diff --git a/tests/events/test_utils.py b/tests/events/test_utils.py
index 9274ce4c39..e2a5fc018c 100644
--- a/tests/events/test_utils.py
+++ b/tests/events/test_utils.py
@@ -301,6 +301,49 @@ class PruneEventTestCase(unittest.TestCase):
room_version=RoomVersions.MSC2176,
)
+ def test_join_rules(self):
+ """Join rules events have changed behavior starting with MSC3083."""
+ self.run_test(
+ {
+ "type": "m.room.join_rules",
+ "event_id": "$test:domain",
+ "content": {
+ "join_rule": "invite",
+ "allow": [],
+ "other_key": "stripped",
+ },
+ },
+ {
+ "type": "m.room.join_rules",
+ "event_id": "$test:domain",
+ "content": {"join_rule": "invite"},
+ "signatures": {},
+ "unsigned": {},
+ },
+ )
+
+ # After MSC3083, alias events have no special behavior.
+ self.run_test(
+ {
+ "type": "m.room.join_rules",
+ "content": {
+ "join_rule": "invite",
+ "allow": [],
+ "other_key": "stripped",
+ },
+ },
+ {
+ "type": "m.room.join_rules",
+ "content": {
+ "join_rule": "invite",
+ "allow": [],
+ },
+ "signatures": {},
+ "unsigned": {},
+ },
+ room_version=RoomVersions.MSC3083,
+ )
+
class SerializeEventTestCase(unittest.TestCase):
def serialize(self, ev, fields):
diff --git a/tests/handlers/test_federation.py b/tests/handlers/test_federation.py
index ba8cf44f46..4140fcefc2 100644
--- a/tests/handlers/test_federation.py
+++ b/tests/handlers/test_federation.py
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
+from typing import List
from unittest import TestCase
from synapse.api.constants import EventTypes
@@ -22,6 +23,7 @@ from synapse.federation.federation_base import event_from_pdu_json
from synapse.logging.context import LoggingContext, run_in_background
from synapse.rest import admin
from synapse.rest.client.v1 import login, room
+from synapse.util.stringutils import random_string
from tests import unittest
@@ -39,6 +41,8 @@ class FederationTestCase(unittest.HomeserverTestCase):
hs = self.setup_test_homeserver(federation_http_client=None)
self.handler = hs.get_federation_handler()
self.store = hs.get_datastore()
+ self.state_store = hs.get_storage().state
+ self._event_auth_handler = hs.get_event_auth_handler()
return hs
def test_exchange_revoked_invite(self):
@@ -190,6 +194,133 @@ class FederationTestCase(unittest.HomeserverTestCase):
self.assertEqual(sg, sg2)
+ def test_backfill_floating_outlier_membership_auth(self):
+ """
+ As the local homeserver, check that we can properly process a federated
+ event from the OTHER_SERVER with auth_events that include a floating
+ membership event from the OTHER_SERVER.
+
+ Regression test, see #10439.
+ """
+ OTHER_SERVER = "otherserver"
+ OTHER_USER = "@otheruser:" + OTHER_SERVER
+
+ # create the room
+ user_id = self.register_user("kermit", "test")
+ tok = self.login("kermit", "test")
+ room_id = self.helper.create_room_as(
+ room_creator=user_id,
+ is_public=True,
+ tok=tok,
+ extra_content={
+ "preset": "public_chat",
+ },
+ )
+ room_version = self.get_success(self.store.get_room_version(room_id))
+
+ prev_event_ids = self.get_success(self.store.get_prev_events_for_room(room_id))
+ (
+ most_recent_prev_event_id,
+ most_recent_prev_event_depth,
+ ) = self.get_success(self.store.get_max_depth_of(prev_event_ids))
+ # mapping from (type, state_key) -> state_event_id
+ prev_state_map = self.get_success(
+ self.state_store.get_state_ids_for_event(most_recent_prev_event_id)
+ )
+ # List of state event ID's
+ prev_state_ids = list(prev_state_map.values())
+ auth_event_ids = prev_state_ids
+ auth_events = list(
+ self.get_success(self.store.get_events(auth_event_ids)).values()
+ )
+
+ # build a floating outlier member state event
+ fake_prev_event_id = "$" + random_string(43)
+ member_event_dict = {
+ "type": EventTypes.Member,
+ "content": {
+ "membership": "join",
+ },
+ "state_key": OTHER_USER,
+ "room_id": room_id,
+ "sender": OTHER_USER,
+ "depth": most_recent_prev_event_depth,
+ "prev_events": [fake_prev_event_id],
+ "origin_server_ts": self.clock.time_msec(),
+ "signatures": {OTHER_SERVER: {"ed25519:key_version": "SomeSignatureHere"}},
+ }
+ builder = self.hs.get_event_builder_factory().for_room_version(
+ room_version, member_event_dict
+ )
+ member_event = self.get_success(
+ builder.build(
+ prev_event_ids=member_event_dict["prev_events"],
+ auth_event_ids=self._event_auth_handler.compute_auth_events(
+ builder,
+ prev_state_map,
+ for_verification=False,
+ ),
+ depth=member_event_dict["depth"],
+ )
+ )
+ # Override the signature added from "test" homeserver that we created the event with
+ member_event.signatures = member_event_dict["signatures"]
+
+ # Add the new member_event to the StateMap
+ prev_state_map[
+ (member_event.type, member_event.state_key)
+ ] = member_event.event_id
+ auth_events.append(member_event)
+
+ # build and send an event authed based on the member event
+ message_event_dict = {
+ "type": EventTypes.Message,
+ "content": {},
+ "room_id": room_id,
+ "sender": OTHER_USER,
+ "depth": most_recent_prev_event_depth,
+ "prev_events": prev_event_ids.copy(),
+ "origin_server_ts": self.clock.time_msec(),
+ "signatures": {OTHER_SERVER: {"ed25519:key_version": "SomeSignatureHere"}},
+ }
+ builder = self.hs.get_event_builder_factory().for_room_version(
+ room_version, message_event_dict
+ )
+ message_event = self.get_success(
+ builder.build(
+ prev_event_ids=message_event_dict["prev_events"],
+ auth_event_ids=self._event_auth_handler.compute_auth_events(
+ builder,
+ prev_state_map,
+ for_verification=False,
+ ),
+ depth=message_event_dict["depth"],
+ )
+ )
+ # Override the signature added from "test" homeserver that we created the event with
+ message_event.signatures = message_event_dict["signatures"]
+
+ # Stub the /event_auth response from the OTHER_SERVER
+ async def get_event_auth(
+ destination: str, room_id: str, event_id: str
+ ) -> List[EventBase]:
+ return auth_events
+
+ self.handler.federation_client.get_event_auth = get_event_auth
+
+ with LoggingContext("receive_pdu"):
+ # Fake the OTHER_SERVER federating the message event over to our local homeserver
+ d = run_in_background(
+ self.handler.on_receive_pdu, OTHER_SERVER, message_event
+ )
+ self.get_success(d)
+
+ # Now try and get the events on our local homeserver
