diff --git a/tests/rest/admin/__init__.py b/tests/rest/admin/__init__.py
new file mode 100644
index 0000000000..1453d04571
--- /dev/null
+++ b/tests/rest/admin/__init__.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# Copyright 2019 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/rest/client/v1/test_admin.py b/tests/rest/admin/test_admin.py
index ef38473bd6..da19a83918 100644
--- a/tests/rest/client/v1/test_admin.py
+++ b/tests/rest/admin/test_admin.py
@@ -19,27 +19,26 @@ import json
from mock import Mock
+import synapse.rest.admin
from synapse.api.constants import UserTypes
-from synapse.rest.client.v1 import admin, events, login, room
+from synapse.http.server import JsonResource
+from synapse.rest.admin import VersionServlet
+from synapse.rest.client.v1 import events, login, room
+from synapse.rest.client.v2_alpha import groups
from tests import unittest
class VersionTestCase(unittest.HomeserverTestCase):
+ url = '/_synapse/admin/v1/server_version'
- servlets = [
- admin.register_servlets,
- login.register_servlets,
- ]
-
- url = '/_matrix/client/r0/admin/server_version'
+ def create_test_json_resource(self):
+ resource = JsonResource(self.hs)
+ VersionServlet(self.hs).register(resource)
+ return resource
def test_version_string(self):
- self.register_user("admin", "pass", admin=True)
- self.admin_token = self.login("admin", "pass")
-
- request, channel = self.make_request("GET", self.url,
- access_token=self.admin_token)
+ request, channel = self.make_request("GET", self.url, shorthand=False)
self.render(request)
self.assertEqual(200, int(channel.result["code"]),
@@ -47,21 +46,10 @@ class VersionTestCase(unittest.HomeserverTestCase):
self.assertEqual({'server_version', 'python_version'},
set(channel.json_body.keys()))
- def test_inaccessible_to_non_admins(self):
- self.register_user("unprivileged-user", "pass", admin=False)
- user_token = self.login("unprivileged-user", "pass")
-
- request, channel = self.make_request("GET", self.url,
- access_token=user_token)
- self.render(request)
-
- self.assertEqual(403, int(channel.result['code']),
- msg=channel.result['body'])
-
class UserRegisterTestCase(unittest.HomeserverTestCase):
- servlets = [admin.register_servlets]
+ servlets = [synapse.rest.admin.register_servlets_for_client_rest_resource]
def make_homeserver(self, reactor, clock):
@@ -357,7 +345,7 @@ class UserRegisterTestCase(unittest.HomeserverTestCase):
class ShutdownRoomTestCase(unittest.HomeserverTestCase):
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
login.register_servlets,
events.register_servlets,
room.register_servlets,
@@ -490,3 +478,126 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase):
self.assertEqual(
expect_code, int(channel.result["code"]), msg=channel.result["body"],
)
+
+
+class DeleteGroupTestCase(unittest.HomeserverTestCase):
+ servlets = [
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ groups.register_servlets,
+ ]
+
+ def prepare(self, reactor, clock, hs):
+ self.store = hs.get_datastore()
+
+ self.admin_user = self.register_user("admin", "pass", admin=True)
+ self.admin_user_tok = self.login("admin", "pass")
+
+ self.other_user = self.register_user("user", "pass")
+ self.other_user_token = self.login("user", "pass")
+
+ def test_delete_group(self):
+ # Create a new group
+ request, channel = self.make_request(
+ "POST",
+ "/create_group".encode('ascii'),
+ access_token=self.admin_user_tok,
+ content={
+ "localpart": "test",
+ }
+ )
+
+ self.render(request)
+ self.assertEqual(
+ 200, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ group_id = channel.json_body["group_id"]
+
+ self._check_group(group_id, expect_code=200)
+
+ # Invite/join another user
+
+ url = "/groups/%s/admin/users/invite/%s" % (group_id, self.other_user)
+ request, channel = self.make_request(
+ "PUT",
+ url.encode('ascii'),
+ access_token=self.admin_user_tok,
+ content={}
+ )
+ self.render(request)
+ self.assertEqual(
+ 200, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ url = "/groups/%s/self/accept_invite" % (group_id,)
+ request, channel = self.make_request(
+ "PUT",
+ url.encode('ascii'),
+ access_token=self.other_user_token,
+ content={}
+ )
+ self.render(request)
