summary refs log tree commit diff
path: root/tests/rest
diff options
context:
space:
mode:
Diffstat (limited to 'tests/rest')
-rw-r--r--tests/rest/__init__.py1
-rw-r--r--tests/rest/test_events.py202
-rw-r--r--tests/rest/test_presence.py241
-rw-r--r--tests/rest/test_profile.py130
-rw-r--r--tests/rest/test_rooms.py924
-rw-r--r--tests/rest/utils.py112
6 files changed, 1610 insertions, 0 deletions
diff --git a/tests/rest/__init__.py b/tests/rest/__init__.py
new file mode 100644
index 0000000000..40a96afc6f
--- /dev/null
+++ b/tests/rest/__init__.py
@@ -0,0 +1 @@
+# -*- coding: utf-8 -*-
diff --git a/tests/rest/test_events.py b/tests/rest/test_events.py
new file mode 100644
index 0000000000..fa40e049ea
--- /dev/null
+++ b/tests/rest/test_events.py
@@ -0,0 +1,202 @@
+# -*- coding: utf-8 -*-
+""" Tests REST events for /events paths."""
+from twisted.trial import unittest
+
+# twisted imports
+from twisted.internet import defer
+
+import synapse.rest.events
+import synapse.rest.register
+import synapse.rest.room
+
+from synapse.server import HomeServer
+
+# python imports
+import json
+import logging
+
+from ..utils import MockHttpServer, MemoryDataStore
+from .utils import RestTestCase
+
+from mock import Mock
+
+logging.getLogger().addHandler(logging.NullHandler())
+
+PATH_PREFIX = "/matrix/client/api/v1"
+
+
+class EventStreamPaginationApiTestCase(unittest.TestCase):
+    """ Tests event streaming query parameters and start/end keys used in the
+    Pagination stream API. """
+    user_id = "sid1"
+
+    def setUp(self):
+        # configure stream and inject items
+        pass
+
+    def tearDown(self):
+        pass
+
+    def test_long_poll(self):
+        # stream from 'end' key, send (self+other) message, expect message.
+
+        # stream from 'END', send (self+other) message, expect message.
+
+        # stream from 'end' key, send (self+other) topic, expect topic.
+
+        # stream from 'END', send (self+other) topic, expect topic.
+
+        # stream from 'end' key, send (self+other) invite, expect invite.
+
+        # stream from 'END', send (self+other) invite, expect invite.
+
+        pass
+
+    def test_stream_forward(self):
+        # stream from START, expect injected items
+
+        # stream from 'start' key, expect same content
+
+        # stream from 'end' key, expect nothing
+
+        # stream from 'END', expect nothing
+
+        # The following is needed for cases where content is removed e.g. you
+        # left a room, so the token you're streaming from is > the one that
+        # would be returned naturally from START>END.
+        # stream from very new token (higher than end key), expect same token
+        # returned as end key
+        pass
+
+    def test_limits(self):
+        # stream from a key, expect limit_num items
+
+        # stream from START, expect limit_num items
+
+        pass
+
+    def test_range(self):
+        # stream from key to key, expect X items
+
+        # stream from key to END, expect X items
+
+        # stream from START to key, expect X items
+
+        # stream from START to END, expect all items
+        pass
+
+    def test_direction(self):
+        # stream from END to START and fwds, expect newest first
+
+        # stream from END to START and bwds, expect oldest first
+
+        # stream from START to END and fwds, expect oldest first
+
+        # stream from START to END and bwds, expect newest first
+
+        pass
+
+
+class EventStreamPermissionsTestCase(RestTestCase):
+    """ Tests event streaming (GET /events). """
+
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+            clock=Mock(spec=[
+                "call_later",
+                "cancel_call_later",
+                "time_msec",
+            ]),
+        )
+
+        hs.get_clock().time_msec.return_value = 1000000
+
+        hs.datastore = MemoryDataStore()
+        synapse.rest.register.register_servlets(hs, self.mock_server)
+        synapse.rest.events.register_servlets(hs, self.mock_server)
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+        # register an account
+        self.user_id = "sid1"
+        response = yield self.register(self.user_id)
+        self.token = response["access_token"]
+        self.user_id = response["user_id"]
+
+        # register a 2nd account
+        self.other_user = "other1"
+        response = yield self.register(self.other_user)
+        self.other_token = response["access_token"]
+        self.other_user = response["user_id"]
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_stream_basic_permissions(self):
+        # invalid token, expect 403
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/events?access_token=%s" % ("invalid" + self.token))
+        self.assertEquals(403, code, msg=str(response))
+
+        # valid token, expect content
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/events?access_token=%s&timeout=0" % (self.token))
+        self.assertEquals(200, code, msg=str(response))
+        self.assertTrue("chunk" in response)
+        self.assertTrue("start" in response)
+        self.assertTrue("end" in response)
+
+    @defer.inlineCallbacks
+    def test_stream_room_permissions(self):
+        room_id = "!rid1:test"
+        yield self.create_room_as(room_id, self.other_user,
+                                  tok=self.other_token)
+        yield self.send(room_id, self.other_user, tok=self.other_token)
+
+        # invited to room (expect no content for room)
+        yield self.invite(room_id, src=self.other_user, targ=self.user_id,
+                          tok=self.other_token)
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/events?access_token=%s&timeout=0" % (self.token))
+        self.assertEquals(200, code, msg=str(response))
+
+        # First message is a reflection of my own presence status change
+        self.assertEquals(1, len(response["chunk"]))
+        self.assertEquals("m.presence", response["chunk"][0]["type"])
+
+        # joined room (expect all content for room)
+        yield self.join(room=room_id, user=self.user_id, tok=self.token)
+
+        # left to room (expect no content for room)
+
+    def test_stream_items(self):
+        # new user, no content
+
+        # join room, expect 1 item (join)
+
+        # send message, expect 2 items (join,send)
+
+        # set topic, expect 3 items (join,send,topic)
+
+        # someone else join room, expect 4 (join,send,topic,join)
+
+        # someone else send message, expect 5 (join,send.topic,join,send)
+
+        # someone else set topic, expect 6 (join,send,topic,join,send,topic)
+        pass
diff --git a/tests/rest/test_presence.py b/tests/rest/test_presence.py
new file mode 100644
index 0000000000..3a2e86e5c4
--- /dev/null
+++ b/tests/rest/test_presence.py
@@ -0,0 +1,241 @@
+# -*- coding: utf-8 -*-
+"""Tests REST events for /presence paths."""