+ stored_event = self.get_success(
+ self.store.get_event(message_event.event_id, allow_none=True)
+ )
+ self.assertTrue(stored_event is not None)
+
@unittest.override_config(
{"rc_invites": {"per_user": {"per_second": 0.5, "burst_count": 3}}}
)
diff --git a/tests/handlers/test_receipts.py b/tests/handlers/test_receipts.py
new file mode 100644
index 0000000000..93a9a084b2
--- /dev/null
+++ b/tests/handlers/test_receipts.py
@@ -0,0 +1,294 @@
+# Copyright 2021 Å imon Brandner <simon.bra.ag@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from typing import List
+
+from synapse.api.constants import ReadReceiptEventFields
+from synapse.types import JsonDict
+
+from tests import unittest
+
+
+class ReceiptsTestCase(unittest.HomeserverTestCase):
+ def prepare(self, reactor, clock, hs):
+ self.event_source = hs.get_event_sources().sources["receipt"]
+
+ # In the first param of _test_filters_hidden we use "hidden" instead of
+ # ReadReceiptEventFields.MSC2285_HIDDEN. We do this because we're mocking
+ # the data from the database which doesn't use the prefix
+
+ def test_filters_out_hidden_receipt(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@rikj:jki.re": {
+ "ts": 1436451550453,
+ "hidden": True,
+ }
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [],
+ )
+
+ def test_does_not_filter_out_our_hidden_receipt(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$1435641916hfgh4394fHBLK:matrix.org": {
+ "m.read": {
+ "@me:server.org": {
+ "ts": 1436451550453,
+ "hidden": True,
+ },
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [
+ {
+ "content": {
+ "$1435641916hfgh4394fHBLK:matrix.org": {
+ "m.read": {
+ "@me:server.org": {
+ "ts": 1436451550453,
+ ReadReceiptEventFields.MSC2285_HIDDEN: True,
+ },
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def test_filters_out_hidden_receipt_and_ignores_rest(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$1dgdgrd5641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@rikj:jki.re": {
+ "ts": 1436451550453,
+ "hidden": True,
+ },
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ },
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [
+ {
+ "content": {
+ "$1dgdgrd5641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def test_filters_out_event_with_only_hidden_receipts_and_ignores_the_rest(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$14356419edgd14394fHBLK:matrix.org": {
+ "m.read": {
+ "@rikj:jki.re": {
+ "ts": 1436451550453,
+ "hidden": True,
+ },
+ }
+ },
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [
+ {
+ "content": {
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def test_handles_missing_content_of_m_read(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$14356419ggffg114394fHBLK:matrix.org": {"m.read": {}},
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [
+ {
+ "content": {
+ "$14356419ggffg114394fHBLK:matrix.org": {"m.read": {}},
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def test_handles_empty_event(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$143564gdfg6114394fHBLK:matrix.org": {},
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ [
+ {
+ "content": {
+ "$143564gdfg6114394fHBLK:matrix.org": {},
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def test_filters_out_receipt_event_with_only_hidden_receipt_and_ignores_rest(self):
+ self._test_filters_hidden(
+ [
+ {
+ "content": {
+ "$14356419edgd14394fHBLK:matrix.org": {
+ "m.read": {
+ "@rikj:jki.re": {
+ "ts": 1436451550453,
+ "hidden": True,
+ },
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ },
+ {
+ "content": {
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ },
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ },
+ ],
+ [
+ {
+ "content": {
+ "$1435641916114394fHBLK:matrix.org": {
+ "m.read": {
+ "@user:jki.re": {
+ "ts": 1436451550453,
+ }
+ }
+ }
+ },
+ "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+ "type": "m.receipt",
+ }
+ ],
+ )
+
+ def _test_filters_hidden(
+ self, events: List[JsonDict], expected_output: List[JsonDict]
+ ):
+ """Tests that the _filter_out_hidden returns the expected output"""
+ filtered_events = self.event_source.filter_out_hidden(events, "@me:server.org")
+ self.assertEquals(filtered_events, expected_output)
diff --git a/tests/http/test_proxyagent.py b/tests/http/test_proxyagent.py
index 437113929a..e5865c161d 100644
--- a/tests/http/test_proxyagent.py
+++ b/tests/http/test_proxyagent.py
@@ -14,19 +14,22 @@
import base64
import logging
import os
-from typing import Optional
+from typing import Iterable, Optional
from unittest.mock import patch
import treq
from netaddr import IPSet
+from parameterized import parameterized
from twisted.internet import interfaces # noqa: F401
+from twisted.internet.endpoints import HostnameEndpoint, _WrapperEndpoint
+from twisted.internet.interfaces import IProtocol, IProtocolFactory
from twisted.internet.protocol import Factory
-from twisted.protocols.tls import TLSMemoryBIOFactory
+from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
from twisted.web.http import HTTPChannel
from synapse.http.client import BlacklistingReactorWrapper
-from synapse.http.proxyagent import ProxyAgent
+from synapse.http.proxyagent import ProxyAgent, ProxyCredentials, parse_proxy
from tests.http import TestServerTLSConnectionFactory, get_test_https_policy
from tests.server import FakeTransport, ThreadedMemoryReactorClock
@@ -37,33 +40,208 @@ logger = logging.getLogger(__name__)
HTTPFactory = Factory.forProtocol(HTTPChannel)
+class ProxyParserTests(TestCase):
+ """
+ Values for test
+ [
+ proxy_string,
+ expected_scheme,
+ expected_hostname,
+ expected_port,
+ expected_credentials,
+ ]
+ """
+
+ @parameterized.expand(
+ [
+ # host
+ [b"localhost", b"http", b"localhost", 1080, None],
+ [b"localhost:9988", b"http", b"localhost", 9988, None],
+ # host+scheme
+ [b"https://localhost", b"https", b"localhost", 1080, None],
+ [b"https://localhost:1234", b"https", b"localhost", 1234, None],
+ # ipv4
+ [b"1.2.3.4", b"http", b"1.2.3.4", 1080, None],
+ [b"1.2.3.4:9988", b"http", b"1.2.3.4", 9988, None],
+ # ipv4+scheme
+ [b"https://1.2.3.4", b"https", b"1.2.3.4", 1080, None],
+ [b"https://1.2.3.4:9988", b"https", b"1.2.3.4", 9988, None],