+ self.assertEqual(
+ 200, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ # Check other user knows they're in the group
+ self.assertIn(group_id, self._get_groups_user_is_in(self.admin_user_tok))
+ self.assertIn(group_id, self._get_groups_user_is_in(self.other_user_token))
+
+ # Now delete the group
+ url = "/admin/delete_group/" + group_id
+ request, channel = self.make_request(
+ "POST",
+ url.encode('ascii'),
+ access_token=self.admin_user_tok,
+ content={
+ "localpart": "test",
+ }
+ )
+
+ self.render(request)
+ self.assertEqual(
+ 200, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ # Check group returns 404
+ self._check_group(group_id, expect_code=404)
+
+ # Check users don't think they're in the group
+ self.assertNotIn(group_id, self._get_groups_user_is_in(self.admin_user_tok))
+ self.assertNotIn(group_id, self._get_groups_user_is_in(self.other_user_token))
+
+ def _check_group(self, group_id, expect_code):
+ """Assert that trying to fetch the given group results in the given
+ HTTP status code
+ """
+
+ url = "/groups/%s/profile" % (group_id,)
+ request, channel = self.make_request(
+ "GET",
+ url.encode('ascii'),
+ access_token=self.admin_user_tok,
+ )
+
+ self.render(request)
+ self.assertEqual(
+ expect_code, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ def _get_groups_user_is_in(self, access_token):
+ """Returns the list of groups the user is in (given their access token)
+ """
+ request, channel = self.make_request(
+ "GET",
+ "/joined_groups".encode('ascii'),
+ access_token=access_token,
+ )
+
+ self.render(request)
+ self.assertEqual(
+ 200, int(channel.result["code"]), msg=channel.result["body"],
+ )
+
+ return channel.json_body["groups"]
diff --git a/tests/rest/client/test_consent.py b/tests/rest/client/test_consent.py
index 4294bbec2a..5528971190 100644
--- a/tests/rest/client/test_consent.py
+++ b/tests/rest/client/test_consent.py
@@ -15,8 +15,9 @@
import os
+import synapse.rest.admin
from synapse.api.urls import ConsentURIBuilder
-from synapse.rest.client.v1 import admin, login, room
+from synapse.rest.client.v1 import login, room
from synapse.rest.consent import consent_resource
from tests import unittest
@@ -31,7 +32,7 @@ except Exception:
class ConsentResourceTestCase(unittest.HomeserverTestCase):
skip = "No Jinja installed" if not load_jinja2_templates else None
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
room.register_servlets,
login.register_servlets,
]
diff --git a/tests/rest/client/test_identity.py b/tests/rest/client/test_identity.py
new file mode 100644
index 0000000000..2e51ffa418
--- /dev/null
+++ b/tests/rest/client/test_identity.py
@@ -0,0 +1,66 @@
+# -*- coding: utf-8 -*-
+# Copyright 2019 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+
+import synapse.rest.admin
+from synapse.rest.client.v1 import login, room
+
+from tests import unittest
+
+
+class IdentityTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ room.register_servlets,
+ login.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+
+ config = self.default_config()
+ config.enable_3pid_lookup = False
+ self.hs = self.setup_test_homeserver(config=config)
+
+ return self.hs
+
+ def test_3pid_lookup_disabled(self):
+ self.hs.config.enable_3pid_lookup = False
+
+ self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+
+ request, channel = self.make_request(
+ b"POST", "/createRoom", b"{}", access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+ room_id = channel.json_body["room_id"]
+
+ params = {
+ "id_server": "testis",
+ "medium": "email",
+ "address": "test@example.com",
+ }
+ request_data = json.dumps(params)
+ request_url = (
+ "/rooms/%s/invite" % (room_id)
+ ).encode('ascii')
+ request, channel = self.make_request(
+ b"POST", request_url, request_data, access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"403", channel.result)
diff --git a/tests/rest/client/v1/test_directory.py b/tests/rest/client/v1/test_directory.py
new file mode 100644
index 0000000000..f63c68e7ed
--- /dev/null
+++ b/tests/rest/client/v1/test_directory.py
@@ -0,0 +1,169 @@
+# -*- coding: utf-8 -*-
+# Copyright 2019 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+
+from synapse.rest import admin
