summary refs log tree commit diff
path: root/tests/api/test_auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/api/test_auth.py')
-rw-r--r--tests/api/test_auth.py224
1 files changed, 92 insertions, 132 deletions
diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
index ee5217b074..b1a8c58e1c 100644
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -17,8 +17,6 @@ from mock import Mock
 
 import pymacaroons
 
-from twisted.internet import defer
-
 from synapse.api.auth import Auth
 from synapse.api.constants import UserTypes
 from synapse.api.errors import (
@@ -33,19 +31,17 @@ from synapse.storage.databases.main.registration import TokenLookupResult
 from synapse.types import UserID
 
 from tests import unittest
-from tests.utils import mock_getRawHeaders, setup_test_homeserver
+from tests.test_utils import simple_async_mock
+from tests.utils import mock_getRawHeaders
 
 
-class AuthTestCase(unittest.TestCase):
-    @defer.inlineCallbacks
-    def setUp(self):
-        self.state_handler = Mock()
+class AuthTestCase(unittest.HomeserverTestCase):
+    def prepare(self, reactor, clock, hs):
         self.store = Mock()
 
-        self.hs = yield setup_test_homeserver(self.addCleanup)
-        self.hs.get_datastore = Mock(return_value=self.store)
-        self.hs.get_auth_handler().store = self.store
-        self.auth = Auth(self.hs)
+        hs.get_datastore = Mock(return_value=self.store)
+        hs.get_auth_handler().store = self.store
+        self.auth = Auth(hs)
 
         # AuthBlocking reads from the hs' config on initialization. We need to
         # modify its config instead of the hs'
@@ -57,64 +53,59 @@ class AuthTestCase(unittest.TestCase):
         # this is overridden for the appservice tests
         self.store.get_app_service_by_token = Mock(return_value=None)
 
-        self.store.insert_client_ip = Mock(return_value=defer.succeed(None))
-        self.store.is_support_user = Mock(return_value=defer.succeed(False))
+        self.store.insert_client_ip = simple_async_mock(None)
+        self.store.is_support_user = simple_async_mock(False)
 
-    @defer.inlineCallbacks
     def test_get_user_by_req_user_valid_token(self):
         user_info = TokenLookupResult(
             user_id=self.test_user, token_id=5, device_id="device"
         )
-        self.store.get_user_by_access_token = Mock(
-            return_value=defer.succeed(user_info)
-        )
+        self.store.get_user_by_access_token = simple_async_mock(user_info)
 
         request = Mock(args={})
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        requester = yield defer.ensureDeferred(self.auth.get_user_by_req(request))
+        requester = self.get_success(self.auth.get_user_by_req(request))
         self.assertEquals(requester.user.to_string(), self.test_user)
 
     def test_get_user_by_req_user_bad_token(self):
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        f = self.failureResultOf(d, InvalidClientTokenError).value
+        f = self.get_failure(
+            self.auth.get_user_by_req(request), InvalidClientTokenError
+        ).value
         self.assertEqual(f.code, 401)
         self.assertEqual(f.errcode, "M_UNKNOWN_TOKEN")
 
     def test_get_user_by_req_user_missing_token(self):
         user_info = TokenLookupResult(user_id=self.test_user, token_id=5)
-        self.store.get_user_by_access_token = Mock(
-            return_value=defer.succeed(user_info)
-        )
+        self.store.get_user_by_access_token = simple_async_mock(user_info)
 
         request = Mock(args={})
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        f = self.failureResultOf(d, MissingClientTokenError).value
+        f = self.get_failure(
+            self.auth.get_user_by_req(request), MissingClientTokenError
+        ).value
         self.assertEqual(f.code, 401)
         self.assertEqual(f.errcode, "M_MISSING_TOKEN")
 
