diff options
| author | Sean Quah <seanq@matrix.org> | 2022-05-27 12:07:18 +0100 |
|---|---|---|
| committer | Sean Quah <seanq@matrix.org> | 2022-05-27 12:07:18 +0100 |
| commit | 053ca5f3ca6b913d2c4bfdc7a77cb4657bc86d68 (patch) | |
| tree | f85c93172d9b17fdffe1a835812eb8a39f4945d4 /tests/rest | |
| parent | Add storage and module API methods to get monthly active users and their apps... (diff) | |
| parent | 1.60.0rc2 (diff) | |
| download | synapse-053ca5f3ca6b913d2c4bfdc7a77cb4657bc86d68.tar.xz | |
Merge tag 'v1.60.0rc2' into develop
Synapse 1.60.0rc2 (2022-05-27) ============================== This release of Synapse adds a unique index to the `state_group_edges` table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. Additionally, the signature of the `check_event_for_spam` module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible. See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1600) for more details. Features -------- - Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. ([\#12883](https://github.com/matrix-org/synapse/issues/12883)) Bugfixes -------- - Explicitly close `ijson` coroutines once we are done with them, instead of leaving the garbage collector to close them. ([\#12875](https://github.com/matrix-org/synapse/issues/12875)) Internal Changes ---------------- - Improve URL previews by not including the content of media tags in the generated description. ([\#12887](https://github.com/matrix-org/synapse/issues/12887))
Diffstat (limited to 'tests/rest')
| -rw-r--r-- | tests/rest/client/test_auth.py | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/rest/client/test_auth.py b/tests/rest/client/test_auth.py index 9653f45837..05355c7fb6 100644 --- a/tests/rest/client/test_auth.py +++ b/tests/rest/client/test_auth.py @@ -195,8 +195,17 @@ class UIAuthTests(unittest.HomeserverTestCase): self.user_pass = "pass" self.user = self.register_user("test", self.user_pass) self.device_id = "dev1" + + # Force-enable password login for just long enough to log in. + auth_handler = self.hs.get_auth_handler() + allow_auth_for_login = auth_handler._password_enabled_for_login + auth_handler._password_enabled_for_login = True + self.user_tok = self.login("test", self.user_pass, self.device_id) + # Restore password login to however it was. + auth_handler._password_enabled_for_login = allow_auth_for_login + def delete_device( self, access_token: str, @@ -263,6 +272,38 @@ class UIAuthTests(unittest.HomeserverTestCase): }, ) + @override_config({"password_config": {"enabled": "only_for_reauth"}}) + def test_ui_auth_with_passwords_for_reauth_only(self) -> None: + """ + Test user interactive authentication outside of registration. + """ + + # Attempt to delete this device. + # Returns a 401 as per the spec + channel = self.delete_device( + self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED + ) + + # Grab the session + session = channel.json_body["session"] + # Ensure that flows are what is expected. + self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"]) + + # Make another request providing the UI auth flow. + self.delete_device( + self.user_tok, + self.device_id, + HTTPStatus.OK, + { + "auth": { + "type": "m.login.password", + "identifier": {"type": "m.id.user", "user": self.user}, + "password": self.user_pass, + "session": session, + }, + }, + ) + def test_grandfathered_identifier(self) -> None: """Check behaviour without "identifier" dict |