Move the default SAML2 error HTML to a dedicated file

Also add some JS to it to process any error we might have in the URI (see #6893).
2020-03-11 19:33:16 +00:00 · 2020-03-11 19:33:16 +00:00 · b8cfe79ffc
parent 54dd28621b
commit b8cfe79ffc
2 changed files with 55 additions and 18 deletions
--- a/synapse/config/saml2_config.py
+++ b/synapse/config/saml2_config.py
@ -15,6 +15,9 @@
 # limitations under the License.

 import logging
+import os
+
+import pkg_resources

 from synapse.python_dependencies import DependencyException, check_requirements
 from synapse.util.module_loader import load_module, load_python_module
@ -27,18 +30,6 @@ DEFAULT_USER_MAPPING_PROVIDER = (
    "synapse.handlers.saml_handler.DefaultSamlMappingProvider"
 )

-SAML2_ERROR_DEFAULT_HTML = """
-<html>
-    <body>
-        <p>Oops! Something went wrong</p>
-        <p>
-            Try logging in again from your Matrix client and if the problem persists
-            please contact the server's administrator.
-        </p>
-    </body>
-</html>
-"""
-

 def _dict_merge(merge_dict, into_dict):
    """Do a deep merge of two dicts
@ -172,12 +163,14 @@ class SAML2Config(Config):
            saml2_config.get("saml_session_lifetime", "5m")
        )

-        if "error_html_path" in config:
+        error_html_path = config.get("error_html_path")
+        if not error_html_path:
+            template_dir = pkg_resources.resource_filename("synapse", "res/templates")
+            error_html_path = os.path.join(template_dir, "saml_error.html")
+
        self.saml2_error_html_content = self.read_file(
-                config["error_html_path"], "saml2_config.error_html_path",
+            error_html_path, "saml2_config.error_html_path",
        )
-        else:
-            self.saml2_error_html_content = SAML2_ERROR_DEFAULT_HTML

    def _default_saml_config_dict(
        self, required_attributes: set, optional_attributes: set
--- a/synapse/res/templates/saml_error.html
+++ b/synapse/res/templates/saml_error.html
@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SSO error</title>
+</head>
+<body>
+    <p>Oops! Something went wrong during authentication<span id="errormsg"></span>.</p>
+    <p>
+        If you are seeing this page after clicking a link sent to you via email, make
+        sure you only click the confirmation link once, and that you open the
+        validation link in the same client you're logging in from.
+    </p>
+    <p>
+        Try logging in again from your Matrix client and if the problem persists
+        please contact the server's administrator.
+    </p>
+
+    <script type="text/javascript">
+        // Error handling to support Auth0 errors that we might get through a GET request
+        // to the validation endpoint. If an error is provided, it's either going to be
+        // located in the query string or in a query string-like URI fragment.
+        // We try to locate the error from any of these two locations, but if we can't
+        // we just don't print anything specific.
+        let searchStr = "";
+        if (window.location.search) {
+            // For some reason window.location.searchParams isn't always defined when
+            // window.location.search is, so we can't just use it right away.
+            searchStr = window.location.search;
+        } else if (window.location.hash) {
+            // Replace the # with a ? so that URLSearchParams does the right thing and
+            // doesn't parse the first parameter incorrectly.
+            searchStr = window.location.hash.replace("#", "?");
+        }
+
+        // We might end up with no error in the URL, so we need to check if we have one
+        // to print one.
+        let errorDesc = new URLSearchParams(searchStr).get("error_description")
+        if (errorDesc) {
+            document.getElementById("errormsg").innerHTML = ` ("${errorDesc}")`;
+        }
+    </script>
+</body>
+</html>