gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23441 Commits
842 Branches
432 MiB
 
 
 
 
 
 
Branch: develop
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
synapse/tests/federation/test_federation_server.py

345 lines
13 KiB
Raw Permalink Blame History 

  1. # Copyright 2018 New Vector Ltd

  2. # Copyright 2019 Matrix.org Federation C.I.C

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. import logging

  16. from http import HTTPStatus

  17. 

  18. from parameterized import parameterized

  19. 

  20. from twisted.test.proto_helpers import MemoryReactor

  21. 

  22. from synapse.api.room_versions import KNOWN_ROOM_VERSIONS

  23. from synapse.config.server import DEFAULT_ROOM_VERSION

  24. from synapse.events import EventBase, make_event_from_dict

  25. from synapse.rest import admin

  26. from synapse.rest.client import login, room

  27. from synapse.server import HomeServer

  28. from synapse.storage.controllers.state import server_acl_evaluator_from_event

  29. from synapse.types import JsonDict

  30. from synapse.util import Clock

  31. 

  32. from tests import unittest

  33. from tests.unittest import override_config

  34. 

  35. 

  36. class FederationServerTests(unittest.FederatingHomeserverTestCase):

  37.     servlets = [

  38.         admin.register_servlets,

  39.         room.register_servlets,

  40.         login.register_servlets,

  41.     ]

  42. 

  43.     @parameterized.expand([(b"",), (b"foo",), (b'{"limit": Infinity}',)])

  44.     def test_bad_request(self, query_content: bytes) -> None:

  45.         """

  46.         Querying with bad data returns a reasonable error code.

  47.         """

  48.         u1 = self.register_user("u1", "pass")

  49.         u1_token = self.login("u1", "pass")

  50. 

  51.         room_1 = self.helper.create_room_as(u1, tok=u1_token)

  52.         self.inject_room_member(room_1, "@user:other.example.com", "join")

  53. 

  54.         "/get_missing_events/(?P<room_id>[^/]*)/?"

  55. 

  56.         channel = self.make_request(

  57.             "POST",

  58.             "/_matrix/federation/v1/get_missing_events/%s" % (room_1,),

  59.             query_content,

  60.         )

  61.         self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code, channel.result)

  62.         self.assertEqual(channel.json_body["errcode"], "M_NOT_JSON")

  63. 

  64. 

  65. class ServerACLsTestCase(unittest.TestCase):

  66.     def test_blocked_server(self) -> None:

  67.         e = _create_acl_event({"allow": ["*"], "deny": ["evil.com"]})

  68.         logging.info("ACL event: %s", e.content)

  69. 

  70.         server_acl_evalutor = server_acl_evaluator_from_event(e)

  71. 

  72.         self.assertFalse(server_acl_evalutor.server_matches_acl_event("evil.com"))

  73.         self.assertFalse(server_acl_evalutor.server_matches_acl_event("EVIL.COM"))

  74. 

  75.         self.assertTrue(server_acl_evalutor.server_matches_acl_event("evil.com.au"))

  76.         self.assertTrue(

  77.             server_acl_evalutor.server_matches_acl_event("honestly.not.evil.com")

  78.         )

  79. 

  80.     def test_block_ip_literals(self) -> None:

  81.         e = _create_acl_event({"allow_ip_literals": False, "allow": ["*"]})

  82.         logging.info("ACL event: %s", e.content)

  83. 

  84.         server_acl_evalutor = server_acl_evaluator_from_event(e)

  85. 

  86.         self.assertFalse(server_acl_evalutor.server_matches_acl_event("1.2.3.4"))

  87.         self.assertTrue(server_acl_evalutor.server_matches_acl_event("1a.2.3.4"))

  88.         self.assertFalse(server_acl_evalutor.server_matches_acl_event("[1:2::]"))

  89.         self.assertTrue(server_acl_evalutor.server_matches_acl_event("1:2:3:4"))

  90. 

  91.     def test_wildcard_matching(self) -> None:

  92.         e = _create_acl_event({"allow": ["good*.com"]})

  93. 

  94.         server_acl_evalutor = server_acl_evaluator_from_event(e)

  95. 

  96.         self.assertTrue(

  97.             server_acl_evalutor.server_matches_acl_event("good.com"),

  98.             "* matches 0 characters",

  99.         )

  100.         self.assertTrue(

  101.             server_acl_evalutor.server_matches_acl_event("GOOD.COM"),

  102.             "pattern is case-insensitive",

  103.         )

  104.         self.assertTrue(

  105.             server_acl_evalutor.server_matches_acl_event("good.aa.com"),

  106.             "* matches several characters, including '.'",

  107.         )

  108.         self.assertFalse(

  109.             server_acl_evalutor.server_matches_acl_event("ishgood.com"),

  110.             "pattern does not allow prefixes",

  111.         )

  112. 

