From f73cbebba1a8aa3834e314073ddc2ff2467e7985 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Fri, 29 Apr 2022 14:53:53 -0400 Subject: [PATCH 1/4] Remove unspecced m.login.jwt login type. --- docs/jwt.md | 3 --- synapse/rest/client/login.py | 8 +++----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/docs/jwt.md b/docs/jwt.md index 32f58cc0cbbf..346daf78ad1e 100644 --- a/docs/jwt.md +++ b/docs/jwt.md @@ -17,9 +17,6 @@ follows: } ``` -Note that the login type of `m.login.jwt` is supported, but is deprecated. This -will be removed in a future version of Synapse. - The `token` field should include the JSON web token with the following claims: * A claim that encodes the local part of the user ID is required. By default, diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index 4a4dbe75de6b..5d30cb911601 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -69,7 +69,6 @@ class LoginRestServlet(RestServlet): SSO_TYPE = "m.login.sso" TOKEN_TYPE = "m.login.token" JWT_TYPE = "org.matrix.login.jwt" - JWT_TYPE_DEPRECATED = "m.login.jwt" APPSERVICE_TYPE = "m.login.application_service" APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service" REFRESH_TOKEN_PARAM = "refresh_token" @@ -126,7 +125,6 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: flows: List[JsonDict] = [] if self.jwt_enabled: flows.append({"type": LoginRestServlet.JWT_TYPE}) - flows.append({"type": LoginRestServlet.JWT_TYPE_DEPRECATED}) if self.cas_enabled: # we advertise CAS for backwards compat, though MSC1721 renamed it @@ -191,9 +189,9 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]: appservice, should_issue_refresh_token=should_issue_refresh_token, ) - elif self.jwt_enabled and ( - login_submission["type"] == LoginRestServlet.JWT_TYPE - or login_submission["type"] == LoginRestServlet.JWT_TYPE_DEPRECATED + elif ( + self.jwt_enabled + and login_submission["type"] == LoginRestServlet.JWT_TYPE ): await self._address_ratelimiter.ratelimit(None, request.getClientIP()) result = await self._do_jwt_login( From b771f523780cac7c2a17f1e3d9e907750706892e Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Fri, 29 Apr 2022 14:54:10 -0400 Subject: [PATCH 2/4] Remove unstable MSC2778 login type. --- synapse/rest/client/login.py | 7 +------ tests/handlers/test_password_providers.py | 4 +--- tests/rest/client/test_login.py | 4 +--- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index 5d30cb911601..71d8038448da 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -70,7 +70,6 @@ class LoginRestServlet(RestServlet): TOKEN_TYPE = "m.login.token" JWT_TYPE = "org.matrix.login.jwt" APPSERVICE_TYPE = "m.login.application_service" - APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service" REFRESH_TOKEN_PARAM = "refresh_token" def __init__(self, hs: "HomeServer"): @@ -154,7 +153,6 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: flows.extend({"type": t} for t in self.auth_handler.get_supported_login_types()) flows.append({"type": LoginRestServlet.APPSERVICE_TYPE}) - flows.append({"type": LoginRestServlet.APPSERVICE_TYPE_UNSTABLE}) return 200, {"flows": flows} @@ -173,10 +171,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]: ) try: - if login_submission["type"] in ( - LoginRestServlet.APPSERVICE_TYPE, - LoginRestServlet.APPSERVICE_TYPE_UNSTABLE, - ): + if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE: appservice = self.auth.get_appservice_by_req(request) if appservice.is_rate_limited(): diff --git a/tests/handlers/test_password_providers.py b/tests/handlers/test_password_providers.py index addf14fa2ba0..82b3bb3b735d 100644 --- a/tests/handlers/test_password_providers.py +++ b/tests/handlers/test_password_providers.py @@ -30,11 +30,9 @@ from tests.test_utils import make_awaitable from tests.unittest import override_config -# (possibly experimental) login flows we expect to appear in the list after the normal -# ones +# Login flows we expect to appear in the list after the normal ones. ADDITIONAL_LOGIN_FLOWS = [ {"type": "m.login.application_service"}, - {"type": "uk.half-shot.msc2778.login.application_service"}, ] # a mock instance which the dummy auth providers delegate to, so we can see what's going diff --git a/tests/rest/client/test_login.py b/tests/rest/client/test_login.py index 0a3d017dc9b9..4920468f7ab8 100644 --- a/tests/rest/client/test_login.py +++ b/tests/rest/client/test_login.py @@ -81,11 +81,9 @@ # the query params in TEST_CLIENT_REDIRECT_URL EXPECTED_CLIENT_REDIRECT_URL_PARAMS = [("", ""), ('q" =+"', '"fö&=o"')] -# (possibly experimental) login flows we expect to appear in the list after the normal -# ones +# Login flows we expect to appear in the list after the normal ones. ADDITIONAL_LOGIN_FLOWS = [ {"type": "m.login.application_service"}, - {"type": "uk.half-shot.msc2778.login.application_service"}, ] From c8aa95cd00c34a74edbac749fbb209b5bc66e460 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Fri, 29 Apr 2022 15:00:14 -0400 Subject: [PATCH 3/4] Newsfragment --- changelog.d/12597.removal | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelog.d/12597.removal diff --git a/changelog.d/12597.removal b/changelog.d/12597.removal new file mode 100644 index 000000000000..7927f1d68d5f --- /dev/null +++ b/changelog.d/12597.removal @@ -0,0 +1,2 @@ +Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from +[MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778). From 1addabf4c22a4750af6e8ce3d059b86cc20d73de Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Wed, 4 May 2022 09:28:39 -0400 Subject: [PATCH 4/4] Add upgrade notes. --- CHANGES.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 31f156127424..b4d91b27937f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,9 @@ +Synapse 1.59.0 +============== + +The non-standard `m.login.jwt` login type has been removed from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration. + + Synapse 1.58.0 (2022-05-03) ===========================