summary refs log tree commit diff
path: root/tests/federation/transport
diff options
context:
space:
mode:
authorHubert Chathi <hubertc@matrix.org>2022-05-18 06:19:30 -0400
committerGitHub <noreply@github.com>2022-05-18 11:19:30 +0100
commit8afb7b55d0527f8c6af7690b162ebaabe9b5d9f5 (patch)
treee2c360534b4a76cea7c928c3177d458a6cb261ca /tests/federation/transport
parentMove methods that call add_push_rule to PushRuleStore (#12772) (diff)
downloadsynapse-8afb7b55d0527f8c6af7690b162ebaabe9b5d9f5.tar.xz
Make handling of federation Authorization header (more) compliant with RFC7230 (#12774)
The main differences are:
- values with delimiters (such as colons) should be quoted, so always
  quote the origin, since it could contain a colon followed by a port
  number
- should allow more than one space after "X-Matrix"
- quoted values with backslash-escaped characters should be unescaped
- names should be case insensitive
Diffstat (limited to 'tests/federation/transport')
-rw-r--r--tests/federation/transport/server/test__base.py29
1 files changed, 28 insertions, 1 deletions
diff --git a/tests/federation/transport/server/test__base.py b/tests/federation/transport/server/test__base.py
index ac3695a8cc..e63885c1c9 100644
--- a/tests/federation/transport/server/test__base.py
+++ b/tests/federation/transport/server/test__base.py
@@ -17,7 +17,7 @@ from typing import Dict, List, Tuple
 
 from synapse.api.errors import Codes
 from synapse.federation.transport.server import BaseFederationServlet
-from synapse.federation.transport.server._base import Authenticator
+from synapse.federation.transport.server._base import Authenticator, _parse_auth_header
 from synapse.http.server import JsonResource, cancellable
 from synapse.server import HomeServer
 from synapse.types import JsonDict
@@ -112,3 +112,30 @@ class BaseFederationServletCancellationTests(
             expect_cancellation=False,
             expected_body={"result": True},
         )
+
+
+class BaseFederationAuthorizationTests(unittest.TestCase):
+    def test_authorization_header(self) -> None:
+        """Tests that the Authorization header is parsed correctly."""
+
+        # test a "normal" Authorization header
+        self.assertEqual(
+            _parse_auth_header(
+                b'X-Matrix origin=foo,key="ed25519:1",sig="sig",destination="bar"'
+            ),
+            ("foo", "ed25519:1", "sig", "bar"),
+        )
+        # test an Authorization with extra spaces, upper-case names, and escaped
+        # characters
+        self.assertEqual(
+            _parse_auth_header(
+                b'X-Matrix  ORIGIN=foo,KEY="ed25\\519:1",SIG="sig",destination="bar"'
+            ),
+            ("foo", "ed25519:1", "sig", "bar"),
+        )
+        self.assertEqual(
+            _parse_auth_header(
+                b'X-Matrix origin=foo,key="ed25519:1",sig="sig",destination="bar",extra_field=ignored'
+            ),
+            ("foo", "ed25519:1", "sig", "bar"),
+        )