+ # ipv6 - without brackets is broken
+ # [
+ # b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ # b"http",
+ # b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ # 1080,
+ # None,
+ # ],
+ # [
+ # b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ # b"http",
+ # b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ # 1080,
+ # None,
+ # ],
+ # [b"::1", b"http", b"::1", 1080, None],
+ # [b"::ffff:0.0.0.0", b"http", b"::ffff:0.0.0.0", 1080, None],
+ # ipv6 - with brackets
+ [
+ b"[2001:0db8:85a3:0000:0000:8a2e:0370:effe]",
+ b"http",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ 1080,
+ None,
+ ],
+ [
+ b"[2001:0db8:85a3:0000:0000:8a2e:0370:1234]",
+ b"http",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ 1080,
+ None,
+ ],
+ [b"[::1]", b"http", b"::1", 1080, None],
+ [b"[::ffff:0.0.0.0]", b"http", b"::ffff:0.0.0.0", 1080, None],
+ # ipv6+port
+ [
+ b"[2001:0db8:85a3:0000:0000:8a2e:0370:effe]:9988",
+ b"http",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ 9988,
+ None,
+ ],
+ [
+ b"[2001:0db8:85a3:0000:0000:8a2e:0370:1234]:9988",
+ b"http",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ 9988,
+ None,
+ ],
+ [b"[::1]:9988", b"http", b"::1", 9988, None],
+ [b"[::ffff:0.0.0.0]:9988", b"http", b"::ffff:0.0.0.0", 9988, None],
+ # ipv6+scheme
+ [
+ b"https://[2001:0db8:85a3:0000:0000:8a2e:0370:effe]",
+ b"https",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ 1080,
+ None,
+ ],
+ [
+ b"https://[2001:0db8:85a3:0000:0000:8a2e:0370:1234]",
+ b"https",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ 1080,
+ None,
+ ],
+ [b"https://[::1]", b"https", b"::1", 1080, None],
+ [b"https://[::ffff:0.0.0.0]", b"https", b"::ffff:0.0.0.0", 1080, None],
+ # ipv6+scheme+port
+ [
+ b"https://[2001:0db8:85a3:0000:0000:8a2e:0370:effe]:9988",
+ b"https",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:effe",
+ 9988,
+ None,
+ ],
+ [
+ b"https://[2001:0db8:85a3:0000:0000:8a2e:0370:1234]:9988",
+ b"https",
+ b"2001:0db8:85a3:0000:0000:8a2e:0370:1234",
+ 9988,
+ None,
+ ],
+ [b"https://[::1]:9988", b"https", b"::1", 9988, None],
+ # with credentials
+ [
+ b"https://user:pass@1.2.3.4:9988",
+ b"https",
+ b"1.2.3.4",
+ 9988,
+ b"user:pass",
+ ],
+ [b"user:pass@1.2.3.4:9988", b"http", b"1.2.3.4", 9988, b"user:pass"],
+ [
+ b"https://user:pass@proxy.local:9988",
+ b"https",
+ b"proxy.local",
+ 9988,
+ b"user:pass",
+ ],
+ [
+ b"user:pass@proxy.local:9988",
+ b"http",
+ b"proxy.local",
+ 9988,
+ b"user:pass",
+ ],
+ ]
+ )
+ def test_parse_proxy(
+ self,
+ proxy_string: bytes,
+ expected_scheme: bytes,
+ expected_hostname: bytes,
+ expected_port: int,
+ expected_credentials: Optional[bytes],
+ ):
+ """
+ Tests that a given proxy URL will be broken into the components.
+ Args:
+ proxy_string: The proxy connection string.
+ expected_scheme: Expected value of proxy scheme.
+ expected_hostname: Expected value of proxy hostname.
+ expected_port: Expected value of proxy port.
+ expected_credentials: Expected value of credentials.
+ Must be in form '<username>:<password>' or None
+ """
+ proxy_cred = None
+ if expected_credentials:
+ proxy_cred = ProxyCredentials(expected_credentials)
+ self.assertEqual(
+ (
+ expected_scheme,
+ expected_hostname,
+ expected_port,
+ proxy_cred,
+ ),
+ parse_proxy(proxy_string),
+ )
+
+
class MatrixFederationAgentTests(TestCase):
def setUp(self):
self.reactor = ThreadedMemoryReactorClock()
def _make_connection(
- self, client_factory, server_factory, ssl=False, expected_sni=None
- ):
+ self,
+ client_factory: IProtocolFactory,
+ server_factory: IProtocolFactory,
+ ssl: bool = False,
+ expected_sni: Optional[bytes] = None,
+ tls_sanlist: Optional[Iterable[bytes]] = None,
+ ) -> IProtocol:
"""Builds a test server, and completes the outgoing client connection
Args:
- client_factory (interfaces.IProtocolFactory): the the factory that the
+ client_factory: the the factory that the
application is trying to use to make the outbound connection. We will
invoke it to build the client Protocol
- server_factory (interfaces.IProtocolFactory): a factory to build the
+ server_factory: a factory to build the
server-side protocol
- ssl (bool): If true, we will expect an ssl connection and wrap
+ ssl: If true, we will expect an ssl connection and wrap
server_factory with a TLSMemoryBIOFactory
- expected_sni (bytes|None): the expected SNI value
+ expected_sni: the expected SNI value
+
+ tls_sanlist: list of SAN entries for the TLS cert presented by the server.
+ Defaults to [b'DNS:test.com']
Returns:
- IProtocol: the server Protocol returned by server_factory
+ the server Protocol returned by server_factory
"""
if ssl:
- server_factory = _wrap_server_factory_for_tls(server_factory)
+ server_factory = _wrap_server_factory_for_tls(server_factory, tls_sanlist)
server_protocol = server_factory.buildProtocol(None)
@@ -98,22 +276,28 @@ class MatrixFederationAgentTests(TestCase):
self.assertEqual(
server_name,
expected_sni,
- "Expected SNI %s but got %s" % (expected_sni, server_name),
+ f"Expected SNI {expected_sni!s} but got {server_name!s}",
)
return http_protocol
- def _test_request_direct_connection(self, agent, scheme, hostname, path):
+ def _test_request_direct_connection(
+ self,
+ agent: ProxyAgent,
+ scheme: bytes,
+ hostname: bytes,
+ path: bytes,
+ ):
"""Runs a test case for a direct connection not going through a proxy.
Args:
- agent (ProxyAgent): the proxy agent being tested
+ agent: the proxy agent being tested
- scheme (bytes): expected to be either "http" or "https"
+ scheme: expected to be either "http" or "https"
- hostname (bytes): the hostname to connect to in the test
+ hostname: the hostname to connect to in the test
- path (bytes): the path to connect to in the test
+ path: the path to connect to in the test
"""
is_https = scheme == b"https"
@@ -208,7 +392,7 @@ class MatrixFederationAgentTests(TestCase):
"""
Tests that requests can be made through a proxy.
"""
- self._do_http_request_via_proxy(auth_credentials=None)
+ self._do_http_request_via_proxy(ssl=False, auth_credentials=None)
@patch.dict(
os.environ,
@@ -218,12 +402,28 @@ class MatrixFederationAgentTests(TestCase):
"""
Tests that authenticated requests can be made through a proxy.