+
+from twisted.trial import unittest
+from twisted.internet import defer
+
+from mock import Mock
+import logging
+
+from ..utils import MockHttpServer
+
+from synapse.api.constants import PresenceState
+from synapse.server import HomeServer
+
+
+logging.getLogger().addHandler(logging.NullHandler())
+
+
+OFFLINE = PresenceState.OFFLINE
+BUSY = PresenceState.BUSY
+ONLINE = PresenceState.ONLINE
+
+
+myid = "@apple:test"
+PATH_PREFIX = "/matrix/client/api/v1"
+
+
+class PresenceStateTestCase(unittest.TestCase):
+
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.mock_handler = Mock(spec=[
+            "get_state",
+            "set_state",
+        ])
+
+        hs = HomeServer("test",
+            db_pool=None,
+            http_client=None,
+            http_server=self.mock_server,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(myid)
+
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        hs.get_handlers().presence_handler = self.mock_handler
+
+        hs.register_servlets()
+
+        self.u_apple = hs.parse_userid(myid)
+
+    @defer.inlineCallbacks
+    def test_get_my_status(self):
+        mocked_get = self.mock_handler.get_state
+        mocked_get.return_value = defer.succeed(
+                {"state": 2, "status_msg": "Available"})
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/presence/%s/status" % (myid), None)
+
+        self.assertEquals(200, code)
+        self.assertEquals({"state": ONLINE, "status_msg": "Available"},
+                response)
+        mocked_get.assert_called_with(target_user=self.u_apple,
+                auth_user=self.u_apple)
+
+    @defer.inlineCallbacks
+    def test_set_my_status(self):
+        mocked_set = self.mock_handler.set_state
+        mocked_set.return_value = defer.succeed(())
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                "/presence/%s/status" % (myid),
+                '{"state": 1, "status_msg": "Away"}')
+
+        self.assertEquals(200, code)
+        mocked_set.assert_called_with(target_user=self.u_apple,
+                auth_user=self.u_apple,
+                state={"state": 1, "status_msg": "Away"})
+
+
+class PresenceListTestCase(unittest.TestCase):
+
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.mock_handler = Mock(spec=[
+            "get_presence_list",
+            "send_invite",
+            "drop",
+        ])
+
+        hs = HomeServer("test",
+            db_pool=None,
+            http_client=None,
+            http_server=self.mock_server,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(myid)
+
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        hs.get_handlers().presence_handler = self.mock_handler
+
+        hs.register_servlets()
+
+        self.u_apple = hs.parse_userid("@apple:test")
+        self.u_banana = hs.parse_userid("@banana:test")
+
+    @defer.inlineCallbacks
+    def test_get_my_list(self):
+        self.mock_handler.get_presence_list.return_value = defer.succeed(
+                [{"observed_user": self.u_banana}]
+        )
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/presence_list/%s" % (myid), None)
+
+        self.assertEquals(200, code)
+        self.assertEquals([{"user_id": "@banana:test"}], response)
+
+    @defer.inlineCallbacks
+    def test_invite(self):
+        self.mock_handler.send_invite.return_value = defer.succeed(())
+
+        (code, response) = yield self.mock_server.trigger("POST",
+                "/presence_list/%s" % (myid),
+                """{
+                    "invite": ["@banana:test"]
+                }""")
+
+        self.assertEquals(200, code)
+
+        self.mock_handler.send_invite.assert_called_with(
+                observer_user=self.u_apple, observed_user=self.u_banana)
+
+    @defer.inlineCallbacks
+    def test_drop(self):
+        self.mock_handler.drop.return_value = defer.succeed(())
+
+        (code, response) = yield self.mock_server.trigger("POST",
+                "/presence_list/%s" % (myid),
+                """{
+                    "drop": ["@banana:test"]
+                }""")
+
+        self.assertEquals(200, code)
+
+        self.mock_handler.drop.assert_called_with(
+                observer_user=self.u_apple, observed_user=self.u_banana)
+
+
+class PresenceEventStreamTestCase(unittest.TestCase):
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+
+        # TODO: mocked data store
+
+        # HIDEOUS HACKERY
+        # TODO(paul): This should be injected in via the HomeServer DI system
+        from synapse.handlers.events import EventStreamHandler
+        from synapse.handlers.presence import PresenceStreamData
+        EventStreamHandler.stream_data_classes = [
+            PresenceStreamData
+        ]
+
+        hs = HomeServer("test",
+            db_pool=None,
+            http_client=None,
+            http_server=self.mock_server,
+            datastore=Mock(spec=[
+                "set_presence_state",
