diff --git a/tests/handlers/test_deactivate_account.py b/tests/handlers/test_deactivate_account.py
new file mode 100644
index 0000000000..3da597768c
--- /dev/null
+++ b/tests/handlers/test_deactivate_account.py
@@ -0,0 +1,219 @@
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from http import HTTPStatus
+from typing import Any, Dict
+
+from twisted.test.proto_helpers import MemoryReactor
+
+from synapse.api.constants import AccountDataTypes
+from synapse.push.rulekinds import PRIORITY_CLASS_MAP
+from synapse.rest import admin
+from synapse.rest.client import account, login
+from synapse.server import HomeServer
+from synapse.util import Clock
+
+from tests.unittest import HomeserverTestCase
+
+
+class DeactivateAccountTestCase(HomeserverTestCase):
+ servlets = [
+ login.register_servlets,
+ admin.register_servlets,
+ account.register_servlets,
+ ]
+
+ def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
+ self._store = hs.get_datastore()
+
+ self.user = self.register_user("user", "pass")
+ self.token = self.login("user", "pass")
+
+ def _deactivate_my_account(self):
+ """
+ Deactivates the account `self.user` using `self.token` and asserts
+ that it returns a 200 success code.
+ """
+ req = self.get_success(
+ self.make_request(
+ "POST",
+ "account/deactivate",
+ {
+ "auth": {
+ "type": "m.login.password",
+ "user": self.user,
+ "password": "pass",
+ },
+ "erase": True,
+ },
+ access_token=self.token,
+ )
+ )
+ self.assertEqual(req.code, HTTPStatus.OK, req)
+
+ def test_global_account_data_deleted_upon_deactivation(self) -> None:
+ """
+ Tests that global account data is removed upon deactivation.
+ """
+ # Add some account data
+ self.get_success(
+ self._store.add_account_data_for_user(
+ self.user,
+ AccountDataTypes.DIRECT,
+ {"@someone:remote": ["!somewhere:remote"]},
+ )
+ )
+
+ # Check that we actually added some.
+ self.assertIsNotNone(
+ self.get_success(
+ self._store.get_global_account_data_by_type_for_user(
+ self.user, AccountDataTypes.DIRECT
+ )
+ ),
+ )
+
+ # Request the deactivation of our account
+ self._deactivate_my_account()
+
+ # Check that the account data does not persist.
+ self.assertIsNone(
+ self.get_success(
+ self._store.get_global_account_data_by_type_for_user(
+ self.user, AccountDataTypes.DIRECT
+ )
+ ),
+ )
+
+ def test_room_account_data_deleted_upon_deactivation(self) -> None:
+ """
+ Tests that room account data is removed upon deactivation.
+ """
+ room_id = "!room:test"
+
+ # Add some room account data
+ self.get_success(
+ self._store.add_account_data_to_room(
+ self.user,
+ room_id,
+ "m.fully_read",
+ {"event_id": "$aaaa:test"},
+ )
+ )
+
+ # Check that we actually added some.
+ self.assertIsNotNone(
+ self.get_success(
+ self._store.get_account_data_for_room_and_type(
+ self.user, room_id, "m.fully_read"
+ )
+ ),
+ )
+
+ # Request the deactivation of our account
+ self._deactivate_my_account()
+
+ # Check that the account data does not persist.
+ self.assertIsNone(
+ self.get_success(
+ self._store.get_account_data_for_room_and_type(
+ self.user, room_id, "m.fully_read"
+ )
+ ),
+ )
+
+ def _is_custom_rule(self, push_rule: Dict[str, Any]) -> bool:
+ """
+ Default rules start with a dot: such as .m.rule and .im.vector.
+ This function returns true iff a rule is custom (not default).
+ """
+ return "/." not in push_rule["rule_id"]
+
+ def test_push_rules_deleted_upon_account_deactivation(self) -> None:
+ """
+ Push rules are a special case of account data.
+ They are stored separately but get sent to the client as account data in /sync.
+ This tests that deactivating a user deletes push rules along with the rest
+ of their account data.
