summary refs log tree commit diff
path: root/tests/api (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Implements admin API to lock an user (MSC3939) (#15870)Mathieu Velten2023-08-101-0/+3
|
* `N + 3`: Read from column `full_user_id` rather than `user_id` of tables ↵Shay2023-06-021-19/+6
| | | | `profiles` and `user_filters` (#15649)
* Save the scopes in the requesterQuentin Gliech2023-05-301-0/+2
|
* Make the api.auth.Auth a ProtocolQuentin Gliech2023-05-301-2/+2
|
* Properly parse event_fields in filters (#15607)Patrick Cloke2023-05-221-6/+0
| | | | | | | | The event_fields property in filters should use the proper escape rules, namely backslashes can be escaped with an additional backslash. This adds tests (adapted from matrix-js-sdk) and implements the logic to properly split the event_fields strings.
* Add column `full_user_id` to tables `profiles` and `user_filters`. (#15458)Shay2023-04-261-7/+9
|
* Use immutabledict instead of frozendict (#15113)David Robertson2023-03-221-3/+3
| | | | | | | | | | Additionally: * Consistently use `freeze()` in test --------- Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de>
* Properly typecheck tests.api (#14983)David Robertson2023-02-033-107/+132
|
* Add type hints to `TestRatelimiter` (#14885)Andrew Morgan2023-01-211-15/+51
|
* Do not reject `/sync` requests with unrecognised filter fields (#14369)Sean Quah2022-11-071-2/+19
| | | | | | | | For forward compatibility, Synapse needs to ignore fields it does not recognise instead of raising an error. Fixes #14365. Signed-off-by: Sean Quah <seanq@matrix.org>
* Support filtering the /messages API by relation type (MSC3874). (#14148)Patrick Cloke2022-10-171-1/+62
| | | Gated behind an experimental configuration flag.
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-221-1/+7
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Allow rate limiters to passively record actions they cannot limit (#13253)David Robertson2022-07-131-0/+74
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Fix a long-standing bug which meant that rate limiting was not restrictive ↵reivilibre2022-06-151-11/+40
| | | | enough in some cases. (#13018)
* Move the "email unsubscribe" resource, refactor the macaroon generator & ↵Quentin Gliech2022-06-141-10/+5
| | | | | | | | | | | | | | | | | | | | | simplify the access token verification logic. (#12986) This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods.
* Decouple `synapse.api.auth_blocking.AuthBlocking` from ↵Quentin Gliech2022-06-141-15/+27
| | | | `synapse.api.auth.Auth`. (#13021)
* Remove remaining bits of groups code. (#12936)Patrick Cloke2022-06-012-4/+0
| | | | | | * Update worker docs to remove group endpoints. * Removes an unused parameter to `ApplicationService`. * Break dependency between media repo and groups. * Avoid copying `m.room.related_groups` state events during room upgrades.
* Additional constants for EDU types. (#12884)Patrick Cloke2022-05-271-3/+3
| | | Instead of hard-coding strings in many places.
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-041-9/+9
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Remove references to unstable identifiers from MSC3440. (#12382)Patrick Cloke2022-04-121-3/+1
| | | | | Removes references to unstable thread relation, unstable identifiers for filtering parameters, and the experimental config flag.
* Fix `PushRuleEvaluator` and `Filter` to work on frozendicts (#12100)Richard van der Hoff2022-02-281-0/+10
| | | | | | | | | | * Fix `PushRuleEvaluator` to work on frozendicts frozendicts do not (necessarily) inherit from dict, so this needs to handle them correctly. * Fix event filtering for frozen events Looks like this one was introduced by #11194.
* Replace assertEquals and friends with non-deprecated versions. (#12092)Patrick Cloke2022-02-283-42/+42
|
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-233-12/+16
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Allow tracking puppeted users for MAU (#11561)Jason Robinson2022-01-121-0/+33
| | | | | | | | | | | | | | | Currently when puppeting another user, the user doing the puppeting is tracked for client IPs and MAU (if configured). When tracking MAU is important, it becomes necessary to be possible to also track the client IPs and MAU of puppeted users. As an example a client that manages user creation and creation of tokens via the Synapse admin API, passing those tokens for the client to use. This PR adds optional configuration to enable tracking of puppeted users into monthly active users. The default behaviour stays the same. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Add experimental support for MSC3202: allowing application services to ↵reivilibre2021-12-151-0/+64
| | | | masquerade as specific devices. (#11538)
* Support filtering by relations per MSC3440 (#11236)Patrick Cloke2021-11-091-32/+75
| | | | Adds experimental support for `relation_types` and `relation_senders` fields for filters.
