Merge pull request #391 from matrix-org/erikj/remove_token_from_flow

Remove m.login.token from advertised flows.
9 years ago · 3f151da314
parent 9de1f328ad e3dae653e8
commit 3f151da314
1 changed files with 10 additions and 1 deletions
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@ -58,9 +58,18 @@ class LoginRestServlet(ClientV1RestServlet):
            flows.append({"type": LoginRestServlet.SAML2_TYPE})
        if self.cas_enabled:
            flows.append({"type": LoginRestServlet.CAS_TYPE})
+
+            # While its valid for us to advertise this login type generally,
+            # synapse currently only gives out these tokens as part of the
+            # CAS login flow.
+            # Generally we don't want to advertise login flows that clients
+            # don't know how to implement, since they (currently) will always
+            # fall back to the fallback API if they don't understand one of the
+            # login flow types returned.
+            flows.append({"type": LoginRestServlet.TOKEN_TYPE})
        if self.password_enabled:
            flows.append({"type": LoginRestServlet.PASS_TYPE})
-        flows.append({"type": LoginRestServlet.TOKEN_TYPE})
+
        return (200, {"flows": flows})

    def on_OPTIONS(self, request):