+                "get_presence_list",
+            ]),
+            clock=Mock(spec=[
+                "call_later",
+                "cancel_call_later",
+                "time_msec",
+            ]),
+        )
+
+        hs.get_clock().time_msec.return_value = 1000000
+
+        def _get_user_by_req(req=None):
+            return hs.parse_userid(myid)
+
+        hs.get_auth().get_user_by_req = _get_user_by_req
+
+        hs.register_servlets()
+
+        hs.handlers.room_member_handler = Mock(spec=[
+            "get_rooms_for_user",
+        ])
+        hs.handlers.room_member_handler.get_rooms_for_user = (
+                lambda u: defer.succeed([]))
+
+        self.mock_datastore = hs.get_datastore()
+        self.presence = hs.get_handlers().presence_handler
+
+        self.u_apple = hs.parse_userid("@apple:test")
+        self.u_banana = hs.parse_userid("@banana:test")
+
+    @defer.inlineCallbacks
+    def test_shortpoll(self):
+        self.mock_datastore.set_presence_state.return_value = defer.succeed(
+                {"state": ONLINE})
+        self.mock_datastore.get_presence_list.return_value = defer.succeed(
+                [])
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/events?timeout=0", None)
+
+        self.assertEquals(200, code)
+
+        # We've forced there to be only one data stream so the tokens will
+        # all be ours
+
+        # I'll already get my own presence state change
+        self.assertEquals({"start": "0", "end": "1", "chunk": [
+            {"type": "m.presence",
+             "content": {"user_id": "@apple:test", "state": 2}},
+        ]}, response)
+
+        self.mock_datastore.set_presence_state.return_value = defer.succeed(
+                {"state": ONLINE})
+        self.mock_datastore.get_presence_list.return_value = defer.succeed(
+                [])
+
+        yield self.presence.set_state(self.u_banana, self.u_banana,
+                state={"state": ONLINE})
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/events?from=1&timeout=0", None)
+
+        self.assertEquals(200, code)
+        self.assertEquals({"start": "1", "end": "2", "chunk": [
+            {"type": "m.presence",
+             "content": {"user_id": "@banana:test", "state": 2}},
+        ]}, response)
diff --git a/tests/rest/test_profile.py b/tests/rest/test_profile.py
new file mode 100644
index 0000000000..13342b61e5
--- /dev/null
+++ b/tests/rest/test_profile.py
@@ -0,0 +1,130 @@
+# -*- coding: utf-8 -*-
+"""Tests REST events for /profile paths."""
+
+from twisted.trial import unittest
+from twisted.internet import defer
+
+from mock import Mock
+
+from ..utils import MockHttpServer
+
+from synapse.api.errors import SynapseError, AuthError
+from synapse.server import HomeServer
+
+myid = "@1234ABCD:test"
+PATH_PREFIX = "/matrix/client/api/v1"
+
+class ProfileTestCase(unittest.TestCase):
+    """ Tests profile management. """
+
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.mock_handler = Mock(spec=[
+            "get_displayname",
+            "set_displayname",
+            "get_avatar_url",
+            "set_avatar_url",
+        ])
+
+        hs = HomeServer("test",
+            db_pool=None,
+            http_client=None,
+            http_server=self.mock_server,
+            federation=Mock(),
+            replication_layer=Mock(),
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(myid)
+
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        hs.get_handlers().profile_handler = self.mock_handler
+
+        hs.register_servlets()
+
+    @defer.inlineCallbacks
+    def test_get_my_name(self):
+        mocked_get = self.mock_handler.get_displayname
+        mocked_get.return_value = defer.succeed("Frank")
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/profile/%s/displayname" % (myid), None)
+
+        self.assertEquals(200, code)
+        self.assertEquals({"displayname": "Frank"}, response)
+        self.assertEquals(mocked_get.call_args[0][0].localpart, "1234ABCD")
+
+    @defer.inlineCallbacks
+    def test_set_my_name(self):
+        mocked_set = self.mock_handler.set_displayname
+        mocked_set.return_value = defer.succeed(())
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                "/profile/%s/displayname" % (myid),
+                '{"displayname": "Frank Jr."}')
+
+        self.assertEquals(200, code)
+        self.assertEquals(mocked_set.call_args[0][0].localpart, "1234ABCD")
+        self.assertEquals(mocked_set.call_args[0][1].localpart, "1234ABCD")
+        self.assertEquals(mocked_set.call_args[0][2], "Frank Jr.")
+
+    @defer.inlineCallbacks
+    def test_set_my_name_noauth(self):
+        mocked_set = self.mock_handler.set_displayname
+        mocked_set.side_effect = AuthError(400, "message")
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                "/profile/%s/displayname" % ("@4567:test"), '"Frank Jr."')
