From 307424920b21448051ddf82e690ad3aafdd3f446 Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Tue, 5 Dec 2023 12:33:03 +0000
Subject: [PATCH] Ditch the account management URL in new endpoint

---
 synapse/config/experimental.py        | 11 -----------
 synapse/rest/client/auth_issuer.py    |  6 +++---
 synapse/rest/well_known.py            | 12 +++++++++---
 tests/rest/client/test_auth_issuer.py |  8 ++------
 4 files changed, 14 insertions(+), 23 deletions(-)

diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index da8c7956d53a..6b9febe5a737 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -423,14 +423,3 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
         self.msc4069_profile_inhibit_propagation = experimental.get(
             "msc4069_profile_inhibit_propagation", False
         )
-
-    def get_msc2965_discovery_data(self) -> Optional[JsonDict]:
-        # We use the MSC3861 values as they are used by multiple MSCs
-        if not self.msc3861.enabled:
-            return None
-
-        result = {"issuer": self.msc3861.issuer}
-        if self.msc3861.account_management_url is not None:
-            result["account"] = self.msc3861.account_management_url
-
-        return result
diff --git a/synapse/rest/client/auth_issuer.py b/synapse/rest/client/auth_issuer.py
index a95a753f333f..77b972095692 100644
--- a/synapse/rest/client/auth_issuer.py
+++ b/synapse/rest/client/auth_issuer.py
@@ -45,8 +45,9 @@ def __init__(self, hs: "HomeServer"):
         self._config = hs.config
 
     async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
-        discovery_data = self._config.experimental.get_msc2965_discovery_data()
-        if discovery_data is None:
+        if self._config.experimental.msc3861.enabled:
+            return 200, {"issuer": self._config.experimental.msc3861.issuer}
+        else:
             # Wouldn't expect this to be reached: the servelet shouldn't have been
             # registered. Still, fail gracefully if we are registered for some reason.
             raise SynapseError(
@@ -54,7 +55,6 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
                 "OIDC discovery has not been configured on this homeserver",
                 Codes.NOT_FOUND,
             )
-        return 200, discovery_data
 
 
 def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
diff --git a/synapse/rest/well_known.py b/synapse/rest/well_known.py
index 79bdb30fa12e..b8b4b5379b82 100644
--- a/synapse/rest/well_known.py
+++ b/synapse/rest/well_known.py
@@ -44,9 +44,15 @@ def get_well_known(self) -> Optional[JsonDict]:
                 "base_url": self._config.registration.default_identity_server
             }
 
-        discovery_data = self._config.experimental.get_msc2965_discovery_data()
-        if discovery_data is not None:
-            result["org.matrix.msc2965.authentication"] = discovery_data
+        # We use the MSC3861 values as they are used by multiple MSCs
+        if self._config.experimental.msc3861.enabled:
+            result["org.matrix.msc2965.authentication"] = {
+                "issuer": self._config.experimental.msc3861.issuer
+            }
+            if self._config.experimental.msc3861.account_management_url is not None:
+                result["org.matrix.msc2965.authentication"][
+                    "account"
+                ] = self._config.experimental.msc3861.account_management_url
 
         if self._config.server.extra_well_known_client_content:
             for (
diff --git a/tests/rest/client/test_auth_issuer.py b/tests/rest/client/test_auth_issuer.py
index 6d0b659df902..27a1dd945f31 100644
--- a/tests/rest/client/test_auth_issuer.py
+++ b/tests/rest/client/test_auth_issuer.py
@@ -18,7 +18,6 @@
 from tests.unittest import HomeserverTestCase, override_config
 
 ISSUER = "https://account.example.com/"
-ACCOUNT_MANAGEMENT_URL = "https://account.example.com/myaccount/"
 
 
 class AuthIssuerTestCase(HomeserverTestCase):
@@ -41,7 +40,6 @@ def test_returns_404_when_msc3861_disabled(self) -> None:
                 "msc3861": {
                     "enabled": True,
                     "issuer": ISSUER,
-                    "account_management_url": ACCOUNT_MANAGEMENT_URL,
                     "client_id": "David Lister",
                     "client_auth_method": "client_secret_post",
                     "client_secret": "Who shot Mister Burns?",
@@ -49,13 +47,11 @@ def test_returns_404_when_msc3861_disabled(self) -> None:
             },
         }
     )
-    def test_returns_discovery_data_when_oidc_enabled(self) -> None:
+    def test_returns_issuer_when_oidc_enabled(self) -> None:
         # Make an unauthenticated request for the discovery info.
         channel = self.make_request(
             "GET",
             "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
         )
         self.assertEqual(channel.code, HTTPStatus.OK)
-        self.assertEqual(
-            channel.json_body, {"issuer": ISSUER, "account": ACCOUNT_MANAGEMENT_URL}
-        )
+        self.assertEqual(channel.json_body, {"issuer": ISSUER})