"""
- self._do_http_request_via_proxy(auth_credentials="bob:pinkponies")
+ self._do_http_request_via_proxy(ssl=False, auth_credentials=b"bob:pinkponies")
+
+ @patch.dict(
+ os.environ, {"http_proxy": "https://proxy.com:8888", "no_proxy": "unused.com"}
+ )
+ def test_http_request_via_https_proxy(self):
+ self._do_http_request_via_proxy(ssl=True, auth_credentials=None)
+
+ @patch.dict(
+ os.environ,
+ {
+ "http_proxy": "https://bob:pinkponies@proxy.com:8888",
+ "no_proxy": "unused.com",
+ },
+ )
+ def test_http_request_via_https_proxy_with_auth(self):
+ self._do_http_request_via_proxy(ssl=True, auth_credentials=b"bob:pinkponies")
@patch.dict(os.environ, {"https_proxy": "proxy.com", "no_proxy": "unused.com"})
def test_https_request_via_proxy(self):
"""Tests that TLS-encrypted requests can be made through a proxy"""
- self._do_https_request_via_proxy(auth_credentials=None)
+ self._do_https_request_via_proxy(ssl=False, auth_credentials=None)
@patch.dict(
os.environ,
@@ -231,16 +431,40 @@ class MatrixFederationAgentTests(TestCase):
)
def test_https_request_via_proxy_with_auth(self):
"""Tests that authenticated, TLS-encrypted requests can be made through a proxy"""
- self._do_https_request_via_proxy(auth_credentials="bob:pinkponies")
+ self._do_https_request_via_proxy(ssl=False, auth_credentials=b"bob:pinkponies")
+
+ @patch.dict(
+ os.environ, {"https_proxy": "https://proxy.com", "no_proxy": "unused.com"}
+ )
+ def test_https_request_via_https_proxy(self):
+ """Tests that TLS-encrypted requests can be made through a proxy"""
+ self._do_https_request_via_proxy(ssl=True, auth_credentials=None)
+
+ @patch.dict(
+ os.environ,
+ {"https_proxy": "https://bob:pinkponies@proxy.com", "no_proxy": "unused.com"},
+ )
+ def test_https_request_via_https_proxy_with_auth(self):
+ """Tests that authenticated, TLS-encrypted requests can be made through a proxy"""
+ self._do_https_request_via_proxy(ssl=True, auth_credentials=b"bob:pinkponies")
def _do_http_request_via_proxy(
self,
- auth_credentials: Optional[str] = None,
+ ssl: bool = False,
+ auth_credentials: Optional[bytes] = None,
):
+ """Send a http request via an agent and check that it is correctly received at
+ the proxy. The proxy can use either http or https.
+ Args:
+ ssl: True if we expect the request to connect via https to proxy
+ auth_credentials: credentials to authenticate at proxy
"""
- Tests that requests can be made through a proxy.
- """
- agent = ProxyAgent(self.reactor, use_proxy=True)
+ if ssl:
+ agent = ProxyAgent(
+ self.reactor, use_proxy=True, contextFactory=get_test_https_policy()
+ )
+ else:
+ agent = ProxyAgent(self.reactor, use_proxy=True)
self.reactor.lookups["proxy.com"] = "1.2.3.5"
d = agent.request(b"GET", b"http://test.com")
@@ -254,7 +478,11 @@ class MatrixFederationAgentTests(TestCase):
# make a test server, and wire up the client
http_server = self._make_connection(
- client_factory, _get_test_protocol_factory()
+ client_factory,
+ _get_test_protocol_factory(),
+ ssl=ssl,
+ tls_sanlist=[b"DNS:proxy.com"] if ssl else None,
+ expected_sni=b"proxy.com" if ssl else None,
)
# the FakeTransport is async, so we need to pump the reactor
@@ -272,7 +500,7 @@ class MatrixFederationAgentTests(TestCase):
if auth_credentials is not None:
# Compute the correct header value for Proxy-Authorization
- encoded_credentials = base64.b64encode(b"bob:pinkponies")
+ encoded_credentials = base64.b64encode(auth_credentials)
expected_header_value = b"Basic " + encoded_credentials
# Validate the header's value
@@ -295,8 +523,15 @@ class MatrixFederationAgentTests(TestCase):
def _do_https_request_via_proxy(
self,
- auth_credentials: Optional[str] = None,
+ ssl: bool = False,
+ auth_credentials: Optional[bytes] = None,
):
+ """Send a https request via an agent and check that it is correctly received at
+ the proxy and client. The proxy can use either http or https.
+ Args:
+ ssl: True if we expect the request to connect via https to proxy
+ auth_credentials: credentials to authenticate at proxy
+ """
agent = ProxyAgent(
self.reactor,
contextFactory=get_test_https_policy(),
@@ -313,18 +548,15 @@ class MatrixFederationAgentTests(TestCase):
self.assertEqual(host, "1.2.3.5")
self.assertEqual(port, 1080)
- # make a test HTTP server, and wire up the client
+ # make a test server to act as the proxy, and wire up the client
proxy_server = self._make_connection(
- client_factory, _get_test_protocol_factory()
+ client_factory,
+ _get_test_protocol_factory(),
+ ssl=ssl,
+ tls_sanlist=[b"DNS:proxy.com"] if ssl else None,
+ expected_sni=b"proxy.com" if ssl else None,
)
-
- # fish the transports back out so that we can do the old switcheroo
- s2c_transport = proxy_server.transport
- client_protocol = s2c_transport.other
- c2s_transport = client_protocol.transport
-
- # the FakeTransport is async, so we need to pump the reactor
- self.reactor.advance(0)
+ assert isinstance(proxy_server, HTTPChannel)
# now there should be a pending CONNECT request
self.assertEqual(len(proxy_server.requests), 1)
@@ -340,7 +572,7 @@ class MatrixFederationAgentTests(TestCase):
if auth_credentials is not None:
# Compute the correct header value for Proxy-Authorization
- encoded_credentials = base64.b64encode(b"bob:pinkponies")
+ encoded_credentials = base64.b64encode(auth_credentials)
expected_header_value = b"Basic " + encoded_credentials
# Validate the header's value
@@ -352,31 +584,49 @@ class MatrixFederationAgentTests(TestCase):
# tell the proxy server not to close the connection
proxy_server.persistent = True
- # this just stops the http Request trying to do a chunked response
- # request.setHeader(b"Content-Length", b"0")
request.finish()
- # now we can replace the proxy channel with a new, SSL-wrapped HTTP channel
- ssl_factory = _wrap_server_factory_for_tls(_get_test_protocol_factory())
- ssl_protocol = ssl_factory.buildProtocol(None)
- http_server = ssl_protocol.wrappedProtocol
+ # now we make another test server to act as the upstream HTTP server.
+ server_ssl_protocol = _wrap_server_factory_for_tls(
+ _get_test_protocol_factory()
+ ).buildProtocol(None)
- ssl_protocol.makeConnection(
- FakeTransport(client_protocol, self.reactor, ssl_protocol)
- )
- c2s_transport.other = ssl_protocol
+ # Tell the HTTP server to send outgoing traffic back via the proxy's transport.
+ proxy_server_transport = proxy_server.transport
+ server_ssl_protocol.makeConnection(proxy_server_transport)
+
+ # ... and replace the protocol on the proxy's transport with the
+ # TLSMemoryBIOProtocol for the test server, so that incoming traffic
+ # to the proxy gets sent over to the HTTP(s) server.