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-291-7/+7
|
* Fix AuthBlocking check when requester is appservice (#10881)Jason Robinson2021-09-241-0/+62
| | | | | If the MAU count had been reached, Synapse incorrectly blocked appservice users even though they've been explicitly configured not to be tracked (the default). This was due to bypassing the relevant if as it was chained behind another earlier hit if as an elif. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-231-2/+2
|
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-241-0/+1
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Correctly ratelimit invites when creating a room (#9968)Brendan Abolivier2021-05-121-0/+57
| | | | | * Correctly ratelimit invites when creating a room Also allow ratelimiting for more than one action at a time.
* Change the format of access tokens away from macaroons (#5588)Richard van der Hoff2021-05-121-63/+0
|
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-142-2/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Use mock from the stdlib. (#9772)Patrick Cloke2021-04-091-1/+1
|
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-301-60/+108
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-162-5/+22
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Convert additional test-cases to homeserver test case. (#9396)Patrick Cloke2021-02-162-156/+106
| | | And convert some inlineDeferreds to async-friendly functions.
* Remove redundant mockingRichard van der Hoff2020-12-021-16/+2
|
* Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-1/+3
| | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-171-1/+5
|
* Add ability for access tokens to belong to one user but grant access to ↵Erik Johnston2020-10-292-18/+15
| | | | | | | | | | another user. (#8616) We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-092-13/+4
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-1/+1
|
* Do not yield on awaitables in tests. (#8193)Patrick Cloke2020-08-271-12/+24
|
* Do not apply ratelimiting on joins to appservices (#8139)Will Hunt2020-08-211-0/+73
| | | | | | Add new method ratelimiter.can_requester_do_action and ensure that appservices are exempt from being ratelimited. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Erik Johnston <erik@matrix.org>
* Convert synapse.api to async/await (#8031)Patrick Cloke2020-08-062-39/+66
|
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-051-19/+77
| | | | | | | | | | While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
* Stop Auth methods from polling the config on every req. (#7420)Andrew Morgan2020-05-061-16/+20
|
* Convert auth handler to async/await (#7261)Patrick Cloke2020-04-151-24/+40
|
* Add a `make_event_from_dict` method (#6858)Richard van der Hoff2020-02-071-2/+2
| | | | | | | ... and use it in places where it's trivial to do so. This will make it easier to pass room versions into the FrozenEvent constructors.
* Update copyrightsBrendan Abolivier2019-11-051-0/+3
|
* Incorporate reviewBrendan Abolivier2019-11-011-4/+4
|
* Incorporate reviewBrendan Abolivier2019-11-011-5/+5
|
* LintBrendan Abolivier2019-10-301-12/+4
|
* Add unit testsBrendan Abolivier2019-10-301-0/+51
|
* Ensure support users can be registered even if MAU limit is reachedJason Robinson2019-09-111-0/+18
| | | | | | | | | This allows support users to be created even on MAU limits via the admin API. Support users are excluded from MAU after creation, so it makes sense to exclude them in creation - except if the whole host is in disabled state. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-2/+4
| | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
* Clean up exception handling for access_tokens (#5656)Richard van der Hoff2019-07-111-7/+24
| | | | | | | | | | | | | | | | First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them.
* Inline issue_access_token (#5659)Richard van der Hoff2019-07-111-1/+1
| | | | | | | | this is only used in one place, so it's clearer if we inline it and reduce the API surface. Also, fixes a buglet where we would create an access token even if we were about to block the user (we would never return the AT, so the user could never use it, but it was still created and added to the db.)
* Remove access-token support from RegistrationStore.register (#5642)Richard van der Hoff2019-07-101-1/+1
| | | | | The 'token' param is no longer used anywhere except the tests, so let's kill that off too.
