From 7d4a72d90bc16e7dee2137d8042302c5f9720e8f Mon Sep 17 00:00:00 2001 From: Christopher Cooper Date: Thu, 30 Apr 2020 22:05:43 -0700 Subject: [PATCH 1/2] allow emails to be passed through SAML Signed-off-by: Christopher Cooper --- changelog.d/7385.feature | 1 + docs/saml_mapping_providers.md | 2 ++ synapse/handlers/saml_handler.py | 12 ++++++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 changelog.d/7385.feature diff --git a/changelog.d/7385.feature b/changelog.d/7385.feature new file mode 100644 index 000000000000..93a5419eaa0b --- /dev/null +++ b/changelog.d/7385.feature @@ -0,0 +1 @@ +Add the ability to pass an email via SAML attributes. diff --git a/docs/saml_mapping_providers.md b/docs/saml_mapping_providers.md index 92f2380488c3..79edaeeff411 100644 --- a/docs/saml_mapping_providers.md +++ b/docs/saml_mapping_providers.md @@ -52,6 +52,8 @@ A custom mapping provider must specify the following methods: * `mxid_localpart` - Required. The mxid localpart of the new user. * `displayname` - The displayname of the new user. If not provided, will default to the value of `mxid_localpart`. + * `emails` - A list of emails for the new user. If not provided, will + default to an empty list. * `parse_config(config)` - This method should have the `@staticmethod` decoration. - Arguments: diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py index 96f2dd36ad20..b1c94983281f 100644 --- a/synapse/handlers/saml_handler.py +++ b/synapse/handlers/saml_handler.py @@ -268,6 +268,7 @@ async def _map_saml_response_to_user( raise SynapseError(500, "Error parsing SAML2 response") displayname = attribute_dict.get("displayname") + emails = attribute_dict.get("emails", []) # Check if this mxid already exists if not await self._datastore.get_users_by_id_case_insensitive( @@ -285,7 +286,9 @@ async def _map_saml_response_to_user( logger.info("Mapped SAML user to local part %s", localpart) registered_user_id = await self._registration_handler.register_user( - localpart=localpart, default_display_name=displayname + localpart=localpart, + default_display_name=displayname, + bind_emails=emails, ) await self._datastore.record_user_external_id( @@ -377,6 +380,7 @@ def saml_response_to_user_attributes( dict: A dict containing new user attributes. Possible keys: * mxid_localpart (str): Required. The localpart of the user's mxid * displayname (str): The displayname of the user + * emails (list[str]): Any emails for the user """ try: mxid_source = saml_response.ava[self._mxid_source_attribute][0] @@ -399,9 +403,13 @@ def saml_response_to_user_attributes( # If displayname is None, the mxid_localpart will be used instead displayname = saml_response.ava.get("displayName", [None])[0] + # Retrieve any emails present in the saml response + emails = saml_response.ava.get("email", []) + return { "mxid_localpart": localpart, "displayname": displayname, + "emails": emails, } @staticmethod @@ -440,4 +448,4 @@ def get_saml_attributes(config: SamlConfig) -> Tuple[set, set]: second set consists of those attributes which can be used if available, but are not necessary """ - return {"uid", config.mxid_source_attribute}, {"displayName"} + return {"uid", config.mxid_source_attribute}, {"displayName", "email"} From f10551237bf95433964431818d88867d1ac98569 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Wed, 27 May 2020 16:56:01 +0100 Subject: [PATCH 2/2] Update changelog.d/7385.feature Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --- changelog.d/7385.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/7385.feature b/changelog.d/7385.feature index 93a5419eaa0b..9d8fb2311ac2 100644 --- a/changelog.d/7385.feature +++ b/changelog.d/7385.feature @@ -1 +1 @@ -Add the ability to pass an email via SAML attributes. +For SAML authentication, add the ability to pass email addresses to be added to new users' accounts via SAML attributes. Contributed by Christopher Cooper.