diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
index cdb0048122..ce96574915 100644
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -69,6 +69,7 @@ class AuthTestCase(unittest.HomeserverTestCase):
)
self.store.get_user_by_access_token = simple_async_mock(user_info)
self.store.mark_access_token_as_used = simple_async_mock(None)
+ self.store.get_user_locked_status = simple_async_mock(False)
request = Mock(args={})
request.args[b"access_token"] = [self.test_token]
@@ -293,6 +294,7 @@ class AuthTestCase(unittest.HomeserverTestCase):
)
self.store.insert_client_ip = simple_async_mock(None)
self.store.mark_access_token_as_used = simple_async_mock(None)
+ self.store.get_user_locked_status = simple_async_mock(False)
request = Mock(args={})
request.getClientAddress.return_value.host = "127.0.0.1"
request.args[b"access_token"] = [self.test_token]
@@ -311,6 +313,7 @@ class AuthTestCase(unittest.HomeserverTestCase):
token_used=True,
)
)
+ self.store.get_user_locked_status = simple_async_mock(False)
self.store.insert_client_ip = simple_async_mock(None)
self.store.mark_access_token_as_used = simple_async_mock(None)
request = Mock(args={})
diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
index 9af9db6e3e..41a959b4d6 100644
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@@ -29,7 +29,16 @@ from synapse.api.constants import ApprovalNoticeMedium, LoginType, UserTypes
from synapse.api.errors import Codes, HttpResponseException, ResourceLimitError
from synapse.api.room_versions import RoomVersions
from synapse.media.filepath import MediaFilePaths
-from synapse.rest.client import devices, login, logout, profile, register, room, sync
+from synapse.rest.client import (
+ devices,
+ login,
+ logout,
+ profile,
+ register,
+ room,
+ sync,
+ user_directory,
+)
from synapse.server import HomeServer
from synapse.types import JsonDict, UserID, create_requester
from synapse.util import Clock
@@ -1477,6 +1486,7 @@ class UserRestTestCase(unittest.HomeserverTestCase):
login.register_servlets,
sync.register_servlets,
register.register_servlets,
+ user_directory.register_servlets,
]
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
@@ -2464,6 +2474,105 @@ class UserRestTestCase(unittest.HomeserverTestCase):
# This key was removed intentionally. Ensure it is not accidentally re-included.
self.assertNotIn("password_hash", channel.json_body)
+ def test_locked_user(self) -> None:
+ # User can sync
+ channel = self.make_request(
+ "GET",
+ "/_matrix/client/v3/sync",
+ access_token=self.other_user_token,
+ )
+ self.assertEqual(200, channel.code, msg=channel.json_body)
+
+ # Lock user
+ channel = self.make_request(
+ "PUT",
+ self.url_other_user,
+ access_token=self.admin_user_tok,
+ content={"locked": True},
+ )
+
+ # User is not authorized to sync anymore
+ channel = self.make_request(
+ "GET",
+ "/_matrix/client/v3/sync",
+ access_token=self.other_user_token,
+ )
+ self.assertEqual(401, channel.code, msg=channel.json_body)
+ self.assertEqual(Codes.USER_LOCKED, channel.json_body["errcode"])
+ self.assertTrue(channel.json_body["soft_logout"])
+
+ @override_config({"user_directory": {"enabled": True, "search_all_users": True}})
+ def test_locked_user_not_in_user_dir(self) -> None:
+ # User is available in the user dir
+ channel = self.make_request(
+ "POST",
+ "/_matrix/client/v3/user_directory/search",
+ {"search_term": self.other_user},
+ access_token=self.admin_user_tok,
+ )
+ self.assertEqual(200, channel.code, msg=channel.json_body)
+ self.assertIn("results", channel.json_body)
+ self.assertEqual(1, len(channel.json_body["results"]))
+
+ # Lock user
+ channel = self.make_request(
+ "PUT",
+ self.url_other_user,
+ access_token=self.admin_user_tok,
+ content={"locked": True},
+ )
+
+ # User is not available anymore in the user dir
+ channel = self.make_request(
+ "POST",
+ "/_matrix/client/v3/user_directory/search",
+ {"search_term": self.other_user},
+ access_token=self.admin_user_tok,
+ )
+ self.assertEqual(200, channel.code, msg=channel.json_body)
+ self.assertIn("results", channel.json_body)
+ self.assertEqual(0, len(channel.json_body["results"]))
+
+ @override_config(
+ {
+ "user_directory": {
+ "enabled": True,
+ "search_all_users": True,
+ "show_locked_users": True,
+ }
+ }
+ )
+ def test_locked_user_in_user_dir_with_show_locked_users_option(self) -> None:
+ # User is available in the user dir
+ channel = self.make_request(
+ "POST",
+ "/_matrix/client/v3/user_directory/search",
+ {"search_term": self.other_user},
+ access_token=self.admin_user_tok,
+ )
+ self.assertEqual(200, channel.code, msg=channel.json_body)
+ self.assertIn("results", channel.json_body)
+ self.assertEqual(1, len(channel.json_body["results"]))
+
+ # Lock user
+ channel = self.make_request(
+ "PUT",
+ self.url_other_user,
+ access_token=self.admin_user_tok,
+ content={"locked": True},
+ )
+
+ # User is still available in the user dir
+ channel = self.make_request(
+ "POST",
+ "/_matrix/client/v3/user_directory/search",
+ {"search_term": self.other_user},
+ access_token=self.admin_user_tok,
+ )
+ self.assertEqual(200, channel.code, msg=channel.json_body)
+ self.assertIn("results", channel.json_body)
+ self.assertEqual(1, len(channel.json_body["results"]))
+
@override_config({"user_directory": {"enabled": True, "search_all_users": True}})
def test_change_name_deactivate_user_user_directory(self) -> None:
"""
diff --git a/tests/storage/test_registration.py b/tests/storage/test_registration.py
index 05ea802008..ba41459d08 100644
--- a/tests/storage/test_registration.py
+++ b/tests/storage/test_registration.py
@@ -48,6 +48,7 @@ class RegistrationStoreTestCase(HomeserverTestCase):
"creation_ts": 0,
"user_type": None,
"deactivated": 0,
+ "locked": 0,
"shadow_banned": 0,
"approved": 1,
},
|