+ """
+
+ # Add a push rule
+ self.get_success(
+ self._store.add_push_rule(
+ self.user,
+ "personal.override.rule1",
+ PRIORITY_CLASS_MAP["override"],
+ [],
+ [],
+ )
+ )
+
+ # Test the rule exists
+ push_rules = self.get_success(self._store.get_push_rules_for_user(self.user))
+ # Filter out default rules; we don't care
+ push_rules = list(filter(self._is_custom_rule, push_rules))
+ # Check our rule made it
+ self.assertEqual(
+ push_rules,
+ [
+ {
+ "user_name": "@user:test",
+ "rule_id": "personal.override.rule1",
+ "priority_class": 5,
+ "priority": 0,
+ "conditions": [],
+ "actions": [],
+ "default": False,
+ }
+ ],
+ push_rules,
+ )
+
+ # Request the deactivation of our account
+ self._deactivate_my_account()
+
+ push_rules = self.get_success(self._store.get_push_rules_for_user(self.user))
+ # Filter out default rules; we don't care
+ push_rules = list(filter(self._is_custom_rule, push_rules))
+ # Check our rule no longer exists
+ self.assertEqual(push_rules, [], push_rules)
+
+ def test_ignored_users_deleted_upon_deactivation(self) -> None:
+ """
+ Ignored users are a special case of account data.
+ They get denormalised into the `ignored_users` table upon being stored as
+ account data.
+ Test that a user's list of ignored users is deleted upon deactivation.
+ """
+
+ # Add an ignored user
+ self.get_success(
+ self._store.add_account_data_for_user(
+ self.user,
+ AccountDataTypes.IGNORED_USER_LIST,
+ {"ignored_users": {"@sheltie:test": {}}},
+ )
+ )
+
+ # Test the user is ignored
+ self.assertEqual(
+ self.get_success(self._store.ignored_by("@sheltie:test")), {self.user}
+ )
+
+ # Request the deactivation of our account
+ self._deactivate_my_account()
+
+ # Test the user is no longer ignored by the user that was deactivated
+ self.assertEqual(
+ self.get_success(self._store.ignored_by("@sheltie:test")), set()
+ )
diff --git a/tests/handlers/test_password_providers.py b/tests/handlers/test_password_providers.py
index 2add72b28a..94809cb8be 100644
--- a/tests/handlers/test_password_providers.py
+++ b/tests/handlers/test_password_providers.py
@@ -20,10 +20,11 @@ from unittest.mock import Mock
from twisted.internet import defer
import synapse
+from synapse.api.constants import LoginType
from synapse.handlers.auth import load_legacy_password_auth_providers
from synapse.module_api import ModuleApi
-from synapse.rest.client import devices, login, logout
-from synapse.types import JsonDict
+from synapse.rest.client import devices, login, logout, register
+from synapse.types import JsonDict, UserID
from tests import unittest
from tests.server import FakeChannel
@@ -156,6 +157,7 @@ class PasswordAuthProviderTests(unittest.HomeserverTestCase):
login.register_servlets,
devices.register_servlets,
logout.register_servlets,
+ register.register_servlets,
]
def setUp(self):
@@ -745,6 +747,79 @@ class PasswordAuthProviderTests(unittest.HomeserverTestCase):
on_logged_out.assert_called_once()
self.assertTrue(self.called)
+ def test_username(self):
+ """Tests that the get_username_for_registration callback can define the username
+ of a user when registering.
+ """
+ self._setup_get_username_for_registration()
+
+ username = "rin"
+ channel = self.make_request(
+ "POST",
+ "/register",
+ {
+ "username": username,
+ "password": "bar",
+ "auth": {"type": LoginType.DUMMY},
+ },
+ )
+ self.assertEqual(channel.code, 200)
+
+ # Our callback takes the username and appends "-foo" to it, check that's what we
+ # have.
+ mxid = channel.json_body["user_id"]
+ self.assertEqual(UserID.from_string(mxid).localpart, username + "-foo")
+
+ def test_username_uia(self):
+ """Tests that the get_username_for_registration callback is only called at the
+ end of the UIA flow.
+ """
+ m = self._setup_get_username_for_registration()
+
+ # Initiate the UIA flow.
+ username = "rin"
+ channel = self.make_request(
+ "POST",
+ "register",
+ {"username": username, "type": "m.login.password", "password": "bar"},
+ )
+ self.assertEqual(channel.code, 401)
+ self.assertIn("session", channel.json_body)
+
+ # Check that the callback hasn't been called yet.
+ m.assert_not_called()
+
+ # Finish the UIA flow.