+ #
+ # This needs a bit of gut-wrenching, which is different depending on whether
+ # the proxy is using TLS or not.
+ #
+ # (an alternative, possibly more elegant, approach would be to use a custom
+ # Protocol to implement the proxy, which starts out by forwarding to an
+ # HTTPChannel (to implement the CONNECT command) and can then be switched
+ # into a mode where it forwards its traffic to another Protocol.)
+ if ssl:
+ assert isinstance(proxy_server_transport, TLSMemoryBIOProtocol)
+ proxy_server_transport.wrappedProtocol = server_ssl_protocol
+ else:
+ assert isinstance(proxy_server_transport, FakeTransport)
+ client_protocol = proxy_server_transport.other
+ c2s_transport = client_protocol.transport
+ c2s_transport.other = server_ssl_protocol
self.reactor.advance(0)
- server_name = ssl_protocol._tlsConnection.get_servername()
+ server_name = server_ssl_protocol._tlsConnection.get_servername()
expected_sni = b"test.com"
self.assertEqual(
server_name,
expected_sni,
- "Expected SNI %s but got %s" % (expected_sni, server_name),
+ f"Expected SNI {expected_sni!s} but got {server_name!s}",
)
# now there should be a pending request
+ http_server = server_ssl_protocol.wrappedProtocol
self.assertEqual(len(http_server.requests), 1)
request = http_server.requests[0]
@@ -510,7 +760,7 @@ class MatrixFederationAgentTests(TestCase):
self.assertEqual(
server_name,
expected_sni,
- "Expected SNI %s but got %s" % (expected_sni, server_name),
+ f"Expected SNI {expected_sni!s} but got {server_name!s}",
)
# now there should be a pending request
@@ -529,16 +779,48 @@ class MatrixFederationAgentTests(TestCase):
body = self.successResultOf(treq.content(resp))
self.assertEqual(body, b"result")
+ @patch.dict(os.environ, {"http_proxy": "proxy.com:8888"})
+ def test_proxy_with_no_scheme(self):
+ http_proxy_agent = ProxyAgent(self.reactor, use_proxy=True)
+ self.assertIsInstance(http_proxy_agent.http_proxy_endpoint, HostnameEndpoint)
+ self.assertEqual(http_proxy_agent.http_proxy_endpoint._hostStr, "proxy.com")
+ self.assertEqual(http_proxy_agent.http_proxy_endpoint._port, 8888)
+
+ @patch.dict(os.environ, {"http_proxy": "socks://proxy.com:8888"})
+ def test_proxy_with_unsupported_scheme(self):
+ with self.assertRaises(ValueError):
+ ProxyAgent(self.reactor, use_proxy=True)
+
+ @patch.dict(os.environ, {"http_proxy": "http://proxy.com:8888"})
+ def test_proxy_with_http_scheme(self):
+ http_proxy_agent = ProxyAgent(self.reactor, use_proxy=True)
+ self.assertIsInstance(http_proxy_agent.http_proxy_endpoint, HostnameEndpoint)
+ self.assertEqual(http_proxy_agent.http_proxy_endpoint._hostStr, "proxy.com")
+ self.assertEqual(http_proxy_agent.http_proxy_endpoint._port, 8888)
+
+ @patch.dict(os.environ, {"http_proxy": "https://proxy.com:8888"})
+ def test_proxy_with_https_scheme(self):
+ https_proxy_agent = ProxyAgent(self.reactor, use_proxy=True)
+ self.assertIsInstance(https_proxy_agent.http_proxy_endpoint, _WrapperEndpoint)
+ self.assertEqual(
+ https_proxy_agent.http_proxy_endpoint._wrappedEndpoint._hostStr, "proxy.com"
+ )
+ self.assertEqual(
+ https_proxy_agent.http_proxy_endpoint._wrappedEndpoint._port, 8888
+ )
+
-def _wrap_server_factory_for_tls(factory, sanlist=None):
+def _wrap_server_factory_for_tls(
+ factory: IProtocolFactory, sanlist: Iterable[bytes] = None
+) -> IProtocolFactory:
"""Wrap an existing Protocol Factory with a test TLSMemoryBIOFactory
The resultant factory will create a TLS server which presents a certificate
signed by our test CA, valid for the domains in `sanlist`
Args:
- factory (interfaces.IProtocolFactory): protocol factory to wrap
- sanlist (iterable[bytes]): list of domains the cert should be valid for
+ factory: protocol factory to wrap
+ sanlist: list of domains the cert should be valid for
Returns:
interfaces.IProtocolFactory
@@ -552,7 +834,7 @@ def _wrap_server_factory_for_tls(factory, sanlist=None):
)
-def _get_test_protocol_factory():
+def _get_test_protocol_factory() -> IProtocolFactory:
"""Get a protocol Factory which will build an HTTPChannel
Returns:
@@ -566,6 +848,6 @@ def _get_test_protocol_factory():
return server_factory
-def _log_request(request):
+def _log_request(request: str):
"""Implements Factory.log, which is expected by Request.finish"""
- logger.info("Completed request %s", request)
+ logger.info(f"Completed request {request}")
diff --git a/tests/rest/admin/test_media.py b/tests/rest/admin/test_media.py
index 6fee0f95b6..7198fd293f 100644
--- a/tests/rest/admin/test_media.py
+++ b/tests/rest/admin/test_media.py
@@ -261,7 +261,7 @@ class DeleteMediaByDateSizeTestCase(unittest.HomeserverTestCase):
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_PARAM, channel.json_body["errcode"])
self.assertEqual(
- "Missing integer query parameter b'before_ts'", channel.json_body["error"]
+ "Missing integer query parameter 'before_ts'", channel.json_body["error"]
)
def test_invalid_parameter(self):
@@ -303,7 +303,7 @@ class DeleteMediaByDateSizeTestCase(unittest.HomeserverTestCase):
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.UNKNOWN, channel.json_body["errcode"])
self.assertEqual(
- "Boolean query parameter b'keep_profiles' must be one of ['true', 'false']",
+ "Boolean query parameter 'keep_profiles' must be one of ['true', 'false']",
channel.json_body["error"],
)
diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
index 4fccce34fd..42f50c0921 100644
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@@ -473,7 +473,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
"""
channel = self.make_request("GET", self.url, b"{}")
- self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(401, channel.code, msg=channel.json_body)
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_no_admin(self):
@@ -485,7 +485,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
channel = self.make_request("GET", self.url, access_token=other_user_token)
- self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(403, channel.code, msg=channel.json_body)
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_all_users(self):
@@ -497,11 +497,11 @@ class UsersListTestCase(unittest.HomeserverTestCase):
channel = self.make_request(
"GET",
self.url + "?deactivated=true",
- b"{}",
+ {},
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(3, len(channel.json_body["users"]))
self.assertEqual(3, channel.json_body["total"])
@@ -532,7 +532,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
)
channel = self.make_request(
"GET",
- url.encode("ascii"),
+ url,
access_token=self.admin_user_tok,
)
self.assertEqual(expected_http_code, channel.code, msg=channel.json_body)
@@ -598,7 +598,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