+
+        self.assertTrue(400 <= code < 499,
+                msg="code %d is in the 4xx range" % (code))
+
+    @defer.inlineCallbacks
+    def test_get_other_name(self):
+        mocked_get = self.mock_handler.get_displayname
+        mocked_get.return_value = defer.succeed("Bob")
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/profile/%s/displayname" % ("@opaque:elsewhere"), None)
+
+        self.assertEquals(200, code)
+        self.assertEquals({"displayname": "Bob"}, response)
+
+    @defer.inlineCallbacks
+    def test_set_other_name(self):
+        mocked_set = self.mock_handler.set_displayname
+        mocked_set.side_effect = SynapseError(400, "message")
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                "/profile/%s/displayname" % ("@opaque:elsewhere"), None)
+
+        self.assertTrue(400 <= code <= 499,
+                msg="code %d is in the 4xx range" % (code))
+
+    @defer.inlineCallbacks
+    def test_get_my_avatar(self):
+        mocked_get = self.mock_handler.get_avatar_url
+        mocked_get.return_value = defer.succeed("http://my.server/me.png")
+
+        (code, response) = yield self.mock_server.trigger("GET",
+                "/profile/%s/avatar_url" % (myid), None)
+
+        self.assertEquals(200, code)
+        self.assertEquals({"avatar_url": "http://my.server/me.png"}, response)
+        self.assertEquals(mocked_get.call_args[0][0].localpart, "1234ABCD")
+
+    @defer.inlineCallbacks
+    def test_set_my_avatar(self):
+        mocked_set = self.mock_handler.set_avatar_url
+        mocked_set.return_value = defer.succeed(())
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                "/profile/%s/avatar_url" % (myid),
+                '{"avatar_url": "http://my.server/pic.gif"}')
+
+        self.assertEquals(200, code)
+        self.assertEquals(mocked_set.call_args[0][0].localpart, "1234ABCD")
+        self.assertEquals(mocked_set.call_args[0][1].localpart, "1234ABCD")
+        self.assertEquals(mocked_set.call_args[0][2],
+                "http://my.server/pic.gif")
diff --git a/tests/rest/test_rooms.py b/tests/rest/test_rooms.py
new file mode 100644
index 0000000000..29e82fc13c
--- /dev/null
+++ b/tests/rest/test_rooms.py
@@ -0,0 +1,924 @@
+# -*- coding: utf-8 -*-
+"""Tests REST events for /rooms paths."""
+
+# twisted imports
+from twisted.internet import defer
+
+import synapse.rest.room
+from synapse.api.constants import Membership
+
+from synapse.server import HomeServer
+
+# python imports
+import json
+import urllib
+
+from ..utils import MockHttpServer, MemoryDataStore
+from .utils import RestTestCase
+
+from mock import Mock
+
+PATH_PREFIX = "/matrix/client/api/v1"
+
+
+class RoomPermissionsTestCase(RestTestCase):
+    """ Tests room permissions. """
+    user_id = "@sid1:red"
+    rmcreator_id = "@notme:red"
+
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        self.auth_user_id = self.rmcreator_id
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+        self.auth = hs.get_auth()
+
+        # create some rooms under the name rmcreator_id
+        self.uncreated_rmid = "!aa:test"
+
+        self.created_rmid = "!abc:test"
+        yield self.create_room_as(self.created_rmid, self.rmcreator_id,
+                                  is_public=False)
+
+        self.created_public_rmid = "!def1234ghi:test"
+        yield self.create_room_as(self.created_public_rmid, self.rmcreator_id,
+                                  is_public=True)
+
+        # send a message in one of the rooms
+        self.created_rmid_msg_path = ("/rooms/%s/messages/%s/midaaa1" %
+                                (self.created_rmid, self.rmcreator_id))
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT",
+                           self.created_rmid_msg_path,
+                           '{"msgtype":"m.text","body":"test msg"}')
+        self.assertEquals(200, code, msg=str(response))
+
+        # set topic for public room
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT",
+                           "/rooms/%s/topic" % self.created_public_rmid,
+                           '{"topic":"Public Room Topic"}')
+        self.assertEquals(200, code, msg=str(response))
+
+        # auth as user_id now
+        self.auth_user_id = self.user_id
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_get_message(self):
+        # get message in uncreated room, expect 403
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/noroom/messages/someid/m1")
+        self.assertEquals(403, code, msg=str(response))
+
+        # get message in created room not joined (no state), expect 403
+        (code, response) = yield self.mock_server.trigger_get(
+                           self.created_rmid_msg_path)
+        self.assertEquals(403, code, msg=str(response))
+
+        # get message in created room and invited, expect 403
+        yield self.invite(room=self.created_rmid, src=self.rmcreator_id,
+                          targ=self.user_id)
+        (code, response) = yield self.mock_server.trigger_get(
+                           self.created_rmid_msg_path)
+        self.assertEquals(403, code, msg=str(response))
+
+        # get message in created room and joined, expect 200
+        yield self.join(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger_get(
+                           self.created_rmid_msg_path)
+        self.assertEquals(200, code, msg=str(response))
+
+        # get message in created room and left, expect 403
+        yield self.leave(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger_get(
+                           self.created_rmid_msg_path)
+        self.assertEquals(403, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_send_message(self):
+        msg_content = '{"msgtype":"m.text","body":"hello"}'
+        send_msg_path = ("/rooms/%s/messages/%s/mid1" %
+                        (self.created_rmid, self.user_id))
+
+        # send message in uncreated room, expect 403
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT",
+                           "/rooms/%s/messages/%s/mid1" %
+                           (self.uncreated_rmid, self.user_id), msg_content)
+        self.assertEquals(403, code, msg=str(response))
+
+        # send message in created room not joined (no state), expect 403
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", send_msg_path, msg_content)
+        self.assertEquals(403, code, msg=str(response))
+
+        # send message in created room and invited, expect 403
+        yield self.invite(room=self.created_rmid, src=self.rmcreator_id,
+                          targ=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", send_msg_path, msg_content)
+        self.assertEquals(403, code, msg=str(response))
+
+        # send message in created room and joined, expect 200
+        yield self.join(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", send_msg_path, msg_content)
+        self.assertEquals(200, code, msg=str(response))
+
+        # send message in created room and left, expect 403
+        yield self.leave(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", send_msg_path, msg_content)
+        self.assertEquals(403, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_topic_perms(self):
+        topic_content = '{"topic":"My Topic Name"}'
+        topic_path = "/rooms/%s/topic" % self.created_rmid
+
+        # set/get topic in uncreated room, expect 403
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", "/rooms/%s/topic" % self.uncreated_rmid,
+                           topic_content)
+        self.assertEquals(403, code, msg=str(response))
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/%s/topic" % self.uncreated_rmid)
+        self.assertEquals(403, code, msg=str(response))
+
+        # set/get topic in created PRIVATE room not joined, expect 403
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", topic_path, topic_content)
+        self.assertEquals(403, code, msg=str(response))
+        (code, response) = yield self.mock_server.trigger_get(topic_path)
+        self.assertEquals(403, code, msg=str(response))
+
+        # set topic in created PRIVATE room and invited, expect 403