+from synapse.rest.client.v1 import directory, login, room
+from synapse.types import RoomAlias
+from synapse.util.stringutils import random_string
+
+from tests import unittest
+
+
+class DirectoryTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ admin.register_servlets_for_client_rest_resource,
+ directory.register_servlets,
+ login.register_servlets,
+ room.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+ config = self.default_config()
+ config.require_membership_for_aliases = True
+
+ self.hs = self.setup_test_homeserver(config=config)
+
+ return self.hs
+
+ def prepare(self, reactor, clock, homeserver):
+ self.room_owner = self.register_user("room_owner", "test")
+ self.room_owner_tok = self.login("room_owner", "test")
+
+ self.room_id = self.helper.create_room_as(
+ self.room_owner, tok=self.room_owner_tok,
+ )
+
+ self.user = self.register_user("user", "test")
+ self.user_tok = self.login("user", "test")
+
+ def test_state_event_not_in_room(self):
+ self.ensure_user_left_room()
+ self.set_alias_via_state_event(403)
+
+ def test_directory_endpoint_not_in_room(self):
+ self.ensure_user_left_room()
+ self.set_alias_via_directory(403)
+
+ def test_state_event_in_room_too_long(self):
+ self.ensure_user_joined_room()
+ self.set_alias_via_state_event(400, alias_length=256)
+
+ def test_directory_in_room_too_long(self):
+ self.ensure_user_joined_room()
+ self.set_alias_via_directory(400, alias_length=256)
+
+ def test_state_event_in_room(self):
+ self.ensure_user_joined_room()
+ self.set_alias_via_state_event(200)
+
+ def test_directory_in_room(self):
+ self.ensure_user_joined_room()
+ self.set_alias_via_directory(200)
+
+ def test_room_creation_too_long(self):
+ url = "/_matrix/client/r0/createRoom"
+
+ # We use deliberately a localpart under the length threshold so
+ # that we can make sure that the check is done on the whole alias.
+ data = {
+ "room_alias_name": random_string(256 - len(self.hs.hostname)),
+ }
+ request_data = json.dumps(data)
+ request, channel = self.make_request(
+ "POST", url, request_data, access_token=self.user_tok,
+ )
+ self.render(request)
+ self.assertEqual(channel.code, 400, channel.result)
+
+ def test_room_creation(self):
+ url = "/_matrix/client/r0/createRoom"
+
+ # Check with an alias of allowed length. There should already be
+ # a test that ensures it works in test_register.py, but let's be
+ # as cautious as possible here.
+ data = {
+ "room_alias_name": random_string(5),
+ }
+ request_data = json.dumps(data)
+ request, channel = self.make_request(
+ "POST", url, request_data, access_token=self.user_tok,
+ )
+ self.render(request)
+ self.assertEqual(channel.code, 200, channel.result)
+
+ def set_alias_via_state_event(self, expected_code, alias_length=5):
+ url = ("/_matrix/client/r0/rooms/%s/state/m.room.aliases/%s"
+ % (self.room_id, self.hs.hostname))
+
+ data = {
+ "aliases": [
+ self.random_alias(alias_length),
+ ],
+ }
+ request_data = json.dumps(data)
+
+ request, channel = self.make_request(
+ "PUT", url, request_data, access_token=self.user_tok,
+ )
+ self.render(request)
+ self.assertEqual(channel.code, expected_code, channel.result)
+
+ def set_alias_via_directory(self, expected_code, alias_length=5):
+ url = "/_matrix/client/r0/directory/room/%s" % self.random_alias(alias_length)
+ data = {
+ "room_id": self.room_id,
+ }
+ request_data = json.dumps(data)
+
+ request, channel = self.make_request(
+ "PUT", url, request_data, access_token=self.user_tok,
+ )
+ self.render(request)
+ self.assertEqual(channel.code, expected_code, channel.result)
+
+ def random_alias(self, length):
+ return RoomAlias(
+ random_string(length),
+ self.hs.hostname,
+ ).to_string()
+
+ def ensure_user_left_room(self):
+ self.ensure_membership("leave")
+
+ def ensure_user_joined_room(self):
+ self.ensure_membership("join")
+
+ def ensure_membership(self, membership):
+ try:
+ if membership == "leave":
+ self.helper.leave(
+ room=self.room_id,
+ user=self.user,
+ tok=self.user_tok,
+ )
+ if membership == "join":
+ self.helper.join(
+ room=self.room_id,
+ user=self.user,
+ tok=self.user_tok,
+ )
+ except AssertionError:
+ # We don't care whether the leave request didn't return a 200 (e.g.