* Run Black. (#5482)Amber Brown2019-06-201-6/+6
|
* Run Black on the tests again (#5170)Amber Brown2019-05-102-4/+3
|
* Enforce hs_disabled_message correctlyRichard van der Hoff2019-03-191-0/+17
| | | | | Fixes a bug where hs_disabled_message was not enforced for 3pid-based requests if there was no server_notices_mxid configured.
* Add rate-limiting on registration (#4735)Brendan Abolivier2019-03-051-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test
* Merge branch rav/macaroon_key_fix_0.34 into rav/macaroon_key_fix_0.34.1Richard van der Hoff2019-01-101-154/+1
|\ | | | | | | Fixes #4371
| * Merge branch 'rav/macaroon_key_fix' into rav/macaroon_key_fix_0.34Richard van der Hoff2019-01-101-154/+1
| |\
| | * Skip macaroon check for access tokens in the dbRichard van der Hoff2019-01-101-148/+1
| | |
* | | create support user (#4141)Neil Johnson2018-12-141-0/+2
|/ / | | | | | | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
* | Allow backslashes in event field filtersRichard van der Hoff2018-10-241-1/+11
| | | | | | | | | | | | | | | | Fixes a bug introduced in https://github.com/matrix-org/synapse/pull/1783 which meant that single backslashes were not allowed in event field filters. The intention here is to allow single-backslashes, but disallow double-backslashes.
* | Port tests/ to Python 3 (#3808)Amber Brown2018-09-071-0/+1
| |
* | fix bug where preserved threepid user comes to sign up and server is mau blockedNeil Johnson2018-08-311-0/+17
| |
* | Change admin_uri to admin_contact in config and errorsErik Johnston2018-08-241-2/+2
| |
* | rename error codeNeil Johnson2018-08-181-2/+2
| |
* | special case server_notices_mxidNeil Johnson2018-08-181-0/+8
| |
* | add new error type ResourceLimitNeil Johnson2018-08-161-3/+3
| |
* | update error codes for resource limitingNeil Johnson2018-08-151-2/+2
| |
* | replace admin_email with admin_uri for greater flexibilityNeil Johnson2018-08-151-2/+2
| |
* | support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-1/+5
| | | | | | | | AuthError in all cases
* | Revert "support admin_email config and pass through into blocking errors, ↵Neil Johnson2018-08-131-5/+1
| | | | | | | | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
* | support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-1/+5
| | | | | | | | AuthError in all cases
* | Run tests under PostgreSQL (#3423)Amber Brown2018-08-132-2/+5
| |
* | Run black.black2018-08-103-305/+139
| |
* | disable HS from configNeil Johnson2018-08-041-1/+10
| |
* | remove unused importNeil Johnson2018-08-031-1/+1
| |
* | bug fixesNeil Johnson2018-08-031-7/+3
| |
* | do mau checks based on monthly_active_users tableNeil Johnson2018-08-021-1/+30
|/
* Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-16/+19
|
* run isortAmber Brown2018-07-092-10/+12
|
* add testMatthew Hodgson2018-06-281-0/+33
|
* fix testsMatthew Hodgson2018-06-281-3/+15
|
* use jsonschema.FormatChecker for RoomID and UserID stringspik2017-03-231-4/+11
| | | | | | * use a valid filter in rest/client/v2_alpha test Signed-off-by: pik <alexander.maznev@gmail.com>
* Add valid filter tests, flake8, fix typopik2017-03-231-5/+49
| | | | Signed-off-by: pik <alexander.maznev@gmail.com>
* check_valid_filter using JSONSchemapik2017-03-231-1/+17
| | | | | | * add invalid filter tests Signed-off-by: pik <alexander.maznev@gmail.com>
* Optimise state resolutionErik Johnston2017-01-171-1/+4
|
* Prevent user tokens being used as guest tokens (#1675)Richard van der Hoff2016-12-061-15/+78
| | | | | Make sure that a user cannot pretend to be a guest by adding 'guest = True' caveats.
* Fix unit testsMark Haines2016-09-121-9/+9
|
* Record device_id in client_ipsRichard van der Hoff2016-07-201-1/+9
| | | | | Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.