+        yield self.invite(room=self.created_rmid, src=self.rmcreator_id,
+                          targ=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", topic_path, topic_content)
+        self.assertEquals(403, code, msg=str(response))
+
+        # get topic in created PRIVATE room and invited, expect 200 (or 404)
+        (code, response) = yield self.mock_server.trigger_get(topic_path)
+        self.assertEquals(404, code, msg=str(response))
+
+        # set/get topic in created PRIVATE room and joined, expect 200
+        yield self.join(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", topic_path, topic_content)
+        self.assertEquals(200, code, msg=str(response))
+        (code, response) = yield self.mock_server.trigger_get(topic_path)
+        self.assertEquals(200, code, msg=str(response))
+        self.assert_dict(json.loads(topic_content), response)
+
+        # set/get topic in created PRIVATE room and left, expect 403
+        yield self.leave(room=self.created_rmid, user=self.user_id)
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT", topic_path, topic_content)
+        self.assertEquals(403, code, msg=str(response))
+        (code, response) = yield self.mock_server.trigger_get(topic_path)
+        self.assertEquals(403, code, msg=str(response))
+
+        # get topic in PUBLIC room, not joined, expect 200 (or 404)
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/%s/topic" % self.created_public_rmid)
+        self.assertEquals(200, code, msg=str(response))
+
+        # set topic in PUBLIC room, not joined, expect 403
+        (code, response) = yield self.mock_server.trigger(
+                           "PUT",
+                           "/rooms/%s/topic" % self.created_public_rmid,
+                           topic_content)
+        self.assertEquals(403, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def _test_get_membership(self, room=None, members=[], expect_code=None):
+        path = "/rooms/%s/members/%s/state"
+        for member in members:
+            (code, response) = yield self.mock_server.trigger_get(
+                               path %
+                               (room, member))
+            self.assertEquals(expect_code, code)
+
+    @defer.inlineCallbacks
+    def test_membership_basic_room_perms(self):
+        # === room does not exist ===
+        room = self.uncreated_rmid
+        # get membership of self, get membership of other, uncreated room
+        # expect all 403s
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=403)
+
+        # trying to invite people to this room should 403
+        yield self.invite(room=room, src=self.user_id, targ=self.rmcreator_id,
+                          expect_code=403)
+
+        # set [invite/join/left] of self, set [invite/join/left] of other,
+        # expect all 403s
+        for usr in [self.user_id, self.rmcreator_id]:
+            yield self.join(room=room, user=usr, expect_code=403)
+            yield self.leave(room=room, user=usr, expect_code=403)
+
+    @defer.inlineCallbacks
+    def test_membership_private_room_perms(self):
+        room = self.created_rmid
+        # get membership of self, get membership of other, private room + invite
+        # expect all 403s
+        yield self.invite(room=room, src=self.rmcreator_id,
+                          targ=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=403)
+
+        # get membership of self, get membership of other, private room + joined
+        # expect all 200s
+        yield self.join(room=room, user=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=200)
+
+        # get membership of self, get membership of other, private room + left
+        # expect all 403s
+        yield self.leave(room=room, user=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=403)
+
+    @defer.inlineCallbacks
+    def test_membership_public_room_perms(self):
+        room = self.created_public_rmid
+        # get membership of self, get membership of other, public room + invite
+        # expect all 403s
+        yield self.invite(room=room, src=self.rmcreator_id,
+                          targ=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=403)
+
+        # get membership of self, get membership of other, public room + joined
+        # expect all 200s
+        yield self.join(room=room, user=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=200)
+
+        # get membership of self, get membership of other, public room + left
+        # expect all 403s
+        yield self.leave(room=room, user=self.user_id)
+        yield self._test_get_membership(
+            members=[self.user_id, self.rmcreator_id],
+            room=room, expect_code=403)
+
+    @defer.inlineCallbacks
+    def test_invited_permissions(self):
+        room = self.created_rmid
+        yield self.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
+
+        # set [invite/join/left] of other user, expect 403s
+        yield self.invite(room=room, src=self.user_id, targ=self.rmcreator_id,
+                          expect_code=403)
+        yield self.change_membership(room=room, src=self.user_id,
+                                     targ=self.rmcreator_id,
+                                     membership=Membership.JOIN,
+                                     expect_code=403)
+        yield self.change_membership(room=room, src=self.user_id,
+                                     targ=self.rmcreator_id,
+                                     membership=Membership.LEAVE,
+                                     expect_code=403)
+
+    @defer.inlineCallbacks
+    def test_joined_permissions(self):
+        room = self.created_rmid
+        yield self.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
+        yield self.join(room=room, user=self.user_id)
+
+        # set invited of self, expect 403
+        yield self.invite(room=room, src=self.user_id, targ=self.user_id,
+                          expect_code=403)
+
+        # set joined of self, expect 200 (NOOP)
+        yield self.join(room=room, user=self.user_id)
+
+        other = "@burgundy:red"
+        # set invited of other, expect 200
+        yield self.invite(room=room, src=self.user_id, targ=other,
+                          expect_code=200)
+
+        # set joined of other, expect 403
+        yield self.change_membership(room=room, src=self.user_id,
+                                     targ=other,
+                                     membership=Membership.JOIN,
+                                     expect_code=403)
+
+        # set left of other, expect 403
+        yield self.change_membership(room=room, src=self.user_id,
+                                     targ=other,
+                                     membership=Membership.LEAVE,
+                                     expect_code=403)
+
+        # set left of self, expect 200
+        yield self.leave(room=room, user=self.user_id)
+
+    @defer.inlineCallbacks
+    def test_leave_permissions(self):
+        room = self.created_rmid
+        yield self.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
+        yield self.join(room=room, user=self.user_id)
+        yield self.leave(room=room, user=self.user_id)
+
+        # set [invite/join/left] of self, set [invite/join/left] of other,
+        # expect all 403s
+        for usr in [self.user_id, self.rmcreator_id]:
+            yield self.change_membership(room=room, src=self.user_id,
+                                     targ=usr,
+                                     membership=Membership.INVITE,
+                                     expect_code=403)
+            yield self.change_membership(room=room, src=self.user_id,
+                                     targ=usr,
+                                     membership=Membership.JOIN,
+                                     expect_code=403)
+            yield self.change_membership(room=room, src=self.user_id,
+                                     targ=usr,
+                                     membership=Membership.LEAVE,
+                                     expect_code=403)
+
+
+class RoomsMemberListTestCase(RestTestCase):
+    """ Tests /rooms/$room_id/members/list REST events."""