+ # if the user isn't already in the room), because we only want to
+ # make sure the user isn't in the room.
+ pass
diff --git a/tests/rest/client/v1/test_events.py b/tests/rest/client/v1/test_events.py
index 36d8547275..8a9a55a527 100644
--- a/tests/rest/client/v1/test_events.py
+++ b/tests/rest/client/v1/test_events.py
@@ -17,7 +17,8 @@
from mock import Mock, NonCallableMock
-from synapse.rest.client.v1 import admin, events, login, room
+import synapse.rest.admin
+from synapse.rest.client.v1 import events, login, room
from tests import unittest
@@ -28,7 +29,7 @@ class EventStreamPermissionsTestCase(unittest.HomeserverTestCase):
servlets = [
events.register_servlets,
room.register_servlets,
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
login.register_servlets,
]
diff --git a/tests/rest/client/v1/test_login.py b/tests/rest/client/v1/test_login.py
index 86312f1096..9ebd91f678 100644
--- a/tests/rest/client/v1/test_login.py
+++ b/tests/rest/client/v1/test_login.py
@@ -1,6 +1,7 @@
import json
-from synapse.rest.client.v1 import admin, login
+import synapse.rest.admin
+from synapse.rest.client.v1 import login
from tests import unittest
@@ -10,7 +11,7 @@ LOGIN_URL = b"/_matrix/client/r0/login"
class LoginRestServletTestCase(unittest.HomeserverTestCase):
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
login.register_servlets,
]
diff --git a/tests/rest/client/v1/test_profile.py b/tests/rest/client/v1/test_profile.py
index 1eab9c3bdb..7306e61b7c 100644
--- a/tests/rest/client/v1/test_profile.py
+++ b/tests/rest/client/v1/test_profile.py
@@ -20,7 +20,8 @@ from twisted.internet import defer
import synapse.types
from synapse.api.errors import AuthError, SynapseError
-from synapse.rest.client.v1 import profile
+from synapse.rest import admin
+from synapse.rest.client.v1 import login, profile, room
from tests import unittest
@@ -42,6 +43,7 @@ class ProfileTestCase(unittest.TestCase):
"set_displayname",
"get_avatar_url",
"set_avatar_url",
+ "check_profile_query_allowed",
]
)
@@ -155,3 +157,92 @@ class ProfileTestCase(unittest.TestCase):
self.assertEquals(mocked_set.call_args[0][0].localpart, "1234ABCD")
self.assertEquals(mocked_set.call_args[0][1].user.localpart, "1234ABCD")
self.assertEquals(mocked_set.call_args[0][2], "http://my.server/pic.gif")
+
+
+class ProfilesRestrictedTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ profile.register_servlets,
+ room.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+
+ config = self.default_config()
+ config.require_auth_for_profile_requests = True
+ self.hs = self.setup_test_homeserver(config=config)
+
+ return self.hs
+
+ def prepare(self, reactor, clock, hs):
+ # User owning the requested profile.
+ self.owner = self.register_user("owner", "pass")
+ self.owner_tok = self.login("owner", "pass")
+ self.profile_url = "/profile/%s" % (self.owner)
+
+ # User requesting the profile.
+ self.requester = self.register_user("requester", "pass")
+ self.requester_tok = self.login("requester", "pass")
+
+ self.room_id = self.helper.create_room_as(self.owner, tok=self.owner_tok)
+
+ def test_no_auth(self):
+ self.try_fetch_profile(401)
+
+ def test_not_in_shared_room(self):
+ self.ensure_requester_left_room()
+
+ self.try_fetch_profile(403, access_token=self.requester_tok)
+
+ def test_in_shared_room(self):
+ self.ensure_requester_left_room()
+
+ self.helper.join(
+ room=self.room_id,
+ user=self.requester,
+ tok=self.requester_tok,
+ )
+
+ self.try_fetch_profile(200, self.requester_tok)
+
+ def try_fetch_profile(self, expected_code, access_token=None):
+ self.request_profile(
+ expected_code,
+ access_token=access_token
+ )
+
+ self.request_profile(
+ expected_code,
+ url_suffix="/displayname",
+ access_token=access_token,
+ )
+
+ self.request_profile(
+ expected_code,
+ url_suffix="/avatar_url",
+ access_token=access_token,
+ )
+
+ def request_profile(self, expected_code, url_suffix="", access_token=None):
+ request, channel = self.make_request(
+ "GET",
+ self.profile_url + url_suffix,
+ access_token=access_token,
+ )
+ self.render(request)
+ self.assertEqual(channel.code, expected_code, channel.result)
+
+ def ensure_requester_left_room(self):
+ try:
+ self.helper.leave(
+ room=self.room_id,
+ user=self.requester,
+ tok=self.requester_tok,
+ )
+ except AssertionError:
+ # We don't care whether the leave request didn't return a 200 (e.g.