-    @defer.inlineCallbacks
     def test_get_user_by_req_appservice_valid_token(self):
         app_service = Mock(
             token="foobar", url="a_url", sender=self.test_user, ip_range_whitelist=None
         )
         self.store.get_app_service_by_token = Mock(return_value=app_service)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.getClientIP.return_value = "127.0.0.1"
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        requester = yield defer.ensureDeferred(self.auth.get_user_by_req(request))
+        requester = self.get_success(self.auth.get_user_by_req(request))
         self.assertEquals(requester.user.to_string(), self.test_user)
 
-    @defer.inlineCallbacks
     def test_get_user_by_req_appservice_valid_token_good_ip(self):
         from netaddr import IPSet
 
@@ -125,13 +116,13 @@ class AuthTestCase(unittest.TestCase):
             ip_range_whitelist=IPSet(["192.168/16"]),
         )
         self.store.get_app_service_by_token = Mock(return_value=app_service)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.getClientIP.return_value = "192.168.10.10"
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        requester = yield defer.ensureDeferred(self.auth.get_user_by_req(request))
+        requester = self.get_success(self.auth.get_user_by_req(request))
         self.assertEquals(requester.user.to_string(), self.test_user)
 
     def test_get_user_by_req_appservice_valid_token_bad_ip(self):
@@ -144,42 +135,44 @@ class AuthTestCase(unittest.TestCase):
             ip_range_whitelist=IPSet(["192.168/16"]),
         )
         self.store.get_app_service_by_token = Mock(return_value=app_service)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.getClientIP.return_value = "131.111.8.42"
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        f = self.failureResultOf(d, InvalidClientTokenError).value
+        f = self.get_failure(
+            self.auth.get_user_by_req(request), InvalidClientTokenError
+        ).value
         self.assertEqual(f.code, 401)
         self.assertEqual(f.errcode, "M_UNKNOWN_TOKEN")
 
     def test_get_user_by_req_appservice_bad_token(self):
         self.store.get_app_service_by_token = Mock(return_value=None)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.args[b"access_token"] = [self.test_token]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        f = self.failureResultOf(d, InvalidClientTokenError).value
+        f = self.get_failure(
+            self.auth.get_user_by_req(request), InvalidClientTokenError
+        ).value
         self.assertEqual(f.code, 401)
         self.assertEqual(f.errcode, "M_UNKNOWN_TOKEN")
 
     def test_get_user_by_req_appservice_missing_token(self):
         app_service = Mock(token="foobar", url="a_url", sender=self.test_user)
         self.store.get_app_service_by_token = Mock(return_value=app_service)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        f = self.failureResultOf(d, MissingClientTokenError).value
+        f = self.get_failure(
+            self.auth.get_user_by_req(request), MissingClientTokenError
+        ).value
         self.assertEqual(f.code, 401)
         self.assertEqual(f.errcode, "M_MISSING_TOKEN")
 
-    @defer.inlineCallbacks
     def test_get_user_by_req_appservice_valid_token_valid_user_id(self):
         masquerading_user_id = b"@doppelganger:matrix.org"
         app_service = Mock(
@@ -188,17 +181,15 @@ class AuthTestCase(unittest.TestCase):
         app_service.is_interested_in_user = Mock(return_value=True)
         self.store.get_app_service_by_token = Mock(return_value=app_service)
         # This just needs to return a truth-y value.
-        self.store.get_user_by_id = Mock(
-            return_value=defer.succeed({"is_guest": False})
-        )
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_id = simple_async_mock({"is_guest": False})
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.getClientIP.return_value = "127.0.0.1"
         request.args[b"access_token"] = [self.test_token]
         request.args[b"user_id"] = [masquerading_user_id]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        requester = yield defer.ensureDeferred(self.auth.get_user_by_req(request))
+        requester = self.get_success(self.auth.get_user_by_req(request))
         self.assertEquals(
             requester.user.to_string(), masquerading_user_id.decode("utf8")
         )
@@ -210,22 +201,18 @@ class AuthTestCase(unittest.TestCase):
         )
         app_service.is_interested_in_user = Mock(return_value=False)
         self.store.get_app_service_by_token = Mock(return_value=app_service)
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         request = Mock(args={})
         request.getClientIP.return_value = "127.0.0.1"
         request.args[b"access_token"] = [self.test_token]
         request.args[b"user_id"] = [masquerading_user_id]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        d = defer.ensureDeferred(self.auth.get_user_by_req(request))
-        self.failureResultOf(d, AuthError)
+        self.get_failure(self.auth.get_user_by_req(request), AuthError)
 