+    user_id = "@sid1:red"
+
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        self.auth_user_id = self.user_id
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_get_member_list(self):
+        room_id = "!aa:test"
+        yield self.create_room_as(room_id, self.user_id)
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/%s/members/list" % room_id)
+        self.assertEquals(200, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_get_member_list_no_room(self):
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/roomdoesnotexist/members/list")
+        self.assertEquals(403, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_get_member_list_no_permission(self):
+        room_id = "!bb:test"
+        yield self.create_room_as(room_id, "@some_other_guy:red")
+        (code, response) = yield self.mock_server.trigger_get(
+                           "/rooms/%s/members/list" % room_id)
+        self.assertEquals(403, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_get_member_list_mixed_memberships(self):
+        room_id = "!bb:test"
+        room_creator = "@some_other_guy:blue"
+        room_path = "/rooms/%s/members/list" % room_id
+        yield self.create_room_as(room_id, room_creator)
+        yield self.invite(room=room_id, src=room_creator,
+                          targ=self.user_id)
+        # can't see list if you're just invited.
+        (code, response) = yield self.mock_server.trigger_get(room_path)
+        self.assertEquals(403, code, msg=str(response))
+
+        yield self.join(room=room_id, user=self.user_id)
+        # can see list now joined
+        (code, response) = yield self.mock_server.trigger_get(room_path)
+        self.assertEquals(200, code, msg=str(response))
+
+        yield self.leave(room=room_id, user=self.user_id)
+        # can no longer see list, you've left.
+        (code, response) = yield self.mock_server.trigger_get(room_path)
+        self.assertEquals(403, code, msg=str(response))
+
+
+class RoomsCreateTestCase(RestTestCase):
+    """ Tests /rooms and /rooms/$room_id REST events. """
+    user_id = "@sid1:red"
+
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.auth_user_id = self.user_id
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_post_room_no_keys(self):
+        # POST with no config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                                          "{}")
+        self.assertEquals(200, code, response)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_post_room_visibility_key(self):
+        # POST with visibility config key, expect new room id
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                                '{"visibility":"private"}')
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_post_room_custom_key(self):
+        # POST with custom config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                                '{"custom":"stuff"}')
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_post_room_known_and_unknown_keys(self):
+        # POST with custom + known config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                 '{"visibility":"private","custom":"things"}')
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_post_room_invalid_content(self):
+        # POST with invalid content / paths, expect 400
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                                          '{"visibili')
+        self.assertEquals(400, code)
+
+        (code, response) = yield self.mock_server.trigger("POST", "/rooms",
+                                                          '["hello"]')
+        self.assertEquals(400, code)
+
+    @defer.inlineCallbacks
+    def test_put_room_no_keys(self):
+        # PUT with no config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/%21aa%3Atest", "{}"
+        )
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_put_room_visibility_key(self):
+        # PUT with known config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/%21bb%3Atest", '{"visibility":"private"}'
+        )
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_put_room_custom_key(self):
+        # PUT with custom config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/%21cc%3Atest", '{"custom":"stuff"}'
+        )
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_put_room_known_and_unknown_keys(self):
+        # PUT with custom + known config keys, expect new room id
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/%21dd%3Atest",
+            '{"visibility":"private","custom":"things"}'
+        )
+        self.assertEquals(200, code)
+        self.assertTrue("room_id" in response)
+
+    @defer.inlineCallbacks
+    def test_put_room_invalid_content(self):
+        # PUT with invalid content / room names, expect 400
+
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/ee", '{"sdf"'
+        )
+        self.assertEquals(400, code)
+
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/ee", '["hello"]'
+        )
+        self.assertEquals(400, code)
+
+    @defer.inlineCallbacks
+    def test_put_room_conflict(self):
+        yield self.create_room_as("!aa:test", self.user_id)
+
+        # PUT with conflicting room ID, expect 409
+        (code, response) = yield self.mock_server.trigger(
+            "PUT", "/rooms/%21aa%3Atest", "{}"
+        )
+        self.assertEquals(409, code)
+
+
+class RoomTopicTestCase(RestTestCase):
+    """ Tests /rooms/$room_id/topic REST events. """
+    user_id = "@sid1:red"
+
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.auth_user_id = self.user_id
+        self.room_id = "!rid1:test"
+        self.path = "/rooms/%s/topic" % self.room_id
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+        # create the room
+        yield self.create_room_as(self.room_id, self.user_id)
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_invalid_puts(self):
+        # missing keys or invalid json