  113. 

  114. class StateQueryTests(unittest.FederatingHomeserverTestCase):

  115.     servlets = [

  116.         admin.register_servlets,

  117.         room.register_servlets,

  118.         login.register_servlets,

  119.     ]

  120. 

  121.     def test_needs_to_be_in_room(self) -> None:

  122.         """/v1/state/<room_id> requires the server to be in the room"""

  123.         u1 = self.register_user("u1", "pass")

  124.         u1_token = self.login("u1", "pass")

  125. 

  126.         room_1 = self.helper.create_room_as(u1, tok=u1_token)

  127. 

  128.         channel = self.make_signed_federation_request(

  129.             "GET", "/_matrix/federation/v1/state/%s?event_id=xyz" % (room_1,)

  130.         )

  131.         self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, channel.result)

  132.         self.assertEqual(channel.json_body["errcode"], "M_FORBIDDEN")

  133. 

  134. 

  135. class SendJoinFederationTests(unittest.FederatingHomeserverTestCase):

  136.     servlets = [

  137.         admin.register_servlets,

  138.         room.register_servlets,

  139.         login.register_servlets,

  140.     ]

  141. 

  142.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  143.         super().prepare(reactor, clock, hs)

  144. 

  145.         self._storage_controllers = hs.get_storage_controllers()

  146. 

  147.         # create the room

  148.         creator_user_id = self.register_user("kermit", "test")

  149.         tok = self.login("kermit", "test")

  150.         self._room_id = self.helper.create_room_as(

  151.             room_creator=creator_user_id, tok=tok

  152.         )

  153. 

  154.         # a second member on the orgin HS

  155.         second_member_user_id = self.register_user("fozzie", "bear")

  156.         tok2 = self.login("fozzie", "bear")

  157.         self.helper.join(self._room_id, second_member_user_id, tok=tok2)

  158. 

  159.     def _make_join(self, user_id: str) -> JsonDict:

  160.         channel = self.make_signed_federation_request(

  161.             "GET",

  162.             f"/_matrix/federation/v1/make_join/{self._room_id}/{user_id}"

  163.             f"?ver={DEFAULT_ROOM_VERSION}",

  164.         )

  165.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  166.         return channel.json_body

  167. 

  168.     def test_send_join(self) -> None:

  169.         """happy-path test of send_join"""

  170.         joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME

  171.         join_result = self._make_join(joining_user)

  172. 

  173.         join_event_dict = join_result["event"]

  174.         self.add_hashes_and_signatures_from_other_server(

  175.             join_event_dict,

  176.             KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  177.         )

  178.         channel = self.make_signed_federation_request(

  179.             "PUT",

  180.             f"/_matrix/federation/v2/send_join/{self._room_id}/x",

  181.             content=join_event_dict,

  182.         )

  183.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  184. 

  185.         # we should get complete room state back

  186.         returned_state = [

  187.             (ev["type"], ev["state_key"]) for ev in channel.json_body["state"]

  188.         ]

  189.         self.assertCountEqual(

  190.             returned_state,

  191.             [

  192.                 ("m.room.create", ""),

  193.                 ("m.room.power_levels", ""),

  194.                 ("m.room.join_rules", ""),

  195.                 ("m.room.history_visibility", ""),

  196.                 ("m.room.member", "@kermit:test"),

  197.                 ("m.room.member", "@fozzie:test"),

  198.                 # nb: *not* the joining user

  199.             ],

  200.         )

  201. 

  202.         # also check the auth chain

  203.         returned_auth_chain_events = [

  204.             (ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]

  205.         ]

  206.         self.assertCountEqual(

  207.             returned_auth_chain_events,

  208.             [

  209.                 ("m.room.create", ""),

  210.                 ("m.room.member", "@kermit:test"),

  211.                 ("m.room.power_levels", ""),

  212.                 ("m.room.join_rules", ""),

  213.             ],

  214.         )

  215. 

  216.         # the room should show that the new user is a member

  217.         r = self.get_success(

  218.             self._storage_controllers.state.get_current_state(self._room_id)

  219.         )

  220.         self.assertEqual(r[("m.room.member", joining_user)].membership, "join")

  221. 

  222.     def test_send_join_partial_state(self) -> None:

  223.         """/send_join should return partial state, if requested"""

  224.         joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME

  225.         join_result = self._make_join(joining_user)

  226. 

  227.         join_event_dict = join_result["event"]

  228.         self.add_hashes_and_signatures_from_other_server(

  229.             join_event_dict,

  230.             KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  231.         )

  232.         channel = self.make_signed_federation_request(

  233.             "PUT",

  234.             f"/_matrix/federation/v2/send_join/{self._room_id}/x?omit_members=true",

  235.             content=join_event_dict,

  236.         )

  237.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  238. 