-    @defer.inlineCallbacks
     def test_get_user_from_macaroon(self):
-        self.store.get_user_by_access_token = Mock(
-            return_value=defer.succeed(
-                TokenLookupResult(user_id="@baldrick:matrix.org", device_id="device")
-            )
+        self.store.get_user_by_access_token = simple_async_mock(
+            TokenLookupResult(user_id="@baldrick:matrix.org", device_id="device")
         )
 
         user_id = "@baldrick:matrix.org"
@@ -237,7 +224,7 @@ class AuthTestCase(unittest.TestCase):
         macaroon.add_first_party_caveat("gen = 1")
         macaroon.add_first_party_caveat("type = access")
         macaroon.add_first_party_caveat("user_id = %s" % (user_id,))
-        user_info = yield defer.ensureDeferred(
+        user_info = self.get_success(
             self.auth.get_user_by_access_token(macaroon.serialize())
         )
         self.assertEqual(user_id, user_info.user_id)
@@ -246,10 +233,9 @@ class AuthTestCase(unittest.TestCase):
         # from the db.
         self.assertEqual(user_info.device_id, "device")
 
-    @defer.inlineCallbacks
     def test_get_guest_user_from_macaroon(self):
-        self.store.get_user_by_id = Mock(return_value=defer.succeed({"is_guest": True}))
-        self.store.get_user_by_access_token = Mock(return_value=defer.succeed(None))
+        self.store.get_user_by_id = simple_async_mock({"is_guest": True})
+        self.store.get_user_by_access_token = simple_async_mock(None)
 
         user_id = "@baldrick:matrix.org"
         macaroon = pymacaroons.Macaroon(
@@ -263,20 +249,17 @@ class AuthTestCase(unittest.TestCase):
         macaroon.add_first_party_caveat("guest = true")
         serialized = macaroon.serialize()
 
-        user_info = yield defer.ensureDeferred(
-            self.auth.get_user_by_access_token(serialized)
-        )
+        user_info = self.get_success(self.auth.get_user_by_access_token(serialized))
         self.assertEqual(user_id, user_info.user_id)
         self.assertTrue(user_info.is_guest)
         self.store.get_user_by_id.assert_called_with(user_id)
 
-    @defer.inlineCallbacks
     def test_cannot_use_regular_token_as_guest(self):
         USER_ID = "@percy:matrix.org"
-        self.store.add_access_token_to_user = Mock(return_value=defer.succeed(None))
-        self.store.get_device = Mock(return_value=defer.succeed(None))
+        self.store.add_access_token_to_user = simple_async_mock(None)
+        self.store.get_device = simple_async_mock(None)
 
-        token = yield defer.ensureDeferred(
+        token = self.get_success(
             self.hs.get_auth_handler().get_access_token_for_user_id(
                 USER_ID, "DEVICE", valid_until_ms=None
             )
@@ -289,25 +272,21 @@ class AuthTestCase(unittest.TestCase):
             puppets_user_id=None,
         )
 
-        def get_user(tok):
+        async def get_user(tok):
             if token != tok:
-                return defer.succeed(None)
-            return defer.succeed(
-                TokenLookupResult(
-                    user_id=USER_ID, is_guest=False, token_id=1234, device_id="DEVICE",
-                )
+                return None
+            return TokenLookupResult(
+                user_id=USER_ID, is_guest=False, token_id=1234, device_id="DEVICE",
             )
 
         self.store.get_user_by_access_token = get_user
-        self.store.get_user_by_id = Mock(
-            return_value=defer.succeed({"is_guest": False})
-        )
+        self.store.get_user_by_id = simple_async_mock({"is_guest": False})
 