# negative from
@@ -608,7 +608,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
# invalid guests
@@ -618,7 +618,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual(Codes.UNKNOWN, channel.json_body["errcode"])
# invalid deactivated
@@ -628,7 +628,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual(Codes.UNKNOWN, channel.json_body["errcode"])
# unkown order_by
@@ -648,7 +648,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual(Codes.UNKNOWN, channel.json_body["errcode"])
def test_limit(self):
@@ -666,7 +666,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), 5)
self.assertEqual(channel.json_body["next_token"], "5")
@@ -687,7 +687,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), 15)
self.assertNotIn("next_token", channel.json_body)
@@ -708,7 +708,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(channel.json_body["next_token"], "15")
self.assertEqual(len(channel.json_body["users"]), 10)
@@ -731,7 +731,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), number_users)
self.assertNotIn("next_token", channel.json_body)
@@ -744,7 +744,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), number_users)
self.assertNotIn("next_token", channel.json_body)
@@ -757,7 +757,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), 19)
self.assertEqual(channel.json_body["next_token"], "19")
@@ -771,7 +771,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
access_token=self.admin_user_tok,
)
- self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+ self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(channel.json_body["total"], number_users)
self.assertEqual(len(channel.json_body["users"]), 1)
self.assertNotIn("next_token", channel.json_body)
@@ -781,7 +781,10 @@ class UsersListTestCase(unittest.HomeserverTestCase):
Testing order list with parameter `order_by`
"""
+ # make sure that the users do not have the same timestamps
+ self.reactor.advance(10)
user1 = self.register_user("user1", "pass1", admin=False, displayname="Name Z")
+ self.reactor.advance(10)
user2 = self.register_user("user2", "pass2", admin=False, displayname="Name Y")
# Modify user
@@ -841,6 +844,11 @@ class UsersListTestCase(unittest.HomeserverTestCase):
self._order_test([self.admin_user, user2, user1], "avatar_url", "f")
self._order_test([user1, user2, self.admin_user], "avatar_url", "b")
+ # order by creation_ts
+ self._order_test([self.admin_user, user1, user2], "creation_ts")
+ self._order_test([self.admin_user, user1, user2], "creation_ts", "f")
+ self._order_test([user2, user1, self.admin_user], "creation_ts", "b")
+
def _order_test(
self,
expected_user_list: List[str],
@@ -863,7 +871,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
url += "dir=%s" % (dir,)
channel = self.make_request(
"GET",
- url.encode("ascii"),
+ url,
access_token=self.admin_user_tok,
)
self.assertEqual(200, channel.code, msg=channel.json_body)
@@ -887,6 +895,7 @@ class UsersListTestCase(unittest.HomeserverTestCase):
self.assertIn("shadow_banned", u)
self.assertIn("displayname", u)
self.assertIn("avatar_url", u)
+ self.assertIn("creation_ts", u)
def _create_users(self, number_users: int):
"""
diff --git a/tests/rest/client/v2_alpha/test_account.py b/tests/rest/client/v2_alpha/test_account.py
index 4ef19145d1..317a2287e3 100644
--- a/tests/rest/client/v2_alpha/test_account.py
+++ b/tests/rest/client/v2_alpha/test_account.py
@@ -24,6 +24,7 @@ import pkg_resources
import synapse.rest.admin
from synapse.api.constants import LoginType, Membership
from synapse.api.errors import Codes, HttpResponseException
+from synapse.appservice import ApplicationService
from synapse.rest.client.v1 import login, room
from synapse.rest.client.v2_alpha import account, register
from synapse.rest.synapse.client.password_reset import PasswordResetSubmitTokenResource
@@ -397,7 +398,7 @@ class DeactivateTestCase(unittest.HomeserverTestCase):
self.assertTrue(self.get_success(store.get_user_deactivated_status(user_id)))
# Check that this access token has been invalidated.
- channel = self.make_request("GET", "account/whoami")
+ channel = self.make_request("GET", "account/whoami", access_token=tok)
self.assertEqual(channel.code, 401)
def test_pending_invites(self):
@@ -458,6 +459,46 @@ class DeactivateTestCase(unittest.HomeserverTestCase):
self.assertEqual(channel.code, 200)
+class WhoamiTestCase(unittest.HomeserverTestCase):
+
+ servlets = [
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ account.register_servlets,
+ register.register_servlets,
+ ]
+
+ def test_GET_whoami(self):
+ device_id = "wouldgohere"
+ user_id = self.register_user("kermit", "test")
+ tok = self.login("kermit", "test", device_id=device_id)
+
+ whoami = self.whoami(tok)
+ self.assertEqual(whoami, {"user_id": user_id, "device_id": device_id})
+
+ def test_GET_whoami_appservices(self):
+ user_id = "@as:test"
+ as_token = "i_am_an_app_service"
+
+ appservice = ApplicationService(
+ as_token,
+ self.hs.config.server_name,
+ id="1234",
+ namespaces={"users": [{"regex": user_id, "exclusive": True}]},
+ sender=user_id,
+ )
+ self.hs.get_datastore().services_cache.append(appservice)
+
+ whoami = self.whoami(as_token)
+ self.assertEqual(whoami, {"user_id": user_id})
+ self.assertFalse(hasattr(whoami, "device_id"))
+
+ def whoami(self, tok):
+ channel = self.make_request("GET", "account/whoami", {}, access_token=tok)
+ self.assertEqual(channel.code, 200)
+ return channel.json_body
+
+
class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
servlets = [
diff --git a/tests/rest/client/v2_alpha/test_capabilities.py b/tests/rest/client/v2_alpha/test_capabilities.py
index 874052c61c..f80f48a455 100644
--- a/tests/rest/client/v2_alpha/test_capabilities.py
+++ b/tests/rest/client/v2_alpha/test_capabilities.py
@@ -102,3 +102,49 @@ class CapabilitiesTestCase(unittest.HomeserverTestCase):
self.assertEqual(channel.code, 200)
self.assertFalse(capabilities["m.change_password"]["enabled"])
+
+ def test_get_does_not_include_msc3244_fields_by_default(self):
+ localpart = "user"
+ password = "pass"
+ user = self.register_user(localpart, password)
+ access_token = self.get_success(
+ self.auth_handler.get_access_token_for_user_id(
+ user, device_id=None, valid_until_ms=None
+ )
+ )
+
+ channel = self.make_request("GET", self.url, access_token=access_token)
+ capabilities = channel.json_body["capabilities"]
+
+ self.assertEqual(channel.code, 200)
+ self.assertNotIn(
+ "org.matrix.msc3244.room_capabilities", capabilities["m.room_versions"]
+ )
+
+ @override_config({"experimental_features": {"msc3244_enabled": True}})
+ def test_get_does_include_msc3244_fields_when_enabled(self):
+ localpart = "user"
+ password = "pass"
+ user = self.register_user(localpart, password)
+ access_token = self.get_success(
