Add a check for duplicate IdP ids (#9184)

42a8e813 · Richard van der Hoff · GitHub · b5120f09 · 42a8e813 · 42a8e813
Unverified Commit 42a8e813 authored 4 years ago by Richard van der Hoff Committed by GitHub 4 years ago
--- a/changelog.d/9184.misc
+++ b/changelog.d/9184.misc
+Emit an error at startup if different Identity Providers are configured with the same `idp_id`.
--- a/synapse/config/oidc_config.py
+++ b/synapse/config/oidc_config.py
@@ -15,6 +15,7 @@
 # limitations under the License.
 import string
+from collections import Counter
 from typing import Iterable, Optional, Tuple, Type
 import attr
@@ -43,6 +44,16 @@ class OIDCConfig(Config):
        except DependencyException as e:
            raise ConfigError(e.message) from e
+        # check we don't have any duplicate idp_ids now. (The SSO handler will also
+        # check for duplicates when the REST listeners get registered, but that happens
+        # after synapse has forked so doesn't give nice errors.)
+        c = Counter([i.idp_id for i in self.oidc_providers])
+        for idp_id, count in c.items():
+            if count > 1:
+                raise ConfigError(
+                    "Multiple OIDC providers have the idp_id %r." % idp_id
+                )
        public_baseurl = self.public_baseurl
        self.oidc_callback_url = public_baseurl + "_synapse/oidc/callback"