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, '{}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, '{"_name":"bob"}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, '{"nao')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, '[{"_name":"bob"},{"_name":"jill"}]')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, 'text only')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, '')
+        self.assertEquals(400, code, msg=str(response))
+
+        # valid key, wrong type
+        content = '{"topic":["Topic name"]}'
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, content)
+        self.assertEquals(400, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_rooms_topic(self):
+        # nothing should be there
+        (code, response) = yield self.mock_server.trigger_get(self.path)
+        self.assertEquals(404, code, msg=str(response))
+
+        # valid put
+        content = '{"topic":"Topic name"}'
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        # valid get
+        (code, response) = yield self.mock_server.trigger_get(self.path)
+        self.assertEquals(200, code, msg=str(response))
+        self.assert_dict(json.loads(content), response)
+
+    @defer.inlineCallbacks
+    def test_rooms_topic_with_extra_keys(self):
+        # valid put with extra keys
+        content = '{"topic":"Seasons","subtopic":"Summer"}'
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           self.path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        # valid get
+        (code, response) = yield self.mock_server.trigger_get(self.path)
+        self.assertEquals(200, code, msg=str(response))
+        self.assert_dict(json.loads(content), response)
+
+
+class RoomMemberStateTestCase(RestTestCase):
+    """ Tests /rooms/$room_id/members/$user_id/state REST events. """
+    user_id = "@sid1:red"
+
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.auth_user_id = self.user_id
+        self.room_id = "!rid1:test"
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+        yield self.create_room_as(self.room_id, self.user_id)
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_invalid_puts(self):
+        path = "/rooms/%s/members/%s/state" % (self.room_id, self.user_id)
+        # missing keys or invalid json
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{"_name":"bob"}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{"nao')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '[{"_name":"bob"},{"_name":"jill"}]')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, 'text only')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '')
+        self.assertEquals(400, code, msg=str(response))
+
+        # valid keys, wrong types
+        content = ('{"membership":["%s","%s","%s"]}' %
+                  (Membership.INVITE, Membership.JOIN, Membership.LEAVE))
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(400, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_rooms_members_self(self):
+        path = "/rooms/%s/members/%s/state" % (
+            urllib.quote(self.room_id), self.user_id
+        )
+
+        # valid join message (NOOP since we made the room)
+        content = '{"membership":"%s"}' % Membership.JOIN
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("GET", path, None)
+        self.assertEquals(200, code, msg=str(response))
+        self.assertEquals(json.loads(content), response)
+
+    @defer.inlineCallbacks
+    def test_rooms_members_other(self):
+        self.other_id = "@zzsid1:red"
+        path = "/rooms/%s/members/%s/state" % (
+            urllib.quote(self.room_id), self.other_id
+        )
+
+        # valid invite message
+        content = '{"membership":"%s"}' % Membership.INVITE
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("GET", path, None)
+        self.assertEquals(200, code, msg=str(response))
+        self.assertEquals(json.loads(content), response)
+
+    @defer.inlineCallbacks
+    def test_rooms_members_other_custom_keys(self):
+        self.other_id = "@zzsid1:red"
+        path = "/rooms/%s/members/%s/state" % (
+            urllib.quote(self.room_id), self.other_id
+        )
+
+        # valid invite message with custom key
+        content = ('{"membership":"%s","invite_text":"%s"}' %
+                    (Membership.INVITE, "Join us!"))
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("GET", path, None)
+        self.assertEquals(200, code, msg=str(response))
+        self.assertEquals(json.loads(content), response)
+
+
+class RoomMessagesTestCase(RestTestCase):
+    """ Tests /rooms/$room_id/messages/$user_id/$msg_id REST events. """
+    user_id = "@sid1:red"
+
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.mock_server = MockHttpServer(prefix=PATH_PREFIX)
+        self.auth_user_id = self.user_id
+        self.room_id = "!rid1:test"
+
+        state_handler = Mock(spec=["handle_new_event"])
+        state_handler.handle_new_event.return_value = True
+
+        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
+        persistence_service.get_latest_pdus_in_context.return_value = []
+
+        hs = HomeServer(
+            "test",
+            db_pool=None,
+            http_client=None,
+            federation=Mock(),
+            datastore=MemoryDataStore(),
+            replication_layer=Mock(),
+            state_handler=state_handler,
+            persistence_service=persistence_service,
+        )
+
+        def _get_user_by_token(token=None):
+            return hs.parse_userid(self.auth_user_id)
+        hs.get_auth().get_user_by_token = _get_user_by_token
+
+        synapse.rest.room.register_servlets(hs, self.mock_server)
+
+        yield self.create_room_as(self.room_id, self.user_id)
+
+    def tearDown(self):
+        pass
+
+    @defer.inlineCallbacks
+    def test_invalid_puts(self):
+        path = "/rooms/%s/messages/%s/mid1" % (
+            urllib.quote(self.room_id), self.user_id
+        )
+        # missing keys or invalid json
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{"_name":"bob"}')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '{"nao')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '[{"_name":"bob"},{"_name":"jill"}]')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, 'text only')