+ self.auth_handler.get_access_token_for_user_id(
+ user, device_id=None, valid_until_ms=None
+ )
+ )
+
+ channel = self.make_request("GET", self.url, access_token=access_token)
+ capabilities = channel.json_body["capabilities"]
+
+ self.assertEqual(channel.code, 200)
+ for details in capabilities["m.room_versions"][
+ "org.matrix.msc3244.room_capabilities"
+ ].values():
+ if details["preferred"] is not None:
+ self.assertTrue(
+ details["preferred"] in KNOWN_ROOM_VERSIONS,
+ str(details["preferred"]),
+ )
+
+ self.assertGreater(len(details["support"]), 0)
+ for room_version in details["support"]:
+ self.assertTrue(room_version in KNOWN_ROOM_VERSIONS, str(room_version))
diff --git a/tests/rest/client/v2_alpha/test_sync.py b/tests/rest/client/v2_alpha/test_sync.py
index cdca3a3e23..f6ae9ae181 100644
--- a/tests/rest/client/v2_alpha/test_sync.py
+++ b/tests/rest/client/v2_alpha/test_sync.py
@@ -15,9 +15,14 @@
import json
import synapse.rest.admin
-from synapse.api.constants import EventContentFields, EventTypes, RelationTypes
+from synapse.api.constants import (
+ EventContentFields,
+ EventTypes,
+ ReadReceiptEventFields,
+ RelationTypes,
+)
from synapse.rest.client.v1 import login, room
-from synapse.rest.client.v2_alpha import knock, read_marker, sync
+from synapse.rest.client.v2_alpha import knock, read_marker, receipts, sync
from tests import unittest
from tests.federation.transport.test_knocking import (
@@ -368,6 +373,76 @@ class SyncKnockTestCase(
)
+class ReadReceiptsTestCase(unittest.HomeserverTestCase):
+ servlets = [
+ synapse.rest.admin.register_servlets,
+ login.register_servlets,
+ receipts.register_servlets,
+ room.register_servlets,
+ sync.register_servlets,
+ ]
+
+ def prepare(self, reactor, clock, hs):
+ self.url = "/sync?since=%s"
+ self.next_batch = "s0"
+
+ # Register the first user
+ self.user_id = self.register_user("kermit", "monkey")
+ self.tok = self.login("kermit", "monkey")
+
+ # Create the room
+ self.room_id = self.helper.create_room_as(self.user_id, tok=self.tok)
+
+ # Register the second user
+ self.user2 = self.register_user("kermit2", "monkey")
+ self.tok2 = self.login("kermit2", "monkey")
+
+ # Join the second user
+ self.helper.join(room=self.room_id, user=self.user2, tok=self.tok2)
+
+ @override_config({"experimental_features": {"msc2285_enabled": True}})
+ def test_hidden_read_receipts(self):
+ # Send a message as the first user
+ res = self.helper.send(self.room_id, body="hello", tok=self.tok)
+
+ # Send a read receipt to tell the server the first user's message was read
+ body = json.dumps({ReadReceiptEventFields.MSC2285_HIDDEN: True}).encode("utf8")
+ channel = self.make_request(
+ "POST",
+ "/rooms/%s/receipt/m.read/%s" % (self.room_id, res["event_id"]),
+ body,
+ access_token=self.tok2,
+ )
+ self.assertEqual(channel.code, 200)
+
+ # Test that the first user can't see the other user's hidden read receipt
+ self.assertEqual(self._get_read_receipt(), None)
+
+ def _get_read_receipt(self):
+ """Syncs and returns the read receipt."""
+
+ # Checks if event is a read receipt
+ def is_read_receipt(event):
+ return event["type"] == "m.receipt"
+
+ # Sync
+ channel = self.make_request(
+ "GET",
+ self.url % self.next_batch,
+ access_token=self.tok,
+ )
+ self.assertEqual(channel.code, 200)
+
+ # Store the next batch for the next request.
+ self.next_batch = channel.json_body["next_batch"]
+
+ # Return the read receipt
+ ephemeral_events = channel.json_body["rooms"]["join"][self.room_id][
+ "ephemeral"
+ ]["events"]
+ return next(filter(is_read_receipt, ephemeral_events), None)
+
+
class UnreadMessagesTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
@@ -375,6 +450,7 @@ class UnreadMessagesTestCase(unittest.HomeserverTestCase):
read_marker.register_servlets,
room.register_servlets,
sync.register_servlets,
+ receipts.register_servlets,
]
def prepare(self, reactor, clock, hs):
@@ -448,6 +524,23 @@ class UnreadMessagesTestCase(unittest.HomeserverTestCase):
# Check that the unread counter is back to 0.
self._check_unread_count(0)
+ # Check that hidden read receipts don't break unread counts
+ res = self.helper.send(self.room_id, "hello", tok=self.tok2)
+ self._check_unread_count(1)
+
+ # Send a read receipt to tell the server we've read the latest event.
+ body = json.dumps({ReadReceiptEventFields.MSC2285_HIDDEN: True}).encode("utf8")
+ channel = self.make_request(
+ "POST",
+ "/rooms/%s/receipt/m.read/%s" % (self.room_id, res["event_id"]),
+ body,
+ access_token=self.tok,
+ )
+ self.assertEqual(channel.code, 200, channel.json_body)
+
+ # Check that the unread counter is back to 0.
+ self._check_unread_count(0)
+
# Check that room name changes increase the unread counter.
self.helper.send_state(
self.room_id,
diff --git a/tests/state/test_v2.py b/tests/state/test_v2.py
index 43fc79ca74..8370a27195 100644
--- a/tests/state/test_v2.py
+++ b/tests/state/test_v2.py
@@ -484,7 +484,7 @@ class StateTestCase(unittest.TestCase):
state_d = resolve_events_with_store(
FakeClock(),
ROOM_ID,
- RoomVersions.V2.identifier,
+ RoomVersions.V2,
[state_at_event[n] for n in prev_events],
event_map=event_map,
state_res_store=TestStateResolutionStore(event_map),
@@ -496,7 +496,7 @@ class StateTestCase(unittest.TestCase):
if fake_event.state_key is not None:
state_after[(fake_event.type, fake_event.state_key)] = event_id
- auth_types = set(auth_types_for_event(fake_event))
+ auth_types = set(auth_types_for_event(RoomVersions.V6, fake_event))
auth_events = []
for key in auth_types:
@@ -633,7 +633,7 @@ class SimpleParamStateTestCase(unittest.TestCase):
state_d = resolve_events_with_store(
FakeClock(),
ROOM_ID,
- RoomVersions.V2.identifier,
+ RoomVersions.V2,
[self.state_at_bob, self.state_at_charlie],
event_map=None,
state_res_store=TestStateResolutionStore(self.event_map),
diff --git a/tests/storage/test_redaction.py b/tests/storage/test_redaction.py
index dbacce4380..8c95a0a2fb 100644
--- a/tests/storage/test_redaction.py
+++ b/tests/storage/test_redaction.py
@@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-from typing import Optional
+from typing import List, Optional
from canonicaljson import json
@@ -234,8 +234,8 @@ class RedactionTestCase(unittest.HomeserverTestCase):
async def build(
self,
- prev_event_ids,
- auth_event_ids,
+ prev_event_ids: List[str],
+ auth_event_ids: Optional[List[str]],
depth: Optional[int] = None,
):
built_event = await self._base_builder.build(
diff --git a/tests/test_event_auth.py b/tests/test_event_auth.py
index f73306ecc4..e5550aec4d 100644
--- a/tests/test_event_auth.py
+++ b/tests/test_event_auth.py
@@ -351,7 +351,11 @@ class EventAuthTestCase(unittest.TestCase):
"""
Test joining a restricted room from MSC3083.
