diff options
author | reivilibre <oliverw@matrix.org> | 2022-05-27 10:44:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-27 09:44:51 +0000 |
commit | 7b88f5a107ce9751365f9f2393521ef3d62afde8 (patch) | |
tree | b93a748112b6ea0c0dc038f9755f0ee0683de67f /tests/rest | |
parent | Improve URL previews by not including the content of media tags in the genera... (diff) | |
download | synapse-7b88f5a107ce9751365f9f2393521ef3d62afde8.tar.xz |
Add an option allowing users to use their password to reauthenticate even though password authentication is disabled. (#12883)
Diffstat (limited to 'tests/rest')
-rw-r--r-- | tests/rest/client/test_auth.py | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/rest/client/test_auth.py b/tests/rest/client/test_auth.py index 9653f45837..05355c7fb6 100644 --- a/tests/rest/client/test_auth.py +++ b/tests/rest/client/test_auth.py @@ -195,8 +195,17 @@ class UIAuthTests(unittest.HomeserverTestCase): self.user_pass = "pass" self.user = self.register_user("test", self.user_pass) self.device_id = "dev1" + + # Force-enable password login for just long enough to log in. + auth_handler = self.hs.get_auth_handler() + allow_auth_for_login = auth_handler._password_enabled_for_login + auth_handler._password_enabled_for_login = True + self.user_tok = self.login("test", self.user_pass, self.device_id) + # Restore password login to however it was. + auth_handler._password_enabled_for_login = allow_auth_for_login + def delete_device( self, access_token: str, @@ -263,6 +272,38 @@ class UIAuthTests(unittest.HomeserverTestCase): }, ) + @override_config({"password_config": {"enabled": "only_for_reauth"}}) + def test_ui_auth_with_passwords_for_reauth_only(self) -> None: + """ + Test user interactive authentication outside of registration. + """ + + # Attempt to delete this device. + # Returns a 401 as per the spec + channel = self.delete_device( + self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED + ) + + # Grab the session + session = channel.json_body["session"] + # Ensure that flows are what is expected. + self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"]) + + # Make another request providing the UI auth flow. + self.delete_device( + self.user_tok, + self.device_id, + HTTPStatus.OK, + { + "auth": { + "type": "m.login.password", + "identifier": {"type": "m.id.user", "user": self.user}, + "password": self.user_pass, + "session": session, + }, + }, + ) + def test_grandfathered_identifier(self) -> None: """Check behaviour without "identifier" dict |