* Bug fix: expire invalid access tokensNegar Fazeli2016-07-131-1/+30
|
* Create user with expiryNegi Fazeli2016-05-131-6/+6
| | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
* Test Filter.filter_roomsMark Haines2016-02-191-0/+18
| | | | | Also check that the __repr__ method for FilterCollection does something sensible.
* Fix flake8 warnings for testsMark Haines2016-02-193-10/+7
|
* Fix testErik Johnston2016-01-281-3/+4
|
* Fix testsErik Johnston2016-01-251-6/+4
|
* Fix testsErik Johnston2016-01-221-1/+1
|
* Introduce a Requester objectDaniel Wagner-Hall2016-01-111-6/+6
| | | | | | | | | This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up.
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Allow guests to upgrade their accountsDaniel Wagner-Hall2016-01-051-9/+9
|
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-3/+22
| | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.
* Refactor api.filtering to have a Filter APIErik Johnston2015-10-201-26/+31
|
* update filtering testsMark Haines2015-10-131-6/+6
|
* s/user_id/user/g for consistencyDaniel Wagner-Hall2015-09-011-4/+4
|
* Turn TODO into thing which actually will failDaniel Wagner-Hall2015-08-261-6/+9
|
* Attempt to validate macaroonsDaniel Wagner-Hall2015-08-261-2/+140
| | | | | | | | | | | | | A couple of weird caveats: * If we can't validate your macaroon, we fall back to checking that your access token is in the DB, and ignoring the failure * Even if we can validate your macaroon, we still have to hit the DB to get the access token ID, which we pretend is a device ID all over the codebase. This mostly adds the interesting code, and points out the two pieces we need to delete (and necessary conditions) in order to fix the above caveats.
* Stop looking up "admin", which we never readDaniel Wagner-Hall2015-08-251-2/+0
|
* Remove completely unused concepts from codebaseDaniel Wagner-Hall2015-08-251-5/+3
| | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly.
* s/by_token/by_access_token/gDaniel Wagner-Hall2015-08-201-8/+8
| | | | We're about to have two kinds of token, access and refresh
* Merge branch 'develop' into application-servicesKegan Dougal2015-02-111-12/+2
|\
| * Factor out some of the common homeserver setup code into aMark Haines2015-02-111-12/+2
| | | | | | | | setup_test_homeserver function in utils.
* | Remove unused imports.Kegan Dougal2015-02-091-2/+2
| |
* | Modify auth.get_user_by_req for authing appservices directly.Kegan Dougal2015-02-091-0/+139
|/ | | | | | Add logic to map the appservice token to the autogenned appservice user ID. Add unit tests for all forms of get_user_by_req (user/appservice, valid/bad/missing tokens)
* Create a separate filter object to do the actual filtering, so that we canMark Haines2015-01-291-51/+57
| | | | | split the storage and management of filters from the actual filter code and don't have to load a filter from the db each time we filter an event
* Add filter_room_state unit tests.Kegan Dougal2015-01-291-0/+56
|
* Add basic filtering public API unit tests. Use defers in the right places.Kegan Dougal2015-01-291-1/+53
|
* Add more unit tests for the filter algorithm.Kegan Dougal2015-01-291-5/+259
|
* Implement filter algorithm. Add basic event type unit tests to assert it works.Kegan Dougal2015-01-291-1/+44
|
* Add filter JSON sanity checks.Kegan Dougal2015-01-281-4/+20
|
* Initial stab at real SQL storage implementation of user filter definitionsPaul "LeoNerd" Evans2015-01-271-1/+18
|
* Have the Filtering API return Deferreds, so we can do the Datastore ↵Paul "LeoNerd" Evans2015-01-271-2/+3
| | | | implementation nicely
* Initial trivial unittest of Filtering objectPaul "LeoNerd" Evans2015-01-271-0/+67
|
* Have all unit tests import from our own subclass of trial's unittest ↵Paul "LeoNerd" Evans2014-09-121-1/+1
| | | | TestCase; set up logging in ONE PLACE ONLY
* Test ratelimiterMark Haines2014-09-022-0/+39