diff --git a/tests/rest/client/test_profile.py b/tests/rest/client/test_profile.py
index 2860579c2e..ead883ded8 100644
--- a/tests/rest/client/test_profile.py
+++ b/tests/rest/client/test_profile.py
@@ -13,8 +13,12 @@
# limitations under the License.
"""Tests REST events for /profile paths."""
+from typing import Any, Dict
+
+from synapse.api.errors import Codes
from synapse.rest import admin
from synapse.rest.client import login, profile, room
+from synapse.types import UserID
from tests import unittest
@@ -25,6 +29,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
admin.register_servlets_for_client_rest_resource,
login.register_servlets,
profile.register_servlets,
+ room.register_servlets,
]
def make_homeserver(self, reactor, clock):
@@ -150,6 +155,157 @@ class ProfileTestCase(unittest.HomeserverTestCase):
self.assertEqual(channel.code, 200, channel.result)
return channel.json_body.get("avatar_url")
+ @unittest.override_config({"max_avatar_size": 50})
+ def test_avatar_size_limit_global(self):
+ """Tests that the maximum size limit for avatars is enforced when updating a
+ global profile.
+ """
+ self._setup_local_files(
+ {
+ "small": {"size": 40},
+ "big": {"size": 60},
+ }
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/profile/{self.owner}/avatar_url",
+ content={"avatar_url": "mxc://test/big"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 403, channel.result)
+ self.assertEqual(
+ channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/profile/{self.owner}/avatar_url",
+ content={"avatar_url": "mxc://test/small"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 200, channel.result)
+
+ @unittest.override_config({"max_avatar_size": 50})
+ def test_avatar_size_limit_per_room(self):
+ """Tests that the maximum size limit for avatars is enforced when updating a
+ per-room profile.
+ """
+ self._setup_local_files(
+ {
+ "small": {"size": 40},
+ "big": {"size": 60},
+ }
+ )
+
+ room_id = self.helper.create_room_as(tok=self.owner_tok)
+
+ channel = self.make_request(
+ "PUT",
+ f"/rooms/{room_id}/state/m.room.member/{self.owner}",
+ content={"membership": "join", "avatar_url": "mxc://test/big"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 403, channel.result)
+ self.assertEqual(
+ channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/rooms/{room_id}/state/m.room.member/{self.owner}",
+ content={"membership": "join", "avatar_url": "mxc://test/small"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 200, channel.result)
+
+ @unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
+ def test_avatar_allowed_mime_type_global(self):
+ """Tests that the MIME type whitelist for avatars is enforced when updating a
+ global profile.
+ """
+ self._setup_local_files(
+ {
+ "good": {"mimetype": "image/png"},
+ "bad": {"mimetype": "application/octet-stream"},
+ }
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/profile/{self.owner}/avatar_url",
+ content={"avatar_url": "mxc://test/bad"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 403, channel.result)
+ self.assertEqual(
+ channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/profile/{self.owner}/avatar_url",
+ content={"avatar_url": "mxc://test/good"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 200, channel.result)
+
+ @unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
+ def test_avatar_allowed_mime_type_per_room(self):
+ """Tests that the MIME type whitelist for avatars is enforced when updating a
+ per-room profile.
+ """
+ self._setup_local_files(
+ {
+ "good": {"mimetype": "image/png"},
+ "bad": {"mimetype": "application/octet-stream"},
+ }
+ )
+
+ room_id = self.helper.create_room_as(tok=self.owner_tok)
+
+ channel = self.make_request(
+ "PUT",
+ f"/rooms/{room_id}/state/m.room.member/{self.owner}",
+ content={"membership": "join", "avatar_url": "mxc://test/bad"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 403, channel.result)
+ self.assertEqual(
+ channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
+ )
+
+ channel = self.make_request(
+ "PUT",
+ f"/rooms/{room_id}/state/m.room.member/{self.owner}",
+ content={"membership": "join", "avatar_url": "mxc://test/good"},
+ access_token=self.owner_tok,
+ )
+ self.assertEqual(channel.code, 200, channel.result)
+
+ def _setup_local_files(self, names_and_props: Dict[str, Dict[str, Any]]):
+ """Stores metadata about files in the database.
+
+ Args:
+ names_and_props: A dictionary with one entry per file, with the key being the
+ file's name, and the value being a dictionary of properties. Supported
+ properties are "mimetype" (for the file's type) and "size" (for the
+ file's size).
+ """
+ store = self.hs.get_datastore()
+
+ for name, props in names_and_props.items():
+ self.get_success(
+ store.store_local_media(
+ media_id=name,
+ media_type=props.get("mimetype", "image/png"),
+ time_now_ms=self.clock.time_msec(),
+ upload_name=None,
+ media_length=props.get("size", 50),
+ user_id=UserID.from_string("@rin:test"),
+ )
+ )
+
class ProfilesRestrictedTestCase(unittest.HomeserverTestCase):
diff --git a/tests/rest/client/test_register.py b/tests/rest/client/test_register.py
index 6e7c0f11df..407dd32a73 100644
--- a/tests/rest/client/test_register.py
+++ b/tests/rest/client/test_register.py
@@ -726,6 +726,47 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
{"errcode": "M_UNKNOWN", "error": "Unable to parse email address"},
)
+ @override_config(
+ {
+ "inhibit_user_in_use_error": True,
+ }
+ )
+ def test_inhibit_user_in_use_error(self):
+ """Tests that the 'inhibit_user_in_use_error' configuration flag behaves
+ correctly.