         # check the token works
         request = Mock(args={})
         request.args[b"access_token"] = [token.encode("ascii")]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
-        requester = yield defer.ensureDeferred(
+        requester = self.get_success(
             self.auth.get_user_by_req(request, allow_guest=True)
         )
         self.assertEqual(UserID.from_string(USER_ID), requester.user)
@@ -323,17 +302,16 @@ class AuthTestCase(unittest.TestCase):
         request.args[b"access_token"] = [guest_tok.encode("ascii")]
         request.requestHeaders.getRawHeaders = mock_getRawHeaders()
 
-        with self.assertRaises(InvalidClientCredentialsError) as cm:
-            yield defer.ensureDeferred(
-                self.auth.get_user_by_req(request, allow_guest=True)
-            )
+        cm = self.get_failure(
+            self.auth.get_user_by_req(request, allow_guest=True),
+            InvalidClientCredentialsError,
+        )
 
-        self.assertEqual(401, cm.exception.code)
-        self.assertEqual("Guest access token used for regular user", cm.exception.msg)
+        self.assertEqual(401, cm.value.code)
+        self.assertEqual("Guest access token used for regular user", cm.value.msg)
 
         self.store.get_user_by_id.assert_called_with(USER_ID)
 
-    @defer.inlineCallbacks
     def test_blocking_mau(self):
         self.auth_blocking._limit_usage_by_mau = False
         self.auth_blocking._max_mau_value = 50
@@ -341,77 +319,61 @@ class AuthTestCase(unittest.TestCase):
         small_number_of_users = 1
 
         # Ensure no error thrown
-        yield defer.ensureDeferred(self.auth.check_auth_blocking())
+        self.get_success(self.auth.check_auth_blocking())
 
         self.auth_blocking._limit_usage_by_mau = True
 
-        self.store.get_monthly_active_count = Mock(
-            return_value=defer.succeed(lots_of_users)
-        )
+        self.store.get_monthly_active_count = simple_async_mock(lots_of_users)
 
-        with self.assertRaises(ResourceLimitError) as e:
-            yield defer.ensureDeferred(self.auth.check_auth_blocking())
-        self.assertEquals(e.exception.admin_contact, self.hs.config.admin_contact)
-        self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
-        self.assertEquals(e.exception.code, 403)
+        e = self.get_failure(self.auth.check_auth_blocking(), ResourceLimitError)
+        self.assertEquals(e.value.admin_contact, self.hs.config.admin_contact)
+        self.assertEquals(e.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
+        self.assertEquals(e.value.code, 403)
 
         # Ensure does not throw an error
-        self.store.get_monthly_active_count = Mock(
-            return_value=defer.succeed(small_number_of_users)
-        )
-        yield defer.ensureDeferred(self.auth.check_auth_blocking())
+        self.store.get_monthly_active_count = simple_async_mock(small_number_of_users)
+        self.get_success(self.auth.check_auth_blocking())
 
-    @defer.inlineCallbacks
     def test_blocking_mau__depending_on_user_type(self):
         self.auth_blocking._max_mau_value = 50
         self.auth_blocking._limit_usage_by_mau = True
 
-        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        self.store.get_monthly_active_count = simple_async_mock(100)
         # Support users allowed
-        yield defer.ensureDeferred(
-            self.auth.check_auth_blocking(user_type=UserTypes.SUPPORT)
-        )
-        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        self.get_success(self.auth.check_auth_blocking(user_type=UserTypes.SUPPORT))
+        self.store.get_monthly_active_count = simple_async_mock(100)
         # Bots not allowed
-        with self.assertRaises(ResourceLimitError):
-            yield defer.ensureDeferred(
-                self.auth.check_auth_blocking(user_type=UserTypes.BOT)
-            )
-        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        self.get_failure(
+            self.auth.check_auth_blocking(user_type=UserTypes.BOT), ResourceLimitError
+        )
+        self.store.get_monthly_active_count = simple_async_mock(100)
         # Real users not allowed
-        with self.assertRaises(ResourceLimitError):
-            yield defer.ensureDeferred(self.auth.check_auth_blocking())
+        self.get_failure(self.auth.check_auth_blocking(), ResourceLimitError)
 