+ # if the user isn't already in the room), because we only want to
+ # make sure the user isn't in the room.
+ pass
diff --git a/tests/rest/client/v1/test_rooms.py b/tests/rest/client/v1/test_rooms.py
index 015c144248..9b191436cc 100644
--- a/tests/rest/client/v1/test_rooms.py
+++ b/tests/rest/client/v1/test_rooms.py
@@ -22,8 +22,9 @@ from six.moves.urllib import parse as urlparse
from twisted.internet import defer
+import synapse.rest.admin
from synapse.api.constants import Membership
-from synapse.rest.client.v1 import admin, login, room
+from synapse.rest.client.v1 import login, room
from tests import unittest
@@ -803,7 +804,7 @@ class RoomMessageListTestCase(RoomBase):
class RoomSearchTestCase(unittest.HomeserverTestCase):
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
room.register_servlets,
login.register_servlets,
]
@@ -903,3 +904,35 @@ class RoomSearchTestCase(unittest.HomeserverTestCase):
self.assertEqual(
context["profile_info"][self.other_user_id]["displayname"], "otheruser"
)
+
+
+class PublicRoomsRestrictedTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ room.register_servlets,
+ login.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+
+ self.url = b"/_matrix/client/r0/publicRooms"
+
+ config = self.default_config()
+ config.restrict_public_rooms_to_local_users = True
+ self.hs = self.setup_test_homeserver(config=config)
+
+ return self.hs
+
+ def test_restricted_no_auth(self):
+ request, channel = self.make_request("GET", self.url)
+ self.render(request)
+ self.assertEqual(channel.code, 401, channel.result)
+
+ def test_restricted_auth(self):
+ self.register_user("user", "pass")
+ tok = self.login("user", "pass")
+
+ request, channel = self.make_request("GET", self.url, access_token=tok)
+ self.render(request)
+ self.assertEqual(channel.code, 200, channel.result)
diff --git a/tests/rest/client/v2_alpha/test_auth.py b/tests/rest/client/v2_alpha/test_auth.py
index 7fa120a10f..0ca3c4657b 100644
--- a/tests/rest/client/v2_alpha/test_auth.py
+++ b/tests/rest/client/v2_alpha/test_auth.py
@@ -16,8 +16,8 @@
from twisted.internet.defer import succeed
+import synapse.rest.admin
from synapse.api.constants import LoginType
-from synapse.rest.client.v1 import admin
from synapse.rest.client.v2_alpha import auth, register
from tests import unittest
@@ -27,7 +27,7 @@ class FallbackAuthTests(unittest.HomeserverTestCase):
servlets = [
auth.register_servlets,
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
register.register_servlets,
]
hijack_auth = False
diff --git a/tests/rest/client/v2_alpha/test_capabilities.py b/tests/rest/client/v2_alpha/test_capabilities.py
index d3d43970fb..f3ef977404 100644
--- a/tests/rest/client/v2_alpha/test_capabilities.py
+++ b/tests/rest/client/v2_alpha/test_capabilities.py
@@ -12,9 +12,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-from synapse.api.constants import DEFAULT_ROOM_VERSION, KNOWN_ROOM_VERSIONS
-from synapse.rest.client.v1 import admin, login
+import synapse.rest.admin
+from synapse.api.room_versions import DEFAULT_ROOM_VERSION, KNOWN_ROOM_VERSIONS
+from synapse.rest.client.v1 import login
from synapse.rest.client.v2_alpha import capabilities
from tests import unittest
@@ -23,7 +23,7 @@ from tests import unittest
class CapabilitiesTestCase(unittest.HomeserverTestCase):
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
capabilities.register_servlets,
login.register_servlets,
]
@@ -52,7 +52,7 @@ class CapabilitiesTestCase(unittest.HomeserverTestCase):
for room_version in capabilities['m.room_versions']['available'].keys():
self.assertTrue(room_version in KNOWN_ROOM_VERSIONS, "" + room_version)
self.assertEqual(
- DEFAULT_ROOM_VERSION, capabilities['m.room_versions']['default']
+ DEFAULT_ROOM_VERSION.identifier, capabilities['m.room_versions']['default']
)
def test_get_change_password_capabilities(self):
diff --git a/tests/rest/client/v2_alpha/test_register.py b/tests/rest/client/v2_alpha/test_register.py