+ session = channel.json_body["session"]
+ channel = self.make_request(
+ "POST",
+ "register",
+ {"auth": {"session": session, "type": LoginType.DUMMY}},
+ )
+ self.assertEqual(channel.code, 200, channel.json_body)
+ mxid = channel.json_body["user_id"]
+ self.assertEqual(UserID.from_string(mxid).localpart, username + "-foo")
+
+ # Check that the callback has been called.
+ m.assert_called_once()
+
+ def _setup_get_username_for_registration(self) -> Mock:
+ """Registers a get_username_for_registration callback that appends "-foo" to the
+ username the client is trying to register.
+ """
+
+ async def get_username_for_registration(uia_results, params):
+ self.assertIn(LoginType.DUMMY, uia_results)
+ username = params["username"]
+ return username + "-foo"
+
+ m = Mock(side_effect=get_username_for_registration)
+
+ password_auth_provider = self.hs.get_password_auth_provider()
+ password_auth_provider.get_username_for_registration_callbacks.append(m)
+
+ return m
+
def _get_login_flows(self) -> JsonDict:
channel = self.make_request("GET", "/_matrix/client/r0/login")
self.assertEqual(channel.code, 200, channel.result)
diff --git a/tests/handlers/test_profile.py b/tests/handlers/test_profile.py
index c153018fd8..60235e5699 100644
--- a/tests/handlers/test_profile.py
+++ b/tests/handlers/test_profile.py
@@ -11,12 +11,13 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+from typing import Any, Dict
from unittest.mock import Mock
import synapse.types
from synapse.api.errors import AuthError, SynapseError
from synapse.rest import admin
+from synapse.server import HomeServer
from synapse.types import UserID
from tests import unittest
@@ -46,7 +47,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
)
return hs
- def prepare(self, reactor, clock, hs):
+ def prepare(self, reactor, clock, hs: HomeServer):
self.store = hs.get_datastore()
self.frank = UserID.from_string("@1234abcd:test")
@@ -248,3 +249,92 @@ class ProfileTestCase(unittest.HomeserverTestCase):
),
SynapseError,
)
+
+ def test_avatar_constraints_no_config(self):
+ """Tests that the method to check an avatar against configured constraints skips
+ all of its check if no constraint is configured.
+ """
+ # The first check that's done by this method is whether the file exists; if we
+ # don't get an error on a non-existing file then it means all of the checks were
+ # successfully skipped.
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/unknown_file")
+ )
+ self.assertTrue(res)
+
+ @unittest.override_config({"max_avatar_size": 50})
+ def test_avatar_constraints_missing(self):
+ """Tests that an avatar isn't allowed if the file at the given MXC URI couldn't
+ be found.
+ """
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/unknown_file")
+ )
+ self.assertFalse(res)
+
+ @unittest.override_config({"max_avatar_size": 50})
+ def test_avatar_constraints_file_size(self):
+ """Tests that a file that's above the allowed file size is forbidden but one
+ that's below it is allowed.
+ """
+ self._setup_local_files(
+ {
+ "small": {"size": 40},
+ "big": {"size": 60},
+ }
+ )
+
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/small")
+ )
+ self.assertTrue(res)
+
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/big")
+ )
+ self.assertFalse(res)
+
+ @unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
+ def test_avatar_constraint_mime_type(self):
+ """Tests that a file with an unauthorised MIME type is forbidden but one with
+ an authorised content type is allowed.
+ """
+ self._setup_local_files(
+ {
+ "good": {"mimetype": "image/png"},
+ "bad": {"mimetype": "application/octet-stream"},
+ }
+ )
+
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/good")
+ )
+ self.assertTrue(res)
+
+ res = self.get_success(
+ self.handler.check_avatar_size_and_mime_type("mxc://test/bad")
+ )
+ self.assertFalse(res)
+
+ def _setup_local_files(self, names_and_props: Dict[str, Dict[str, Any]]):
+ """Stores metadata about files in the database.
+
+ Args:
+ names_and_props: A dictionary with one entry per file, with the key being the
+ file's name, and the value being a dictionary of properties. Supported
+ properties are "mimetype" (for the file's type) and "size" (for the
+ file's size).
+ """
+ store = self.hs.get_datastore()
+
+ for name, props in names_and_props.items():
+ self.get_success(
+ store.store_local_media(
+ media_id=name,
+ media_type=props.get("mimetype", "image/png"),
+ time_now_ms=self.clock.time_msec(),
+ upload_name=None,
+ media_length=props.get("size", 50),
+ user_id=UserID.from_string("@rin:test"),
+ )
+ )
|
