diff --git a/synapse/config/_base.pyi b/synapse/config/_base.pyi index 29aa064e571b..3ccea4b02d5e 100644 --- a/synapse/config/_base.pyi +++ b/synapse/config/_base.pyi @@ -9,6 +9,7 @@ from synapse.config import ( consent_config, database, emailconfig, + experimental, groups, jwt_config, key, @@ -48,6 +49,7 @@ def path_exists(file_path: str): ... class RootConfig: server: server.ServerConfig + experimental: experimental.ExperimentalConfig tls: tls.TlsConfig database: database.DatabaseConfig logging: logger.LoggingConfig diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py new file mode 100644 index 000000000000..c4d67c9a4c42 --- /dev/null +++ b/synapse/config/experimental.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 The Matrix.org Foundation C.I.C. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from synapse.config._base import Config +from synapse.types import JsonDict + + +class ExperimentalConfig(Config): + """Config section for enabling experimental features""" + + section = "experimental" + + # MSC2858 (multiple SSO identity providers) + msc2858_enabled = False + + def read_config(self, config: JsonDict, **kwargs): + experimental = config.get("experimental_features") + if not experimental: + return + + self.msc2858_enabled = experimental.get("msc2858_enabled", False) diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index 4bd2b3587b17..64a2429f7787 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -24,6 +24,7 @@ from .consent_config import ConsentConfig from .database import DatabaseConfig from .emailconfig import EmailConfig +from .experimental import ExperimentalConfig from .federation import FederationConfig from .groups import GroupsConfig from .jwt_config import JWTConfig @@ -57,6 +58,7 @@ class HomeServerConfig(RootConfig): config_classes = [ ServerConfig, + ExperimentalConfig, TlsConfig, FederationConfig, CacheConfig, diff --git a/synapse/config/sso.py b/synapse/config/sso.py index b9047f242774..59be825532f5 100644 --- a/synapse/config/sso.py +++ b/synapse/config/sso.py @@ -67,11 +67,6 @@ def read_config(self, config, **kwargs): login_fallback_url = self.public_baseurl + "_matrix/static/client/login" self.sso_client_whitelist.append(login_fallback_url) - # experimental support for MSC2858 (multiple SSO identity providers) - self.experimental_msc2858_support_enabled = config.get( - "experimental_msc2858_support_enabled", False - ) - def generate_config_section(self, **kwargs): return """\ # Additional settings to use with single-sign on systems such as OpenID Connect, diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index 9b27f8d89c6b..0a561eea601a 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -61,7 +61,7 @@ def __init__(self, hs: "HomeServer"): self.saml2_enabled = hs.config.saml2_enabled self.cas_enabled = hs.config.cas_enabled self.oidc_enabled = hs.config.oidc_enabled - self._msc2858_enabled = hs.config.sso.experimental_msc2858_support_enabled + self._msc2858_enabled = hs.config.experimental.msc2858_enabled self.auth = hs.get_auth() @@ -349,7 +349,7 @@ def __init__(self, hs: "HomeServer"): if hs.config.oidc_enabled: hs.get_oidc_handler() self._sso_handler = hs.get_sso_handler() - self._msc2858_enabled = hs.config.sso.experimental_msc2858_support_enabled + self._msc2858_enabled = hs.config.experimental.msc2858_enabled def register(self, http_server: HttpServer) -> None: super().register(http_server) diff --git a/tests/rest/client/v1/test_login.py b/tests/rest/client/v1/test_login.py index 34e2bdb62147..e2bb945453dd 100644 --- a/tests/rest/client/v1/test_login.py +++ b/tests/rest/client/v1/test_login.py @@ -444,7 +444,7 @@ def test_get_login_flows(self): self.assertCountEqual(channel.json_body["flows"], expected_flows) - @override_config({"experimental_msc2858_support_enabled": True}) + @override_config({"experimental_features": {"msc2858_enabled": True}}) def test_get_msc2858_login_flows(self): """The SSO flow should include IdP info if MSC2858 is enabled""" channel = self.make_request("GET", "/_matrix/client/r0/login") @@ -629,7 +629,7 @@ def test_client_idp_redirect_msc2858_disabled(self): self.assertEqual(channel.code, 400, channel.result) self.assertEqual(channel.json_body["errcode"], "M_UNRECOGNIZED") - @override_config({"experimental_msc2858_support_enabled": True}) + @override_config({"experimental_features": {"msc2858_enabled": True}}) def test_client_idp_redirect_to_unknown(self): """If the client tries to pick an unknown IdP, return a 404""" channel = self.make_request( @@ -640,7 +640,7 @@ def test_client_idp_redirect_to_unknown(self): self.assertEqual(channel.code, 404, channel.result) self.assertEqual(channel.json_body["errcode"], "M_NOT_FOUND") - @override_config({"experimental_msc2858_support_enabled": True}) + @override_config({"experimental_features": {"msc2858_enabled": True}}) def test_client_idp_redirect_to_oidc(self): """If the client pick a known IdP, redirect to it""" channel = self.make_request(