+ """
+ username = "arthur"
+
+ # Manually register the user, so we know the test isn't passing because of a lack
+ # of clashing.
+ reg_handler = self.hs.get_registration_handler()
+ self.get_success(reg_handler.register_user(username))
+
+ # Check that /available correctly ignores the username provided despite the
+ # username being already registered.
+ channel = self.make_request("GET", "register/available?username=" + username)
+ self.assertEquals(200, channel.code, channel.result)
+
+ # Test that when starting a UIA registration flow the request doesn't fail because
+ # of a conflicting username
+ channel = self.make_request(
+ "POST",
+ "register",
+ {"username": username, "type": "m.login.password", "password": "foo"},
+ )
+ self.assertEqual(channel.code, 401)
+ self.assertIn("session", channel.json_body)
+
+ # Test that finishing the registration fails because of a conflicting username.
+ session = channel.json_body["session"]
+ channel = self.make_request(
+ "POST",
+ "register",
+ {"auth": {"session": session, "type": LoginType.DUMMY}},
+ )
+ self.assertEqual(channel.code, 400, channel.json_body)
+ self.assertEqual(channel.json_body["errcode"], Codes.USER_IN_USE)
+
class AccountValidityTestCase(unittest.HomeserverTestCase):
diff --git a/tests/rest/client/test_relations.py b/tests/rest/client/test_relations.py
index c9b220e73d..96ae7790bb 100644
--- a/tests/rest/client/test_relations.py
+++ b/tests/rest/client/test_relations.py
@@ -577,7 +577,7 @@ class RelationsTestCase(unittest.HomeserverTestCase):
self.assertEquals(200, channel.code, channel.json_body)
room_timeline = channel.json_body["rooms"]["join"][self.room]["timeline"]
self.assertTrue(room_timeline["limited"])
- self._find_event_in_chunk(room_timeline["events"])
+ assert_bundle(self._find_event_in_chunk(room_timeline["events"]))
def test_aggregation_get_event_for_annotation(self):
"""Test that annotations do not get bundled aggregations included
diff --git a/tests/rest/client/test_room_batch.py b/tests/rest/client/test_room_batch.py
index 721454c187..e9f8704035 100644
--- a/tests/rest/client/test_room_batch.py
+++ b/tests/rest/client/test_room_batch.py
@@ -89,7 +89,7 @@ class RoomBatchTestCase(unittest.HomeserverTestCase):
self.clock = clock
self.storage = hs.get_storage()
- self.virtual_user_id = self.register_appservice_user(
+ self.virtual_user_id, _ = self.register_appservice_user(
"as_user_potato", self.appservice.token
)
diff --git a/tests/rest/client/utils.py b/tests/rest/client/utils.py
index 8424383580..1c0cb0cf4f 100644
--- a/tests/rest/client/utils.py
+++ b/tests/rest/client/utils.py
@@ -31,6 +31,7 @@ from typing import (
overload,
)
from unittest.mock import patch
+from urllib.parse import urlencode
import attr
from typing_extensions import Literal
@@ -147,12 +148,20 @@ class RestHelper:
expect_code=expect_code,
)
- def join(self, room=None, user=None, expect_code=200, tok=None):
+ def join(
+ self,
+ room: str,
+ user: Optional[str] = None,
+ expect_code: int = 200,
+ tok: Optional[str] = None,
+ appservice_user_id: Optional[str] = None,
+ ) -> None:
self.change_membership(
room=room,
src=user,
targ=user,
tok=tok,
+ appservice_user_id=appservice_user_id,
membership=Membership.JOIN,
expect_code=expect_code,
)
@@ -209,11 +218,12 @@ class RestHelper:
def change_membership(
self,
room: str,
- src: str,
- targ: str,
+ src: Optional[str],
+ targ: Optional[str],
membership: str,
extra_data: Optional[dict] = None,
tok: Optional[str] = None,
+ appservice_user_id: Optional[str] = None,
expect_code: int = 200,
expect_errcode: Optional[str] = None,
) -> None:
@@ -227,15 +237,26 @@ class RestHelper:
membership: The type of membership event
extra_data: Extra information to include in the content of the event
tok: The user access token to use
+ appservice_user_id: The `user_id` URL parameter to pass.
+ This allows driving an application service user
+ using an application service access token in `tok`.
expect_code: The expected HTTP response code
expect_errcode: The expected Matrix error code
"""
temp_id = self.auth_user_id
self.auth_user_id = src
- path = "/_matrix/client/r0/rooms/%s/state/m.room.member/%s" % (room, targ)
+ path = f"/_matrix/client/r0/rooms/{room}/state/m.room.member/{targ}"
+ url_params: Dict[str, str] = {}
+
if tok:
- path = path + "?access_token=%s" % tok
+ url_params["access_token"] = tok
+
+ if appservice_user_id:
+ url_params["user_id"] = appservice_user_id
+
+ if url_params:
+ path += "?" + urlencode(url_params)
data = {"membership": membership}
data.update(extra_data or {})
|
