diff options
Diffstat (limited to 'tests/api/test_eventauth.py')
| -rw-r--r-- | tests/api/test_eventauth.py | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/tests/api/test_eventauth.py b/tests/api/test_eventauth.py new file mode 100644 index 0000000000..84d88d3fe9 --- /dev/null +++ b/tests/api/test_eventauth.py @@ -0,0 +1,268 @@ + +# -*- coding: utf-8 -*- +# Generated by generate_test_eventauth.py + +# Copyright 2015 - 2016 OpenMarket Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from synapse.api.auth import Auth +from synapse.api.errors import SynapseError +from tests import unittest +from tests.utils import setup_test_homeserver +from twisted.internet import defer +from synapse.events import FrozenEvent + + +class EventAuthTestCase(unittest.TestCase): + + @defer.inlineCallbacks + def setUp(self): + self.hs = yield setup_test_homeserver(handlers=None) + self.auth = Auth(self.hs) + + def test_EmptyRoom(self): + auth_events = ( + {} + ) + auth_events = {k: FrozenEvent(v) for k, v in auth_events.items()} + + # Allowed events + self.auth.check(FrozenEvent( + {u'content': {u'creator': u'@u1:a'}, + u'event_id': u'$e1:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'type': u'm.room.create'} + ), auth_events=auth_events, do_sig_check=False) + + # Disallowed events + # Sent by a different server than the one which made the room_id + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'creator': u'@u1:b'}, + u'event_id': u'$e2:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:b', + u'type': u'm.room.create'} + ), auth_events=auth_events, do_sig_check=False) + # All non-create events must reference a create event. + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e3:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + + def test_FirstJoin(self): + auth_events = ( + {('m.room.create', ''): {u'content': {u'creator': u'@u1:a'}, + u'event_id': u'$e1:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'type': u'm.room.create'}} + ) + auth_events = {k: FrozenEvent(v) for k, v in auth_events.items()} + + # Allowed events + self.auth.check(FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e2:a', + u'prev_events': [[u'$e1:a', {}]], + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + + # Disallowed events + # The prev_event is not the create event. + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e3:a', + u'prev_events': [[u'$e2:a', {}]], + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + # The membership key is not join + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'invite'}, + u'event_id': u'$e4:a', + u'prev_events': [[u'$e1:a', {}]], + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + # The room_id doesn't match the create event + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e5:a', + u'prev_events': [[u'$e1:a', {}]], + u'room_id': u'!r2:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + # The sender doesn't match the room creator + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e6:a', + u'prev_events': [[u'$e1:a', {}]], + u'room_id': u'!r1:a', + u'sender': u'@u2:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + # The sender doesn't match the state_key + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'membership': u'join'}, + u'event_id': u'$e7:a', + u'prev_events': [[u'$e1:a', {}]], + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u2:a', + u'type': u'm.room.member'} + ), auth_events=auth_events, do_sig_check=False) + + def test_FirstPowerLevels(self): + auth_events = ( + {('m.room.create', ''): {u'content': {u'creator': u'@u1:a'}, + u'event_id': u'$e1:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'type': u'm.room.create'}, + ('m.room.member', u'@u1:a'): {u'content': {u'membership': u'join'}, + u'event_id': u'$e2:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'}, + ('m.room.member', u'@u2:a'): {u'content': {u'membership': u'join'}, + u'event_id': u'$e3:a', + u'room_id': u'!r1:a', + u'sender': u'@u2:a', + u'state_key': u'@u2:a', + u'type': u'm.room.member'}} + ) + auth_events = {k: FrozenEvent(v) for k, v in auth_events.items()} + + # Allowed events + self.auth.check(FrozenEvent( + {u'content': {u'ban': 50, + u'events': {u'm.room.avatar': 50, + u'm.room.canonical_alias': 50, + u'm.room.history_visibility': 100, + u'm.room.name': 50, + u'm.room.power_levels': 100}, + u'events_default': 0, + u'invite': 0, + u'kick': 50, + u'redact': 50, + u'state_default': 50, + u'users': {u'@u1:a': 100, + u'@u2:a': 100, + u'@u3:a': 50}, + u'users_default': 0}, + u'event_id': u'$e3:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'', + u'type': u'm.room.power_levels'} + ), auth_events=auth_events, do_sig_check=False) + self.auth.check(FrozenEvent( + {u'content': {u'users': {u'@u1:a': 1000}}, + u'event_id': u'$e4:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'', + u'type': u'm.room.power_levels'} + ), auth_events=auth_events, do_sig_check=False) + + # Disallowed events + # Only the creator can send the first power level event + self.assertRaises(SynapseError, self.auth.check, FrozenEvent( + {u'content': {u'users': {u'@u1:a': 1000}}, + u'event_id': u'$e4:a', + u'room_id': u'!r1:a', + u'sender': u'@u2:a', + u'state_key': u'', + u'type': u'm.room.power_levels'} + ), auth_events=auth_events, do_sig_check=False) + + def test_PowerLevels(self): + auth_events = ( + {('m.room.create', ''): {u'content': {u'creator': u'@u1:a'}, + u'event_id': u'$e1:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'type': u'm.room.create'}, + ('m.room.member', u'@u1:a'): {u'content': {u'membership': u'join'}, + u'event_id': u'$e2:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'}, + ('m.room.member', u'@u3:a'): {u'content': {u'membership': u'join'}, + u'event_id': u'$e2:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'@u1:a', + u'type': u'm.room.member'}} + ) + auth_events = {k: FrozenEvent(v) for k, v in auth_events.items()} + + # Allowed events + self.auth.check(FrozenEvent( + {u'content': {u'ban': 50, + u'events': {u'm.room.avatar': 50, + u'm.room.canonical_alias': 50, + u'm.room.history_visibility': 100, + u'm.room.name': 50, + u'm.room.power_levels': 100}, + u'events_default': 0, + u'invite': 0, + u'kick': 50, + u'redact': 50, + u'state_default': 50, + u'users': {u'@u1:a': 100, + u'@u2:a': 100, + u'@u3:a': 50}, + u'users_default': 0}, + u'event_id': u'$e4:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'', + u'type': u'm.room.power_levels'} + ), auth_events=auth_events, do_sig_check=False) + self.auth.check(FrozenEvent( + {u'content': {u'ban': 50, + u'events': {u'm.room.power_levels': 100}, + u'events_default': 0, + u'invite': 0, + u'kick': 50, + u'redact': 50, + u'state_default': 50, + u'users': {u'@u1:a': 100, u'@u2:a': 100}, + u'users_default': 0}, + u'event_id': u'$e5:a', + u'room_id': u'!r1:a', + u'sender': u'@u1:a', + u'state_key': u'', + u'type': u'm.room.power_levels'} + ), auth_events=auth_events, do_sig_check=False) + + # Disallowed events |