index a45e6e5e1f..1c3a621d26 100644
--- a/tests/rest/client/v2_alpha/test_register.py
+++ b/tests/rest/client/v2_alpha/test_register.py
@@ -1,15 +1,27 @@
+import datetime
import json
+import os
+import pkg_resources
+
+import synapse.rest.admin
from synapse.api.constants import LoginType
+from synapse.api.errors import Codes
from synapse.appservice import ApplicationService
-from synapse.rest.client.v2_alpha.register import register_servlets
+from synapse.rest.client.v1 import login
+from synapse.rest.client.v2_alpha import account_validity, register, sync
from tests import unittest
+try:
+ from synapse.push.mailer import load_jinja2_templates
+except ImportError:
+ load_jinja2_templates = None
+
class RegisterRestServletTestCase(unittest.HomeserverTestCase):
- servlets = [register_servlets]
+ servlets = [register.register_servlets]
def make_homeserver(self, reactor, clock):
@@ -181,3 +193,216 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
self.render(request)
self.assertEquals(channel.result["code"], b"200", channel.result)
+
+
+class AccountValidityTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ register.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ sync.register_servlets,
+ account_validity.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+ config = self.default_config()
+ # Test for account expiring after a week.
+ config.enable_registration = True
+ config.account_validity.enabled = True
+ config.account_validity.period = 604800000 # Time in ms for 1 week
+ self.hs = self.setup_test_homeserver(config=config)
+
+ return self.hs
+
+ def test_validity_period(self):
+ self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+
+ # The specific endpoint doesn't matter, all we need is an authenticated
+ # endpoint.
+ request, channel = self.make_request(
+ b"GET", "/sync", access_token=tok,
+ )
+ self.render(request)
+
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ self.reactor.advance(datetime.timedelta(weeks=1).total_seconds())
+
+ request, channel = self.make_request(
+ b"GET", "/sync", access_token=tok,
+ )
+ self.render(request)
+
+ self.assertEquals(channel.result["code"], b"403", channel.result)
+ self.assertEquals(
+ channel.json_body["errcode"], Codes.EXPIRED_ACCOUNT, channel.result,
+ )
+
+ def test_manual_renewal(self):
+ user_id = self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+
+ self.reactor.advance(datetime.timedelta(weeks=1).total_seconds())
+
+ # If we register the admin user at the beginning of the test, it will
+ # expire at the same time as the normal user and the renewal request
+ # will be denied.
+ self.register_user("admin", "adminpassword", admin=True)
+ admin_tok = self.login("admin", "adminpassword")
+
+ url = "/_matrix/client/unstable/admin/account_validity/validity"
+ params = {
+ "user_id": user_id,
+ }
+ request_data = json.dumps(params)
+ request, channel = self.make_request(
+ b"POST", url, request_data, access_token=admin_tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ # The specific endpoint doesn't matter, all we need is an authenticated
+ # endpoint.
+ request, channel = self.make_request(
+ b"GET", "/sync", access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ def test_manual_expire(self):
+ user_id = self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+
+ self.register_user("admin", "adminpassword", admin=True)
+ admin_tok = self.login("admin", "adminpassword")
+
+ url = "/_matrix/client/unstable/admin/account_validity/validity"
+ params = {
+ "user_id": user_id,
+ "expiration_ts": 0,
+ "enable_renewal_emails": False,
+ }
+ request_data = json.dumps(params)
+ request, channel = self.make_request(
+ b"POST", url, request_data, access_token=admin_tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ # The specific endpoint doesn't matter, all we need is an authenticated
+ # endpoint.