  239.         # expect a reduced room state

  240.         returned_state = [

  241.             (ev["type"], ev["state_key"]) for ev in channel.json_body["state"]

  242.         ]

  243.         self.assertCountEqual(

  244.             returned_state,

  245.             [

  246.                 ("m.room.create", ""),

  247.                 ("m.room.power_levels", ""),

  248.                 ("m.room.join_rules", ""),

  249.                 ("m.room.history_visibility", ""),

  250.                 # Users included here because they're heroes.

  251.                 ("m.room.member", "@kermit:test"),

  252.                 ("m.room.member", "@fozzie:test"),

  253.             ],

  254.         )

  255. 

  256.         # the auth chain should not include anything already in "state"

  257.         returned_auth_chain_events = [

  258.             (ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]

  259.         ]

  260.         self.assertCountEqual(

  261.             returned_auth_chain_events,

  262.             # TODO: change the test so that we get at least one event in the auth chain

  263.             #   here.

  264.             [],

  265.         )

  266. 

  267.         # the room should show that the new user is a member

  268.         r = self.get_success(

  269.             self._storage_controllers.state.get_current_state(self._room_id)

  270.         )

  271.         self.assertEqual(r[("m.room.member", joining_user)].membership, "join")

  272. 

  273.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})

  274.     def test_make_join_respects_room_join_rate_limit(self) -> None:

  275.         # In the test setup, two users join the room. Since the rate limiter burst

  276.         # count is 3, a new make_join request to the room should be accepted.

  277. 

  278.         joining_user = "@ronniecorbett:" + self.OTHER_SERVER_NAME

  279.         self._make_join(joining_user)

  280. 

  281.         # Now have a new local user join the room. This saturates the rate limiter

  282.         # bucket, so the next make_join should be denied.

  283.         new_local_user = self.register_user("animal", "animal")

  284.         token = self.login("animal", "animal")

  285.         self.helper.join(self._room_id, new_local_user, tok=token)

  286. 

  287.         joining_user = "@ronniebarker:" + self.OTHER_SERVER_NAME

  288.         channel = self.make_signed_federation_request(

  289.             "GET",

  290.             f"/_matrix/federation/v1/make_join/{self._room_id}/{joining_user}"

  291.             f"?ver={DEFAULT_ROOM_VERSION}",

  292.         )

  293.         self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)

  294. 

  295.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})

  296.     def test_send_join_contributes_to_room_join_rate_limit_and_is_limited(self) -> None:

  297.         # Make two make_join requests up front. (These are rate limited, but do not

  298.         # contribute to the rate limit.)

  299.         join_event_dicts = []

  300.         for i in range(2):

  301.             joining_user = f"@misspiggy{i}:{self.OTHER_SERVER_NAME}"

  302.             join_result = self._make_join(joining_user)

  303.             join_event_dict = join_result["event"]

  304.             self.add_hashes_and_signatures_from_other_server(

  305.                 join_event_dict,

  306.                 KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  307.             )

  308.             join_event_dicts.append(join_event_dict)

  309. 

  310.         # In the test setup, two users join the room. Since the rate limiter burst

  311.         # count is 3, the first send_join should be accepted...

  312.         channel = self.make_signed_federation_request(

  313.             "PUT",

  314.             f"/_matrix/federation/v2/send_join/{self._room_id}/join0",

  315.             content=join_event_dicts[0],

  316.         )

  317.         self.assertEqual(channel.code, 200, channel.json_body)

  318. 

  319.         # ... but the second should be denied.

  320.         channel = self.make_signed_federation_request(

  321.             "PUT",

  322.             f"/_matrix/federation/v2/send_join/{self._room_id}/join1",

  323.             content=join_event_dicts[1],

  324.         )

  325.         self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)

  326. 

  327.     # NB: we could write a test which checks that the send_join event is seen

  328.     #   by other workers over replication, and that they update their rate limit

  329.     #   buckets accordingly. I'm going to assume that the join event gets sent over

  330.     #   replication, at which point the tests.handlers.room_member test

  331.     #       test_local_users_joining_on_another_worker_contribute_to_rate_limit

  332.     #   is probably sufficient to reassure that the bucket is updated.

  333. 

  334. 

  335. def _create_acl_event(content: JsonDict) -> EventBase:

  336.     return make_event_from_dict(

  337.         {

  338.             "room_id": "!a:b",

  339.             "event_id": "$a:b",

  340.             "type": "m.room.server_acls",

  341.             "sender": "@a:b",

  342.             "content": content,

  343.         }

  344.     )