Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow multiple values for SSO attribute_requirements via comma separation #17949

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

feat: Allow multiple values for SSO attribute_requirements via comma separation #17949

wants to merge 3 commits into from

Conversation

meise
Copy link
Contributor

@meise meise commented Nov 20, 2024
edited
Loading

In the current attribute_requirements implementation it is only possible to allow exact matching attribute values. Multiple allowed values for one attribute are not possible as described in #13238.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct
    (run the linters)

@meise meise requested a review from a team as a code owner November 20, 2024 17:19
@CLAassistant
Copy link

CLAassistant commented Nov 20, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@meise meise force-pushed the 13238_sso_attribute_requirements_multiple_values branch from bc721c6 to 37c81f6 Compare November 20, 2024 17:23
@github-actions github-actions bot deployed to PR Documentation Preview November 20, 2024 17:24 Active
@meise meise changed the title feat: Allow multiple values for SSO attributes via comma separating feat: Allow multiple values for SSO attribute_requirements via comma separating Nov 20, 2024
@meise meise changed the title feat: Allow multiple values for SSO attribute_requirements via comma separating feat: Allow multiple values for SSO attribute_requirements via comma separation Nov 20, 2024
@meise meise force-pushed the 13238_sso_attribute_requirements_multiple_values branch from 37c81f6 to a6bc148 Compare November 20, 2024 17:27
@github-actions github-actions bot deployed to PR Documentation Preview November 20, 2024 17:28 Active
@meise meise force-pushed the 13238_sso_attribute_requirements_multiple_values branch from a6bc148 to d83ceeb Compare November 20, 2024 17:29
@github-actions github-actions bot deployed to PR Documentation Preview November 20, 2024 17:32 Active
@meise
Copy link
Contributor Author

meise commented Nov 20, 2024

I'm not sure whether the current change is really ideal or whether the JSON schema should be changed to a value list.

@pizkaz pizkaz force-pushed the 13238_sso_attribute_requirements_multiple_values branch from 297c68c to db1924a Compare November 21, 2024 20:17
@meise meise requested a review from sandhose November 21, 2024 20:25
@github-actions github-actions bot deployed to PR Documentation Preview November 26, 2024 14:50 Active
sandhose
sandhose requested changes Nov 26, 2024
View reviewed changes
synapse/config/sso.py Outdated
Comment on lines 64 to 69
@staticmethod
def from_dict(attr_req: Dict[str, Any]) -> Self:
attribute = attr_req["attribute"]
value = attr_req.get("value")
one_of = attr_req.get("one_of")
return SsoAttributeRequirement(attribute, value, one_of)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this is because it was vailing if value or one_of is missing? I think this is because they should have explicitly None as default, e.g. value: Optional[str] = None

Copy link

@pizkaz pizkaz Nov 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I will try using default values, as you suggested.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works like a charm. Thanks for pointing in the right direction. 🙂

synapse/config/sso.py Outdated
Comment on lines 58 to 60
"oneOf": [
{"required": ["value"]},
{"required": ["one_of"]},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that right? Does that mean that either value or one_of must be set? I thought it was possible to have neither of them set?

Copy link

@pizkaz pizkaz Nov 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, either value or one_of must be set. Before these changes, the JSON schema had value listed as required as well.
As far as I understand, value can be None, though. There is, however, no test case ensuring this. If you want I can implement one.

Copy link
Member

@sandhose sandhose Nov 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted; a test would indeed be helpful!

Copy link

@pizkaz pizkaz Nov 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoa, this is confusing. The comment

    # If a value is not given, than the attribute must simply exist.
    value: Optional[str]

is and has been a lie since 6dade80, except for CAS, which uses a different JSON schema and thus bypasses the required rule a few lines below:

        "required": ["attribute", "value"],

I updated the comment, so people don't need to find this out the hard way, as I did. 😉

A CAS test without a value already exists.

@pizkaz pizkaz force-pushed the 13238_sso_attribute_requirements_multiple_values branch from db1924a to 79e2068 Compare November 27, 2024 16:58
@github-actions github-actions bot deployed to PR Documentation Preview November 27, 2024 17:07 Active
@pizkaz pizkaz force-pushed the 13238_sso_attribute_requirements_multiple_values branch from 41e901c to b506406 Compare November 27, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pizkaz pizkaz pizkaz left review comments

@sandhose sandhose sandhose requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@meise @CLAassistant @sandhose @pizkaz