From 5c6f61f81c966d34d76362eb2af4c8701b3bb46b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 10:51:21 +0000 Subject: Add tests --- tests/rest/client/v1/test_admin.py | 67 +++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index ea03b7e523..b3ab5642b7 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -20,7 +20,7 @@ import json from mock import Mock from synapse.api.constants import UserTypes -from synapse.rest.client.v1 import admin, login +from synapse.rest.client.v1 import admin, login, room from tests import unittest @@ -353,3 +353,68 @@ class UserRegisterTestCase(unittest.HomeserverTestCase): self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"]) self.assertEqual('Invalid user type', channel.json_body["error"]) + + +class ShutdownRoomTestCase(unittest.HomeserverTestCase): + servlets = [ + admin.register_servlets, + login.register_servlets, + room.register_servlets, + ] + + def prepare(self, reactor, clock, hs): + self.event_creation_handler = hs.get_event_creation_handler() + hs.config.user_consent_version = "1" + + self._consent_uri_builder = Mock() + self._consent_uri_builder.build_user_consent_uri.return_value = ( + "http://example.com" + ) + + self.store = hs.get_datastore() + + @unittest.DEBUG + def test_shutdown_room_conset(self): + admin_user = self.register_user("admin", "pass", admin=True) + admin_user_tok = self.login("admin", "pass") + + other_user = self.register_user("user", "pass") + other_user_token = self.login("user", "pass") + + room_id = self.helper.create_room_as(other_user, tok=other_user_token) + + # Assert one user in room + users_in_room = self.get_success( + self.store.get_users_in_room(room_id), + ) + self.assertEqual([other_user], users_in_room) + + # Enable require consent to send events + self.event_creation_handler._block_events_without_consent_error = "Error" + self.event_creation_handler._consent_uri_builder = self._consent_uri_builder + + # Assert that the user is getting consent error + self.helper.send(room_id, body="foo", tok=other_user_token, expect_code=403) + + # Mark the admin user as having consented + self.get_success( + self.store.user_set_consent_version(admin_user, "1"), + ) + + # Test that the admin can still send shutdown + url = "admin/shutdown_room/" + room_id + request, channel = self.make_request( + "POST", + url.encode('ascii'), + json.dumps({"new_room_user_id": admin_user}), + access_token=admin_user_tok, + ) + self.render(request) + + self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"]) + + # Assert there is now no longer anyone in the room + users_in_room = self.get_success( + self.store.get_users_in_room(room_id), + ) + self.assertEqual([], users_in_room) -- cgit 1.5.1 From 9c9e618b93f9f6d9b72d79343b3a8977447b4f61 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 10:58:56 +0000 Subject: Remove debug --- tests/rest/client/v1/test_admin.py | 1 - 1 file changed, 1 deletion(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index b3ab5642b7..2b7ade9f62 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -373,7 +373,6 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): self.store = hs.get_datastore() - @unittest.DEBUG def test_shutdown_room_conset(self): admin_user = self.register_user("admin", "pass", admin=True) admin_user_tok = self.login("admin", "pass") -- cgit 1.5.1 From 4a8a1ac962091aa305f3f7d448a24c9e2cd138bb Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 11:02:11 +0000 Subject: Rejig testcase to make it more extensible --- tests/rest/client/v1/test_admin.py | 39 +++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index 2b7ade9f62..fb4ac6b95f 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -366,38 +366,43 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): self.event_creation_handler = hs.get_event_creation_handler() hs.config.user_consent_version = "1" - self._consent_uri_builder = Mock() - self._consent_uri_builder.build_user_consent_uri.return_value = ( + consent_uri_builder = Mock() + consent_uri_builder.build_user_consent_uri.return_value = ( "http://example.com" ) + self.event_creation_handler._consent_uri_builder = consent_uri_builder self.store = hs.get_datastore() - def test_shutdown_room_conset(self): - admin_user = self.register_user("admin", "pass", admin=True) - admin_user_tok = self.login("admin", "pass") + self.admin_user = self.register_user("admin", "pass", admin=True) + self.admin_user_tok = self.login("admin", "pass") + + self.other_user = self.register_user("user", "pass") + self.other_user_token = self.login("user", "pass") + + # Mark the admin user as having consented + self.get_success( + self.store.user_set_consent_version(self.admin_user, "1"), + ) - other_user = self.register_user("user", "pass") - other_user_token = self.login("user", "pass") + def test_shutdown_room_conset(self): + self.event_creation_handler._block_events_without_consent_error = None - room_id = self.helper.create_room_as(other_user, tok=other_user_token) + room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_token) # Assert one user in room users_in_room = self.get_success( self.store.get_users_in_room(room_id), ) - self.assertEqual([other_user], users_in_room) + self.assertEqual([self.other_user], users_in_room) # Enable require consent to send events self.event_creation_handler._block_events_without_consent_error = "Error" - self.event_creation_handler._consent_uri_builder = self._consent_uri_builder # Assert that the user is getting consent error - self.helper.send(room_id, body="foo", tok=other_user_token, expect_code=403) - - # Mark the admin user as having consented - self.get_success( - self.store.user_set_consent_version(admin_user, "1"), + self.helper.send( + room_id, + body="foo", tok=self.other_user_token, expect_code=403, ) # Test that the admin can still send shutdown @@ -405,8 +410,8 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): request, channel = self.make_request( "POST", url.encode('ascii'), - json.dumps({"new_room_user_id": admin_user}), - access_token=admin_user_tok, + json.dumps({"new_room_user_id": self.admin_user}), + access_token=self.admin_user_tok, ) self.render(request) -- cgit 1.5.1 From 536a2665204ae6765ec131e985e9828c6c363539 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 11:20:13 +0000 Subject: Deny peeking into rooms that have