diff options
| author | Hubert Chathi <hubertc@matrix.org> | 2022-05-18 06:19:30 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-18 11:19:30 +0100 |
| commit | 8afb7b55d0527f8c6af7690b162ebaabe9b5d9f5 (patch) | |
| tree | e2c360534b4a76cea7c928c3177d458a6cb261ca /tests/federation | |
| parent | Move methods that call add_push_rule to PushRuleStore (#12772) (diff) | |
| download | synapse-8afb7b55d0527f8c6af7690b162ebaabe9b5d9f5.tar.xz | |
Make handling of federation Authorization header (more) compliant with RFC7230 (#12774)
The main differences are: - values with delimiters (such as colons) should be quoted, so always quote the origin, since it could contain a colon followed by a port number - should allow more than one space after "X-Matrix" - quoted values with backslash-escaped characters should be unescaped - names should be case insensitive
Diffstat (limited to 'tests/federation')
| -rw-r--r-- | tests/federation/transport/server/test__base.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/tests/federation/transport/server/test__base.py b/tests/federation/transport/server/test__base.py index ac3695a8cc..e63885c1c9 100644 --- a/tests/federation/transport/server/test__base.py +++ b/tests/federation/transport/server/test__base.py @@ -17,7 +17,7 @@ from typing import Dict, List, Tuple from synapse.api.errors import Codes from synapse.federation.transport.server import BaseFederationServlet -from synapse.federation.transport.server._base import Authenticator +from synapse.federation.transport.server._base import Authenticator, _parse_auth_header from synapse.http.server import JsonResource, cancellable from synapse.server import HomeServer from synapse.types import JsonDict @@ -112,3 +112,30 @@ class BaseFederationServletCancellationTests( expect_cancellation=False, expected_body={"result": True}, ) + + +class BaseFederationAuthorizationTests(unittest.TestCase): + def test_authorization_header(self) -> None: + """Tests that the Authorization header is parsed correctly.""" + + # test a "normal" Authorization header + self.assertEqual( + _parse_auth_header( + b'X-Matrix origin=foo,key="ed25519:1",sig="sig",destination="bar"' + ), + ("foo", "ed25519:1", "sig", "bar"), + ) + # test an Authorization with extra spaces, upper-case names, and escaped + # characters + self.assertEqual( + _parse_auth_header( + b'X-Matrix ORIGIN=foo,KEY="ed25\\519:1",SIG="sig",destination="bar"' + ), + ("foo", "ed25519:1", "sig", "bar"), + ) + self.assertEqual( + _parse_auth_header( + b'X-Matrix origin=foo,key="ed25519:1",sig="sig",destination="bar",extra_field=ignored' + ), + ("foo", "ed25519:1", "sig", "bar"), + ) |