Render the SSO redirect page from Jinja.

matrix-org · Mar 19, 2020 · 7060604 · 7060604
1 parent bbbee5a
commit 7060604
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 30 deletions.
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
@@ -116,10 +116,13 @@ def __init__(self, hs):
 
         self._clock = self.hs.get_clock()
 
-        # Load the SSO redirect confirmation page HTML template
+        # Load the SSO HTML templates.
         self._sso_redirect_confirm_template = load_jinja2_templates(
             hs.config.sso_redirect_confirm_template_dir, ["sso_redirect_confirm.html"],
         )[0]
+        self._sso_auth_confirm_template = load_jinja2_templates(
+            hs.config.sso_redirect_confirm_template_dir, ["sso_auth_confirm.html"],
+        )[0]
 
         self._server_name = hs.config.server_name
 
@@ -965,6 +968,15 @@ def _do_validate_hash():
         else:
             return defer.succeed(False)
 
+    def start_sso_ui_auth(self, redirect_url: str) -> str:
+        """
+        Get the HTML for the SSO redirect confirmation page.
+
+        :param redirect_url: The URL to redirect to the SSO provider.
+        :return: The HTML to render.
+        """
+        return self._sso_auth_confirm_template.render(redirect_url=redirect_url,)
+
     def complete_sso_ui_auth(
         self, registered_user_id: str, session_id: str, request: SynapseRequest,
     ):

diff --git a/synapse/res/templates/sso_auth_confirm.html b/synapse/res/templates/sso_auth_confirm.html
@@ -0,0 +1,15 @@
+<html>
+<head>
+    <title>Authentication</title>
+</head>
+    <body>
+        <div>
+            <p>
+                A client is trying to remove a device/add an email address/take over
+                your account. To confirm this action,
+                <a href="{{ redirect_url | e }}">re-authenticate with single sign-on</a>.
+                If you did not expect this, your account may be compromised!
+            </p>
+        </div>
+    </body>
+</html>
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
@@ -28,7 +28,6 @@
     parse_json_object_from_request,
     parse_string,
 )
-from synapse.push.mailer import load_jinja2_templates
 from synapse.rest.client.v2_alpha._base import client_patterns
 from synapse.rest.well_known import WellKnownBuilder
 from synapse.types import UserID, map_username_to_mxid_localpart
@@ -548,13 +547,6 @@ def __init__(self, hs):
         self._registration_handler = hs.get_registration_handler()
         self._macaroon_gen = hs.get_macaroon_generator()
 
-        # Load the redirect page HTML template
-        self._template = load_jinja2_templates(
-            hs.config.sso_redirect_confirm_template_dir, ["sso_redirect_confirm.html"],
-        )[0]
-
-        self._server_name = hs.config.server_name
-
         # cast to tuple for use with str.startswith
         self._whitelisted_sso_clients = tuple(hs.config.sso_client_whitelist)
 

diff --git a/synapse/rest/client/v2_alpha/auth.py b/synapse/rest/client/v2_alpha/auth.py
@@ -118,24 +118,6 @@
 </html>
 """
 
-SSO_TEMPLATE = """
-<html>
-<head>
-<title>Authentication</title>
-</head>
-<body>
-<div>
-    <p>
-    A client is trying to remove a device/add an email address/take over
-    your account. To confirm this action,
-    <a href="%(myurl)s">re-authenticate with single sign-on</a>.
-    If you did not expect this, your account may be compromised!
-    </p>
-</div>
-</body>
-</html>
-"""
-
 
 class AuthRestServlet(RestServlet):
     """
@@ -203,9 +185,7 @@ def on_GET(self, request, stagetype):
             else:
                 raise SynapseError(400, "Homeserver not configured for SSO.")
 
-            html = SSO_TEMPLATE % {
-                "myurl": sso_redirect_url,
-            }
+            html = self.auth_handler.start_sso_ui_auth(sso_redirect_url)
         else:
             raise SynapseError(404, "Unknown auth stage type")