been blocked --- synapse/handlers/events.py | 7 +++- synapse/handlers/initial_sync.py | 6 +++- tests/rest/client/v1/test_admin.py | 66 +++++++++++++++++++++++++++++++++++++- 3 files changed, 76 insertions(+), 3 deletions(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/synapse/handlers/events.py b/synapse/handlers/events.py index f772e62c28..d883e98381 100644 --- a/synapse/handlers/events.py +++ b/synapse/handlers/events.py @@ -19,7 +19,7 @@ import random from twisted.internet import defer from synapse.api.constants import EventTypes, Membership -from synapse.api.errors import AuthError +from synapse.api.errors import AuthError, SynapseError from synapse.events import EventBase from synapse.events.utils import serialize_event from synapse.types import UserID @@ -61,6 +61,11 @@ class EventStreamHandler(BaseHandler): If `only_keys` is not None, events from keys will be sent down. """ + if room_id: + blocked = yield self.store.is_room_blocked(room_id) + if blocked: + raise SynapseError(403, "This room has been blocked on this server") + # send any outstanding server notices to the user. yield self._server_notices_sender.on_user_syncing(auth_user_id) diff --git a/synapse/handlers/initial_sync.py b/synapse/handlers/initial_sync.py index 563bb3cea3..7dfae78db0 100644 --- a/synapse/handlers/initial_sync.py +++ b/synapse/handlers/initial_sync.py @@ -18,7 +18,7 @@ import logging from twisted.internet import defer from synapse.api.constants import EventTypes, Membership -from synapse.api.errors import AuthError, Codes +from synapse.api.errors import AuthError, Codes, SynapseError from synapse.events.utils import serialize_event from synapse.events.validator import EventValidator from synapse.handlers.presence import format_user_presence_state @@ -262,6 +262,10 @@ class InitialSyncHandler(BaseHandler): A JSON serialisable dict with the snapshot of the room. """ + blocked = yield self.store.is_room_blocked(room_id) + if blocked: + raise SynapseError(403, "This room has been blocked on this server") + user_id = requester.user.to_string() membership, member_event_id = yield self._check_in_room_or_world_readable( diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index fb4ac6b95f..8ea19351fe 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -20,7 +20,7 @@ import json from mock import Mock from synapse.api.constants import UserTypes -from synapse.rest.client.v1 import admin, login, room +from synapse.rest.client.v1 import admin, login, room, events from tests import unittest @@ -359,7 +359,9 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): servlets = [ admin.register_servlets, login.register_servlets, + events.register_servlets, room.register_servlets, + room.register_deprecated_servlets, ] def prepare(self, reactor, clock, hs): @@ -422,3 +424,65 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): self.store.get_users_in_room(room_id), ) self.assertEqual([], users_in_room) + + @unittest.DEBUG + def test_shutdown_room_block_peek(self): + """Test that a world_readable room can no longer be peeked into after + it has been shut down. + """ + + self.event_creation_handler._block_events_without_consent_error = None + + room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_token) + + # Enable world readable + url = "rooms/%s/state/m.room.history_visibility" % (room_id,) + request, channel = self.make_request( + "PUT", + url.encode('ascii'), + json.dumps({"history_visibility": "world_readable"}), + access_token=self.other_user_token, + ) + self.render(request) + self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"]) + + # Test that the admin can still send shutdown + url = "admin/shutdown_room/" + room_id + request, channel = self.make_request( + "POST", + url.encode('ascii'), + json.dumps({"new_room_user_id": self.admin_user}), + access_token=self.admin_user_tok, + ) + self.render(request) + + self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"]) + + # Assert we can no longer peek into the room + self._assert_peek(room_id, expect_code=403) + + def _assert_peek(self, room_id, expect_code): + """Assert that the admin user can (or cannot) peek into the room. + """ + + url = "rooms/%s/initialSync" % (room_id,) + request, channel = self.make_request( + "GET", + url.encode('ascii'), + access_token=self.admin_user_tok, + ) + self.render(request) + self.assertEqual( + expect_code, int(channel.result["code"]), msg=channel.result["body"], + ) + + url = "events?timeout=0&room_id=" + room_id + request, channel = self.make_request( + "GET", + url.encode('ascii'), + access_token=self.admin_user_tok, + ) + self.render(request) + self.assertEqual( + expect_code, int(channel.result["code"]), msg=channel.result["body"], + ) -- cgit 1.5.1 From cd80cbffea0e4dc28e01d46b6a87915e7b58244d Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 11:22:26 +0000 Subject: Fix typo and add description --- tests/rest/client/v1/test_admin.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index fb4ac6b95f..0caa4aa802 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -385,7 +385,11 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase): self.store.user_set_consent_version(self.admin_user, "1"), ) - def test_shutdown_room_conset(self): + def test_shutdown_room_consent(self): + """Test that we can shutdown rooms with local users who have not + yet accepted the privacy policy. This used to fail when we tried to + force part the user from the old room. + """ self.event_creation_handler._block_events_without_consent_error = None room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_token) -- cgit 1.5.1 From d3f640f0ac4cee4a548d051715e69df11944906a Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 21 Mar 2019 11:29:48 +0000 Subject: isort --- tests/rest/client/v1/test_admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/rest/client/v1/test_admin.py') diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/client/v1/test_admin.py index 8ea19351fe..8f1d2903bd 100644 --- a/tests/rest/client/v1/test_admin.py +++ b/tests/rest/client/v1/test_admin.py @@ -20,7 +20,7 @@ import json from mock import Mock from synapse.api.constants import UserTypes -from synapse.rest.client.v1 import admin, login, room, events +from synapse.rest.client.v1 import admin, events, login, room from tests import unittest -- cgit 1.5.1