mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2025-12-05 01:10:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow subpaths in MAS endpoints (#19186)

Browse Source 
Fixes #19184

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [X] Pull request is based on the develop branch
* [X] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
This commit is contained in:
Devon Hudson
2025-11-18 18:45:33 +00:00
committed by Devon Hudson
parent 8feb862ff6
commit d01a8abc45
3 changed files with 30 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/19186.bugfix Normal file
View File

@@ -0,0 +1 @@
Fix regression preventing subpaths in MAS endpoints.

27
synapse/api/auth/mas.py
View File

@@ -17,7 +17,6 @@ from typing import TYPE_CHECKING, Optional
from urllib.parse import urlencode
from pydantic import (
AnyHttpUrl,
BaseModel,
ConfigDict,
StrictBool,
@@ -147,33 +146,13 @@ class MasDelegatedAuth(BaseAuth):
@property
def _metadata_url(self) -> str:
return str(
AnyHttpUrl.build(
scheme=self._config.endpoint.scheme,
username=self._config.endpoint.username,
password=self._config.endpoint.password,
host=self._config.endpoint.host or "",
port=self._config.endpoint.port,
path=".well-known/openid-configuration",
query=None,
fragment=None,
)
return (
f"{str(self._config.endpoint).rstrip('/')}/.well-known/openid-configuration"
)
@property
def _introspection_endpoint(self) -> str:
return str(
AnyHttpUrl.build(
scheme=self._config.endpoint.scheme,
username=self._config.endpoint.username,
password=self._config.endpoint.password,
host=self._config.endpoint.host or "",
port=self._config.endpoint.port,
path="oauth2/introspect",
query=None,
fragment=None,
)
)
return f"{str(self._config.endpoint).rstrip('/')}/oauth2/introspect"
async def _load_metadata(self) -> ServerMetadata:
response = await self._http_client.get_json(self._metadata_url)

26
tests/handlers/test_oauth_delegation.py
View File

@@ -1057,6 +1057,32 @@ class MasAuthDelegation(HomeserverTestCase):
self.assertEqual(self.server.calls, 1)
class MasAuthDelegationWithSubpath(MasAuthDelegation):
"""Test MAS delegation when the MAS server is hosted on a subpath."""
def default_config(self) -> dict[str, Any]:
config = super().default_config()
# Override the endpoint to include a subpath
config["matrix_authentication_service"]["endpoint"] = (
self.server.endpoint + "auth/path/"
)
return config
def test_introspection_endpoint_uses_subpath(self) -> None:
"""Test that the introspection endpoint correctly uses the configured subpath."""
expected_introspection_url = (
self.server.endpoint + "auth/path/oauth2/introspect"
)
self.assertEqual(self._auth._introspection_endpoint, expected_introspection_url)
def test_metadata_url_uses_subpath(self) -> None:
"""Test that the metadata URL correctly uses the configured subpath."""
expected_metadata_url = (
self.server.endpoint + "auth/path/.well-known/openid-configuration"
)
self.assertEqual(self._auth._metadata_url, expected_metadata_url)
@parameterized_class(
("config",),
[