-    @defer.inlineCallbacks
     def test_reserved_threepid(self):
         self.auth_blocking._limit_usage_by_mau = True
         self.auth_blocking._max_mau_value = 1
-        self.store.get_monthly_active_count = lambda: defer.succeed(2)
+        self.store.get_monthly_active_count = simple_async_mock(2)
         threepid = {"medium": "email", "address": "reserved@server.com"}
         unknown_threepid = {"medium": "email", "address": "unreserved@server.com"}
         self.auth_blocking._mau_limits_reserved_threepids = [threepid]
 
-        with self.assertRaises(ResourceLimitError):
-            yield defer.ensureDeferred(self.auth.check_auth_blocking())
+        self.get_failure(self.auth.check_auth_blocking(), ResourceLimitError)
 
-        with self.assertRaises(ResourceLimitError):
-            yield defer.ensureDeferred(
-                self.auth.check_auth_blocking(threepid=unknown_threepid)
-            )
+        self.get_failure(
+            self.auth.check_auth_blocking(threepid=unknown_threepid), ResourceLimitError
+        )
 
-        yield defer.ensureDeferred(self.auth.check_auth_blocking(threepid=threepid))
+        self.get_success(self.auth.check_auth_blocking(threepid=threepid))
 
-    @defer.inlineCallbacks
     def test_hs_disabled(self):
         self.auth_blocking._hs_disabled = True
         self.auth_blocking._hs_disabled_message = "Reason for being disabled"
-        with self.assertRaises(ResourceLimitError) as e:
-            yield defer.ensureDeferred(self.auth.check_auth_blocking())
-        self.assertEquals(e.exception.admin_contact, self.hs.config.admin_contact)
-        self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
-        self.assertEquals(e.exception.code, 403)
+        e = self.get_failure(self.auth.check_auth_blocking(), ResourceLimitError)
+        self.assertEquals(e.value.admin_contact, self.hs.config.admin_contact)
+        self.assertEquals(e.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
+        self.assertEquals(e.value.code, 403)
 
-    @defer.inlineCallbacks
     def test_hs_disabled_no_server_notices_user(self):
         """Check that 'hs_disabled_message' works correctly when there is no
         server_notices user.
@@ -422,16 +384,14 @@ class AuthTestCase(unittest.TestCase):
 
         self.auth_blocking._hs_disabled = True
         self.auth_blocking._hs_disabled_message = "Reason for being disabled"
-        with self.assertRaises(ResourceLimitError) as e:
-            yield defer.ensureDeferred(self.auth.check_auth_blocking())
-        self.assertEquals(e.exception.admin_contact, self.hs.config.admin_contact)
-        self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
-        self.assertEquals(e.exception.code, 403)
+        e = self.get_failure(self.auth.check_auth_blocking(), ResourceLimitError)
+        self.assertEquals(e.value.admin_contact, self.hs.config.admin_contact)
+        self.assertEquals(e.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)
+        self.assertEquals(e.value.code, 403)
 
-    @defer.inlineCallbacks
     def test_server_notices_mxid_special_cased(self):
         self.auth_blocking._hs_disabled = True
         user = "@user:server"
         self.auth_blocking._server_notices_mxid = user
         self.auth_blocking._hs_disabled_message = "Reason for being disabled"
-        yield defer.ensureDeferred(self.auth.check_auth_blocking(user))
+        self.get_success(self.auth.check_auth_blocking(user))