OIDC idp_icon not being defined breaks the username picker

[uumas]

Description

Trying to login on a new account through an oidc idp without having idp_icon or localpart_template (so that the username picker is triggered) defined causes an internal server error with the following error in log:

2021-02-18 20:51:45,169 - synapse.http.server - 150 - ERROR - GET-23372 - Failed handle request <XForwardedForRequest at 0x7f0986b63588 method='GET' uri='/_synapse/client/pick_username/account_details' clientproto='HTTP/1.0' site='8008'>
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/http/server.py", line 252, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/http/server.py", line 280, in _async_render
    callback_return = await raw_callback_return
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/rest/synapse/client/pick_username.py", line 103, in _async_render_GET
    html = template.render(template_params)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/jinja2/environment.py", line 1090, in render
    self.environment.handle_exception()
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/jinja2/environment.py", line 832, in handle_exception
    reraise(*rewrite_traceback_stack(source=source))
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/jinja2/_compat.py", line 28, in reraise
    raise value.with_traceback(tb)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/res/templates/sso_auth_account_details.html", line 122, in top-level template code
    <h2><img src="{{ idp.idp_icon | mxc_to_http(24, 24) }}"/>Information from {{ idp.idp_name }}</h2>
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/util/templates.py", line 94, in mxc_to_http_filter
    if value[0:6] != "mxc://":
TypeError: 'NoneType' object is not subscriptable
2021-02-18 20:51:45,171 - synapse.access.http.8008 - 316 - INFO - GET-23372 - 1.2.3.4 - 8008 - {None} Processed request: 0.003sec/-0.000sec (0.002sec, 0.000sec) (0.000sec/0.000sec/0) 167B HTTPStatus.INTERNAL_SERVER_ERROR "GET /_synapse/client/pick_username/account_details HTTP/1.0" "Mozilla/5.0..." [0 dbevts]

The username picker tries to load the idp_icon to show on the picker page but fails instead of falling back to not showing an icon. An example config that causes the error:

oidc_providers:
  - idp_id: keycloak
    idp_name: "Keycloak"
    issuer: "https://sso.domain.tld/auth/realms/test"
    client_id: "synapse"
    client_secret: "secret"
    scopes: ["openid", "profile"]
    user_mapping_provider:
      config:
        display_name_template: "{{ user.name }}"
# Uncommenting the next line makes it work
#    idp_icon: "mxc://kapsi.fi/fLmjUYYdJtkNdqkdEIZUmPUC"

Steps to reproduce

• Enable OIDC using a similar config as above
  • Don't have idp_icon defined
  • Don't have localpart_template defined
• Try to login with an SSO account for the first time
• Get an internal server error

Version information

Synapse 1.27.0 from matrix-org debian repo

[clokep]

Looks like we're missing a check in the template.

[clokep]

A fix is at #9440.