 0000000000..e7a3e40483
--- /dev/null
+++ b/changelog.d/4220.feature
@@ -0,0 +1 @@
+Rename login type m.login.cas to m.login.sso
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
index 0010699d31..f6b4a85e40 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -27,7 +27,7 @@ from twisted.web.client import PartialDownloadError
from synapse.api.errors import Codes, LoginError, SynapseError
from synapse.http.server import finish_request
-from synapse.http.servlet import parse_json_object_from_request
+from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.types import UserID
from synapse.util.msisdn import phone_number_to_msisdn
@@ -83,6 +83,7 @@ class LoginRestServlet(ClientV1RestServlet):
PATTERNS = client_path_patterns("/login$")
SAML2_TYPE = "m.login.saml2"
CAS_TYPE = "m.login.cas"
+ SSO_TYPE = "m.login.sso"
TOKEN_TYPE = "m.login.token"
JWT_TYPE = "m.login.jwt"
@@ -105,6 +106,10 @@ class LoginRestServlet(ClientV1RestServlet):
if self.saml2_enabled:
flows.append({"type": LoginRestServlet.SAML2_TYPE})
if self.cas_enabled:
+ flows.append({"type": LoginRestServlet.SSO_TYPE})
+
+ # we advertise CAS for backwards compat, though MSC1721 renamed it
+ # to SSO.
flows.append({"type": LoginRestServlet.CAS_TYPE})
# While its valid for us to advertise this login type generally,
@@ -384,11 +389,11 @@ class SAML2RestServlet(ClientV1RestServlet):
defer.returnValue((200, {"status": "not_authenticated"}))
-class CasRedirectServlet(ClientV1RestServlet):
- PATTERNS = client_path_patterns("/login/cas/redirect", releases=())
+class CasRedirectServlet(RestServlet):
+ PATTERNS = client_path_patterns("/login/(cas|sso)/redirect")
def __init__(self, hs):
- super(CasRedirectServlet, self).__init__(hs)
+ super(CasRedirectServlet, self).__init__()
self.cas_server_url = hs.config.cas_server_url.encode('ascii')
self.cas_service_url = hs.config.cas_service_url.encode('ascii')
diff --git a/synapse/static/client/login/index.html b/synapse/static/client/login/index.html
index 96c8723cab..bcb6bc6bb7 100644
--- a/synapse/static/client/login/index.html
+++ b/synapse/static/client/login/index.html
@@ -12,35 +12,30 @@
Log in with one of the following methods
-
-
-
- CAS Authentication:
+
+ Single-sign on:
+
-
+
+ Password Authentication:
+
+
+
+
Log in currently unavailable.
diff --git a/synapse/static/client/login/js/login.js b/synapse/static/client/login/js/login.js
index bfb7386035..3a958749a1 100644
--- a/synapse/static/client/login/js/login.js
+++ b/synapse/static/client/login/js/login.js
@@ -1,7 +1,8 @@
window.matrixLogin = {
- endpoint: location.origin + "/_matrix/client/api/v1/login",
+ endpoint: location.origin + "/_matrix/client/r0/login",
serverAcceptsPassword: false,
- serverAcceptsCas: false
+ serverAcceptsCas: false,
+ serverAcceptsSso: false,
};
var submitPassword = function(user, pwd) {
@@ -40,12 +41,6 @@ var errorFunc = function(err) {
}
};
-var gotoCas = function() {
- var this_page = window.location.origin + window.location.pathname;
- var redirect_url = matrixLogin.endpoint + "/cas/redirect?redirectUrl=" + encodeURIComponent(this_page);
- window.location.replace(redirect_url);
-}
-
var setFeedbackString = function(text) {
$("#feedback").text(text);
};
@@ -53,12 +48,18 @@ var setFeedbackString = function(text) {
var show_login = function() {
$("#loading").hide();
+ var this_page = window.location.origin + window.location.pathname;
+ $("#sso_redirect_url").val(encodeURIComponent(this_page));
+
if (matrixLogin.serverAcceptsPassword) {
- $("#password_form").show();
+ $("#password_flow").show();
}
- if (matrixLogin.serverAcceptsCas) {
- $("#cas_flow").show();
+ if (matrixLogin.serverAcceptsSso) {
+ $("#sso_flow").show();
+ } else if (matrixLogin.serverAcceptsCas) {
+ $("#sso_form").attr("action", "/_matrix/client/r0/login/cas/redirect");
+ $("#sso_flow").show();
}
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas) {
@@ -67,8 +68,8 @@ var show_login = function() {
};
var show_spinner = function() {
- $("#password_form").hide();
- $("#cas_flow").hide();
+ $("#password_flow").hide();
+ $("#sso_flow").hide();
$("#no_login_types").hide();
$("#loading").show();
};
@@ -84,7 +85,10 @@ var fetch_info = function(cb) {
matrixLogin.serverAcceptsCas = true;
console.log("Server accepts CAS");
}
-
+ if ("m.login.sso" === flow.type) {
+ matrixLogin.serverAcceptsSso = true;
+ console.log("Server accepts SSO");
+ }
if ("m.login.password" === flow.type) {
matrixLogin.serverAcceptsPassword = true;
console.log("Server accepts password");
diff --git a/synapse/static/client/login/style.css b/synapse/static/client/login/style.css
index 73da0b5117..1cce5ed950 100644
--- a/synapse/static/client/login/style.css
+++ b/synapse/static/client/login/style.css
@@ -19,30 +19,23 @@ a:hover { color: #000; }
a:active { color: #000; }
input {
- width: 90%
-}
-
-textarea, input {
- font-family: inherit;
- font-size: inherit;
margin: 5px;
}
-.smallPrint {
- color: #888;
- font-size: 9pt ! important;
- font-style: italic ! important;
+textbox, input[type="text"], input[type="password"] {
+ width: 90%;
}
-.g-recaptcha div {
- margin: auto;
+form {
+ text-align: center;
+ margin: 10px 0 0 0;
}
.login_flow {
+ width: 300px;
text-align: left;
padding: 10px;
margin-bottom: 40px;
- display: inline-block;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;