+        self.assertEquals(400, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("PUT",
+                           path, '')
+        self.assertEquals(400, code, msg=str(response))
+
+    @defer.inlineCallbacks
+    def test_rooms_messages_sent(self):
+        path = "/rooms/%s/messages/%s/mid1" % (
+            urllib.quote(self.room_id), self.user_id
+        )
+
+        content = '{"body":"test","msgtype":{"type":"a"}}'
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(400, code, msg=str(response))
+
+        # custom message types
+        content = '{"body":"test","msgtype":"test.custom.text"}'
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("GET", path, None)
+        self.assertEquals(200, code, msg=str(response))
+        self.assert_dict(json.loads(content), response)
+
+        # m.text message type
+        path = "/rooms/%s/messages/%s/mid2" % (
+            urllib.quote(self.room_id), self.user_id
+        )
+        content = '{"body":"test2","msgtype":"m.text"}'
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+
+        (code, response) = yield self.mock_server.trigger("GET", path, None)
+        self.assertEquals(200, code, msg=str(response))
+        self.assert_dict(json.loads(content), response)
+
+        # trying to send message in different user path
+        path = "/rooms/%s/messages/%s/mid2" % (
+            urllib.quote(self.room_id), "invalid" + self.user_id
+        )
+        content = '{"body":"test2","msgtype":"m.text"}'
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(403, code, msg=str(response))
diff --git a/tests/rest/utils.py b/tests/rest/utils.py
new file mode 100644
index 0000000000..7e4e570eff
--- /dev/null
+++ b/tests/rest/utils.py
@@ -0,0 +1,112 @@
+# -*- coding: utf-8 -*-
+# twisted imports
+from twisted.internet import defer
+
+# trial imports
+from twisted.trial import unittest
+
+from synapse.api.constants import Membership
+
+import time
+
+class RestTestCase(unittest.TestCase):
+    """Contains extra helper functions to quickly and clearly perform a given
+    REST action, which isn't the focus of the test.
+
+    This subclass assumes there are mock_server and auth_user_id attributes.
+    """
+
+    def __init__(self, *args, **kwargs):
+        super(RestTestCase, self).__init__(*args, **kwargs)
+        self.mock_server = None
+        self.auth_user_id = None
+
+    def mock_get_user_by_token(self, token=None):
+        return self.auth_user_id
+
+    @defer.inlineCallbacks
+    def create_room_as(self, room_id, room_creator, is_public=True, tok=None):
+        temp_id = self.auth_user_id
+        self.auth_user_id = room_creator
+        path = "/rooms/%s" % room_id
+        content = "{}"
+        if not is_public:
+            content = '{"visibility":"private"}'
+        if tok:
+            path = path + "?access_token=%s" % tok
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(200, code, msg=str(response))
+        self.auth_user_id = temp_id
+
+    @defer.inlineCallbacks
+    def invite(self, room=None, src=None, targ=None, expect_code=200, tok=None):
+        yield self.change_membership(room=room, src=src, targ=targ, tok=tok,
+                                     membership=Membership.INVITE,
+                                     expect_code=expect_code)
+
+    @defer.inlineCallbacks
+    def join(self, room=None, user=None, expect_code=200, tok=None):
+        yield self.change_membership(room=room, src=user, targ=user, tok=tok,
+                                     membership=Membership.JOIN,
+                                     expect_code=expect_code)
+
+    @defer.inlineCallbacks
+    def leave(self, room=None, user=None, expect_code=200, tok=None):
+        yield self.change_membership(room=room, src=user, targ=user, tok=tok,
+                                     membership=Membership.LEAVE,
+                                     expect_code=expect_code)
+
+    @defer.inlineCallbacks
+    def change_membership(self, room=None, src=None, targ=None,
+                          membership=None, expect_code=200, tok=None):
+        temp_id = self.auth_user_id
+        self.auth_user_id = src
+
+        path = "/rooms/%s/members/%s/state" % (room, targ)
+        if tok:
+            path = path + "?access_token=%s" % tok
+
+        if membership == Membership.LEAVE:
+            (code, response) = yield self.mock_server.trigger("DELETE", path,
+                                    None)
+            self.assertEquals(expect_code, code, msg=str(response))
+        else:
+            (code, response) = yield self.mock_server.trigger("PUT", path,
+                                    '{"membership":"%s"}' % membership)
+            self.assertEquals(expect_code, code, msg=str(response))
+
+        self.auth_user_id = temp_id
+
+    @defer.inlineCallbacks
+    def register(self, user_id):
+        (code, response) = yield self.mock_server.trigger("POST", "/register",
+                                '{"user_id":"%s"}' % user_id)
+        self.assertEquals(200, code)
+        defer.returnValue(response)
+
+    @defer.inlineCallbacks
+    def send(self, room_id, sender_id, body=None, msg_id=None, tok=None,
+             expect_code=200):
+        if msg_id is None:
+            msg_id = "m%s" % (str(time.time()))
+        if body is None:
+            body = "body_text_here"
+
+        path = "/rooms/%s/messages/%s/%s" % (room_id, sender_id, msg_id)
+        content = '{"msgtype":"m.text","body":"%s"}' % body
+        if tok:
+            path = path + "?access_token=%s" % tok
+
+        (code, response) = yield self.mock_server.trigger("PUT", path, content)
+        self.assertEquals(expect_code, code, msg=str(response))
+
+    def assert_dict(self, required, actual):
+        """Does a partial assert of a dict.
+
+        Args:
+            required (dict): The keys and value which MUST be in 'actual'.
+            actual (dict): The test result. Extra keys will not be checked.
+        """
+        for key in required:
+            self.assertEquals(required[key], actual[key],
+                              msg="%s mismatch. %s" % (key, actual))