From ba3fd54badb0e11d4dc79488e2ab3099fc03a1e8 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Wed, 4 May 2022 09:53:21 -0400 Subject: [PATCH] Remove unstable/unspecced login types. (#12597) * `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release. --- CHANGES.md | 6 ++++++ changelog.d/12597.removal | 2 ++ docs/jwt.md | 3 --- synapse/rest/client/login.py | 15 ++++----------- tests/handlers/test_password_providers.py | 4 +--- tests/rest/client/test_login.py | 4 +--- 6 files changed, 14 insertions(+), 20 deletions(-) create mode 100644 changelog.d/12597.removal diff --git a/CHANGES.md b/CHANGES.md index 31f1561274..b4d91b2793 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,9 @@ +Synapse 1.59.0 +============== + +The non-standard `m.login.jwt` login type has been removed from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration. + + Synapse 1.58.0 (2022-05-03) =========================== diff --git a/changelog.d/12597.removal b/changelog.d/12597.removal new file mode 100644 index 0000000000..7927f1d68d --- /dev/null +++ b/changelog.d/12597.removal @@ -0,0 +1,2 @@ +Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from +[MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778). diff --git a/docs/jwt.md b/docs/jwt.md index 32f58cc0cb..346daf78ad 100644 --- a/docs/jwt.md +++ b/docs/jwt.md @@ -17,9 +17,6 @@ follows: } ``` -Note that the login type of `m.login.jwt` is supported, but is deprecated. This -will be removed in a future version of Synapse. - The `token` field should include the JSON web token with the following claims: * A claim that encodes the local part of the user ID is required. By default, diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index 4a4dbe75de..71d8038448 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -69,9 +69,7 @@ class LoginRestServlet(RestServlet): SSO_TYPE = "m.login.sso" TOKEN_TYPE = "m.login.token" JWT_TYPE = "org.matrix.login.jwt" - JWT_TYPE_DEPRECATED = "m.login.jwt" APPSERVICE_TYPE = "m.login.application_service" - APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service" REFRESH_TOKEN_PARAM = "refresh_token" def __init__(self, hs: "HomeServer"): @@ -126,7 +124,6 @@ class LoginRestServlet(RestServlet): flows: List[JsonDict] = [] if self.jwt_enabled: flows.append({"type": LoginRestServlet.JWT_TYPE}) - flows.append({"type": LoginRestServlet.JWT_TYPE_DEPRECATED}) if self.cas_enabled: # we advertise CAS for backwards compat, though MSC1721 renamed it @@ -156,7 +153,6 @@ class LoginRestServlet(RestServlet): flows.extend({"type": t} for t in self.auth_handler.get_supported_login_types()) flows.append({"type": LoginRestServlet.APPSERVICE_TYPE}) - flows.append({"type": LoginRestServlet.APPSERVICE_TYPE_UNSTABLE}) return 200, {"flows": flows} @@ -175,10 +171,7 @@ class LoginRestServlet(RestServlet): ) try: - if login_submission["type"] in ( - LoginRestServlet.APPSERVICE_TYPE, - LoginRestServlet.APPSERVICE_TYPE_UNSTABLE, - ): + if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE: appservice = self.auth.get_appservice_by_req(request) if appservice.is_rate_limited(): @@ -191,9 +184,9 @@ class LoginRestServlet(RestServlet): appservice, should_issue_refresh_token=should_issue_refresh_token, ) - elif self.jwt_enabled and ( - login_submission["type"] == LoginRestServlet.JWT_TYPE - or login_submission["type"] == LoginRestServlet.JWT_TYPE_DEPRECATED + elif ( + self.jwt_enabled + and login_submission["type"] == LoginRestServlet.JWT_TYPE ): await self._address_ratelimiter.ratelimit(None, request.getClientIP()) result = await self._do_jwt_login( diff --git a/tests/handlers/test_password_providers.py b/tests/handlers/test_password_providers.py index addf14fa2b..82b3bb3b73 100644 --- a/tests/handlers/test_password_providers.py +++ b/tests/handlers/test_password_providers.py @@ -30,11 +30,9 @@ from tests.server import FakeChannel from tests.test_utils import make_awaitable from tests.unittest import override_config -# (possibly experimental) login flows we expect to appear in the list after the normal -# ones +# Login flows we expect to appear in the list after the normal ones. ADDITIONAL_LOGIN_FLOWS = [ {"type": "m.login.application_service"}, - {"type": "uk.half-shot.msc2778.login.application_service"}, ] # a mock instance which the dummy auth providers delegate to, so we can see what's going diff --git a/tests/rest/client/test_login.py b/tests/rest/client/test_login.py index 0a3d017dc9..4920468f7a 100644 --- a/tests/rest/client/test_login.py +++ b/tests/rest/client/test_login.py @@ -81,11 +81,9 @@ TEST_CLIENT_REDIRECT_URL = 'https://x?&q"+%3D%2B"="fö%26=o"' # the query params in TEST_CLIENT_REDIRECT_URL EXPECTED_CLIENT_REDIRECT_URL_PARAMS = [("", ""), ('q" =+"', '"fö&=o"')] -# (possibly experimental) login flows we expect to appear in the list after the normal -# ones +# Login flows we expect to appear in the list after the normal ones. ADDITIONAL_LOGIN_FLOWS = [ {"type": "m.login.application_service"}, - {"type": "uk.half-shot.msc2778.login.application_service"}, ]