Fix advertised flows when SSO is not in use

2023-04-04 17:38:47 +01:00
parent 97e4775c6c
commit 54fe012f8e
2 changed files with 16 additions and 17 deletions
@@ -148,12 +148,10 @@ class LoginRestServlet(RestServlet):
            # to SSO.
            flows.append({"type": LoginRestServlet.CAS_TYPE})

-        if (
-            self.cas_enabled
-            or self.saml2_enabled
-            or self.oidc_enabled
-            or self._get_login_token_enabled
-        ):
+        # MSC3882 requires m.login.token to be advertised
+        supportLoginTokenFlow = self._get_login_token_enabled
+
+        if self.cas_enabled or self.saml2_enabled or self.oidc_enabled:
            flows.append(
                {
                    "type": LoginRestServlet.SSO_TYPE,
@@ -164,13 +162,10 @@ class LoginRestServlet(RestServlet):
                }
            )

-            # While it's valid for us to advertise this login type generally,
-            # synapse currently only gives out these tokens as part of the
-            # SSO login flow.
-            # Generally we don't want to advertise login flows that clients
-            # don't know how to implement, since they (currently) will always
-            # fall back to the fallback API if they don't understand one of the
-            # login flow types returned.
+            # SSO requires a login token to be generated, so we need to advertise that flow
+            supportLoginTokenFlow = True
+
+        if supportLoginTokenFlow:
            tokenTypeFlow: Dict[str, Any] = {"type": LoginRestServlet.TOKEN_TYPE}
            # If MSC3882 is enabled we advertise the get_login_token flag.
            if self._get_login_token_enabled:
@@ -464,10 +464,14 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
        channel = self.make_request("GET", "/_matrix/client/r0/login")
        self.assertEqual(channel.code, 200, channel.result)

-        print(channel.json_body)
-
-        flows = {flow["type"]: flow for flow in channel.json_body["flows"]}
-        self.assertTrue(flows["m.login.token"]["org.matrix.msc3882.get_login_token"])
+        self.assertCountEqual(
+            channel.json_body["flows"],
+            [
+                {"type": "m.login.token", "org.matrix.msc3882.get_login_token": True},
+                {"type": "m.login.password"},
+                {"type": "m.login.application_service"},
+            ],
+        )


@skip_unless(has_saml2 and HAS_OIDC, "Requires SAML2 and OIDC")