+ request, channel = self.make_request(
+ b"GET", "/sync", access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"403", channel.result)
+ self.assertEquals(
+ channel.json_body["errcode"], Codes.EXPIRED_ACCOUNT, channel.result,
+ )
+
+
+class AccountValidityRenewalByEmailTestCase(unittest.HomeserverTestCase):
+
+ skip = "No Jinja installed" if not load_jinja2_templates else None
+ servlets = [
+ register.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ sync.register_servlets,
+ account_validity.register_servlets,
+ ]
+
+ def make_homeserver(self, reactor, clock):
+ config = self.default_config()
+ # Test for account expiring after a week and renewal emails being sent 2
+ # days before expiry.
+ config.enable_registration = True
+ config.account_validity.enabled = True
+ config.account_validity.renew_by_email_enabled = True
+ config.account_validity.period = 604800000 # Time in ms for 1 week
+ config.account_validity.renew_at = 172800000 # Time in ms for 2 days
+ config.account_validity.renew_email_subject = "Renew your account"
+
+ # Email config.
+ self.email_attempts = []
+
+ def sendmail(*args, **kwargs):
+ self.email_attempts.append((args, kwargs))
+ return
+
+ config.email_template_dir = os.path.abspath(
+ pkg_resources.resource_filename('synapse', 'res/templates')
+ )
+ config.email_expiry_template_html = "notice_expiry.html"
+ config.email_expiry_template_text = "notice_expiry.txt"
+ config.email_smtp_host = "127.0.0.1"
+ config.email_smtp_port = 20
+ config.require_transport_security = False
+ config.email_smtp_user = None
+ config.email_smtp_pass = None
+ config.email_notif_from = "test@example.com"
+
+ self.hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
+
+ self.store = self.hs.get_datastore()
+
+ return self.hs
+
+ def test_renewal_email(self):
+ self.email_attempts = []
+
+ user_id = self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+ # We need to manually add an email address otherwise the handler will do
+ # nothing.
+ now = self.hs.clock.time_msec()
+ self.get_success(self.store.user_add_threepid(
+ user_id=user_id, medium="email", address="kermit@example.com",
+ validated_at=now, added_at=now,
+ ))
+
+ # Move 6 days forward. This should trigger a renewal email to be sent.
+ self.reactor.advance(datetime.timedelta(days=6).total_seconds())
+ self.assertEqual(len(self.email_attempts), 1)
+
+ # Retrieving the URL from the email is too much pain for now, so we
+ # retrieve the token from the DB.
+ renewal_token = self.get_success(self.store.get_renewal_token_for_user(user_id))
+ url = "/_matrix/client/unstable/account_validity/renew?token=%s" % renewal_token
+ request, channel = self.make_request(b"GET", url)
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ # Move 3 days forward. If the renewal failed, every authed request with
+ # our access token should be denied from now, otherwise they should
+ # succeed.
+ self.reactor.advance(datetime.timedelta(days=3).total_seconds())
+ request, channel = self.make_request(
+ b"GET", "/sync", access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ def test_manual_email_send(self):
+ self.email_attempts = []
+
+ user_id = self.register_user("kermit", "monkey")
+ tok = self.login("kermit", "monkey")
+ # We need to manually add an email address otherwise the handler will do
+ # nothing.
+ now = self.hs.clock.time_msec()
+ self.get_success(self.store.user_add_threepid(
+ user_id=user_id, medium="email", address="kermit@example.com",
+ validated_at=now, added_at=now,
+ ))
+
+ request, channel = self.make_request(
+ b"POST", "/_matrix/client/unstable/account_validity/send_mail",
+ access_token=tok,
+ )
+ self.render(request)
+ self.assertEquals(channel.result["code"], b"200", channel.result)
+
+ self.assertEqual(len(self.email_attempts), 1)
diff --git a/tests/rest/client/v2_alpha/test_sync.py b/tests/rest/client/v2_alpha/test_sync.py
index 99b716f00a..71895094bd 100644
--- a/tests/rest/client/v2_alpha/test_sync.py
+++ b/tests/rest/client/v2_alpha/test_sync.py
@@ -15,7 +15,8 @@
from mock import Mock
-from synapse.rest.client.v1 import admin, login, room
+import synapse.rest.admin
+from synapse.rest.client.v1 import login, room
from synapse.rest.client.v2_alpha import sync
from tests import unittest
@@ -72,7 +73,7 @@ class FilterTestCase(unittest.HomeserverTestCase):
class SyncTypingTests(unittest.HomeserverTestCase):
servlets = [
- admin.register_servlets,
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
room.register_servlets,
login.register_servlets,
sync.register_servlets,
|