- This is pretty much the same test as public.
+ This is similar to the public test, but has some additional checks on
+ signatures.
+
+ The checks which care about signatures fake them by simply adding an
+ object of the proper form, not generating valid signatures.
"""
creator = "@creator:example.com"
pleb = "@joiner:example.com"
@@ -359,6 +363,7 @@ class EventAuthTestCase(unittest.TestCase):
auth_events = {
("m.room.create", ""): _create_event(creator),
("m.room.member", creator): _join_event(creator),
+ ("m.room.power_levels", ""): _power_levels_event(creator, {"invite": 0}),
("m.room.join_rules", ""): _join_rules_event(creator, "restricted"),
}
@@ -371,19 +376,81 @@ class EventAuthTestCase(unittest.TestCase):
do_sig_check=False,
)
- # Check join.
+ # A properly formatted join event should work.
+ authorised_join_event = _join_event(
+ pleb,
+ additional_content={
+ "join_authorised_via_users_server": "@creator:example.com"
+ },
+ )
event_auth.check(
RoomVersions.MSC3083,
- _join_event(pleb),
+ authorised_join_event,
auth_events,
do_sig_check=False,
)
- # A user cannot be force-joined to a room.
+ # A join issued by a specific user works (i.e. the power level checks
+ # are done properly).
+ pl_auth_events = auth_events.copy()
+ pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
+ creator, {"invite": 100, "users": {"@inviter:foo.test": 150}}
+ )
+ pl_auth_events[("m.room.member", "@inviter:foo.test")] = _join_event(
+ "@inviter:foo.test"
+ )
+ event_auth.check(
+ RoomVersions.MSC3083,
+ _join_event(
+ pleb,
+ additional_content={
+ "join_authorised_via_users_server": "@inviter:foo.test"
+ },
+ ),
+ pl_auth_events,
+ do_sig_check=False,
+ )
+
+ # A join which is missing an authorised server is rejected.
with self.assertRaises(AuthError):
event_auth.check(
RoomVersions.MSC3083,
- _member_event(pleb, "join", sender=creator),
+ _join_event(pleb),
+ auth_events,
+ do_sig_check=False,
+ )
+
+ # An join authorised by a user who is not in the room is rejected.
+ pl_auth_events = auth_events.copy()
+ pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
+ creator, {"invite": 100, "users": {"@other:example.com": 150}}
+ )
+ with self.assertRaises(AuthError):
+ event_auth.check(
+ RoomVersions.MSC3083,
+ _join_event(
+ pleb,
+ additional_content={
+ "join_authorised_via_users_server": "@other:example.com"
+ },
+ ),
+ auth_events,
+ do_sig_check=False,
+ )
+
+ # A user cannot be force-joined to a room. (This uses an event which
+ # *would* be valid, but is sent be a different user.)
+ with self.assertRaises(AuthError):
+ event_auth.check(
+ RoomVersions.MSC3083,
+ _member_event(
+ pleb,
+ "join",
+ sender=creator,
+ additional_content={
+ "join_authorised_via_users_server": "@inviter:foo.test"
+ },
+ ),
auth_events,
do_sig_check=False,
)
@@ -393,7 +460,7 @@ class EventAuthTestCase(unittest.TestCase):
with self.assertRaises(AuthError):
event_auth.check(
RoomVersions.MSC3083,
- _join_event(pleb),
+ authorised_join_event,
auth_events,
do_sig_check=False,
)
@@ -402,12 +469,13 @@ class EventAuthTestCase(unittest.TestCase):
auth_events[("m.room.member", pleb)] = _member_event(pleb, "leave")
event_auth.check(
RoomVersions.MSC3083,
- _join_event(pleb),
+ authorised_join_event,
auth_events,
do_sig_check=False,
)
- # A user can send a join if they're in the room.
+ # A user can send a join if they're in the room. (This doesn't need to
+ # be authorised since the user is already joined.)
auth_events[("m.room.member", pleb)] = _member_event(pleb, "join")
event_auth.check(
RoomVersions.MSC3083,
@@ -416,7 +484,8 @@ class EventAuthTestCase(unittest.TestCase):
do_sig_check=False,
)
- # A user can accept an invite.
+ # A user can accept an invite. (This doesn't need to be authorised since
+ # the user was invited.)
auth_events[("m.room.member", pleb)] = _member_event(
pleb, "invite", sender=creator
)
@@ -446,7 +515,10 @@ def _create_event(user_id: str) -> EventBase:
def _member_event(
- user_id: str, membership: str, sender: Optional[str] = None
+ user_id: str,
+ membership: str,
+ sender: Optional[str] = None,
+ additional_content: Optional[dict] = None,
) -> EventBase:
return make_event_from_dict(
{
@@ -455,14 +527,14 @@ def _member_event(
"type": "m.room.member",
"sender": sender or user_id,
"state_key": user_id,
- "content": {"membership": membership},
+ "content": {"membership": membership, **(additional_content or {})},
"prev_events": [],
}
)
-def _join_event(user_id: str) -> EventBase:
- return _member_event(user_id, "join")
+def _join_event(user_id: str, additional_content: Optional[dict] = None) -> EventBase:
+ return _member_event(user_id, "join", additional_content=additional_content)
def _power_levels_event(sender: str, content: JsonDict) -> EventBase:
diff --git a/tests/test_preview.py b/tests/test_preview.py
index cac3d81ac1..48e792b55b 100644
--- a/tests/test_preview.py
+++ b/tests/test_preview.py
@@ -325,6 +325,19 @@ class MediaEncodingTestCase(unittest.TestCase):
)
self.assertEqual(encoding, "ascii")
+ def test_meta_charset_underscores(self):
+ """A character encoding contains underscore."""
+ encoding = get_html_media_encoding(
+ b"""
+ <html>
+ <head><meta charset="Shift_JIS">
+ </head>
+ </html>
+ """,
+ "text/html",
+ )
+ self.assertEqual(encoding, "Shift_JIS")
+
def test_xml_encoding(self):
"""A character encoding is found via the meta tag."""
encoding = get_html_media_encoding(
|
