gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23441 Commits
842 Branches
474 MiB
 
 
 
 
 
 
Branch: develop
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
synapse/tests/handlers/test_room_member.py

406 lines
16 KiB
Raw Permalink Blame History 

  1. from unittest.mock import AsyncMock, patch

  2. 

  3. from twisted.test.proto_helpers import MemoryReactor

  4. 

  5. import synapse.rest.admin

  6. import synapse.rest.client.login

  7. import synapse.rest.client.room

  8. from synapse.api.constants import EventTypes, Membership

  9. from synapse.api.errors import LimitExceededError, SynapseError

  10. from synapse.crypto.event_signing import add_hashes_and_signatures

  11. from synapse.events import FrozenEventV3

  12. from synapse.federation.federation_client import SendJoinResult

  13. from synapse.server import HomeServer

  14. from synapse.types import UserID, create_requester

  15. from synapse.util import Clock

  16. 

  17. from tests.replication._base import BaseMultiWorkerStreamTestCase

  18. from tests.server import make_request

  19. from tests.unittest import (

  20.     FederatingHomeserverTestCase,

  21.     HomeserverTestCase,

  22.     override_config,

  23. )

  24. 

  25. 

  26. class TestJoinsLimitedByPerRoomRateLimiter(FederatingHomeserverTestCase):

  27.     servlets = [

  28.         synapse.rest.admin.register_servlets,

  29.         synapse.rest.client.login.register_servlets,

  30.         synapse.rest.client.room.register_servlets,

  31.     ]

  32. 

  33.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  34.         self.handler = hs.get_room_member_handler()

  35. 

  36.         # Create three users.

  37.         self.alice = self.register_user("alice", "pass")

  38.         self.alice_token = self.login("alice", "pass")

  39.         self.bob = self.register_user("bob", "pass")

  40.         self.bob_token = self.login("bob", "pass")

  41.         self.chris = self.register_user("chris", "pass")

  42.         self.chris_token = self.login("chris", "pass")

  43. 

  44.         # Create a room on this homeserver. Note that this counts as a join: it

  45.         # contributes to the rate limter's count of actions

  46.         self.room_id = self.helper.create_room_as(self.alice, tok=self.alice_token)

  47. 

  48.         self.intially_unjoined_room_id = f"!example:{self.OTHER_SERVER_NAME}"

  49. 

  50.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 2}})

  51.     def test_local_user_local_joins_contribute_to_limit_and_are_limited(self) -> None:

  52.         # The rate limiter has accumulated one token from Alice's join after the create

  53.         # event.

  54.         # Try joining the room as Bob.

  55.         self.get_success(

  56.             self.handler.update_membership(

  57.                 requester=create_requester(self.bob),

  58.                 target=UserID.from_string(self.bob),

  59.                 room_id=self.room_id,

  60.                 action=Membership.JOIN,

  61.             )

  62.         )

  63. 

  64.         # The rate limiter bucket is full. A second join should be denied.

  65.         self.get_failure(

  66.             self.handler.update_membership(

  67.                 requester=create_requester(self.chris),

  68.                 target=UserID.from_string(self.chris),

  69.                 room_id=self.room_id,

  70.                 action=Membership.JOIN,

  71.             ),

  72.             LimitExceededError,

  73.         )

  74. 

  75.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 2}})

  76.     def test_local_user_profile_edits_dont_contribute_to_limit(self) -> None:

  77.         # The rate limiter has accumulated one token from Alice's join after the create

  78.         # event. Alice should still be able to change her displayname.

  79.         self.get_success(

  80.             self.handler.update_membership(

  81.                 requester=create_requester(self.alice),

  82.                 target=UserID.from_string(self.alice),

  83.                 room_id=self.room_id,

  84.                 action=Membership.JOIN,

  85.                 content={"displayname": "Alice Cooper"},

  86.             )

  87.         )

  88. 

  89.         # Still room in the limiter bucket. Chris's join should be accepted.

  90.         self.get_success(

  91.             self.handler.update_membership(

  92.                 requester=create_requester(self.chris),

  93.                 target=UserID.from_string(self.chris),

  94.                 room_id=self.room_id,

  95.                 action=Membership.JOIN,

  96.             )

  97.         )

  98. 

  99.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 1}})

  100.     def test_remote_joins_contribute_to_rate_limit(self) -> None:

  101.         # Join once, to fill the rate limiter bucket.

  102.         #

  103.         # To do this we have to mock the responses from the remote homeserver.

  104.         # We also patch out a bunch of event checks on our end. All we're really

  105.         # trying to check here is that remote joins will bump the rate limter when

  106.         # they are persisted.

  107.         create_event_source = {

  108.             "auth_events": [],

  109.             "content": {

  110.                 "creator": f"@creator:{self.OTHER_SERVER_NAME}",

  111.                 "room_version": self.hs.config.server.default_room_version.identifier,

  112.             },

  113.             "depth": 0,

  114.             "origin_server_ts": 0,

  115.             "prev_events": [],

  116.             "room_id": self.intially_unjoined_room_id,

  117.             "sender": f"@creator:{self.OTHER_SERVER_NAME}",

  118.             "state_key": "",

  119.             "type": EventTypes.Create,

  120.         }

  121.         self.add_hashes_and_signatures_from_other_server(

  122.             create_event_source,

  123.             self.hs.config.server.default_room_version,

  124.         )

  125.         create_event = FrozenEventV3(

  126.             create_event_source,

  127.             self.hs.config.server.default_room_version,

  128.             {},

  129.             None,

  130.         )

  131. 

  132.         join_event_source = {

  133.             "auth_events": [create_event.event_id],

  134.             "content": {"membership": "join"},

  135.             "depth": 1,

  136.             "origin_server_ts": 100,

  137.             "prev_events": [create_event.event_id],

  138.             "sender": self.bob,

  139.             "state_key": self.bob,

  140.             "room_id": self.intially_unjoined_room_id,

  141.             "type": EventTypes.Member,

  142.         }

  143.         add_hashes_and_signatures(

  144.             self.hs.config.server.default_room_version,

  145.             join_event_source,

  146.             self.hs.hostname,

  147.             self.hs.signing_key,

  148.         )

  149.         join_event = FrozenEventV3(

  150.             join_event_source,

  151.             self.hs.config.server.default_room_version,

  152.             {},

  153.             None,

  154.         )

  155. 

  156.         mock_make_membership_event = AsyncMock(

  157.             return_value=(

  158.                 self.OTHER_SERVER_NAME,

  159.                 join_event,

  160.                 self.hs.config.server.default_room_version,

  161.             )

  162.         )

  163.         mock_send_join = AsyncMock(

  164.             return_value=SendJoinResult(

  165.                 join_event,

  166.                 self.OTHER_SERVER_NAME,

  167.                 state=[create_event],

  168.                 auth_chain=[create_event],

  169.                 partial_state=False,

  170.                 servers_in_room=frozenset(),

  171.             )

  172.         )

  173. 

  174.         with patch.object(

  175.             self.handler.federation_handler.federation_client,

  176.             "make_membership_event",

  177.             mock_make_membership_event,

  178.         ), patch.object(

  179.             self.handler.federation_handler.federation_client,

  180.             "send_join",

  181.             mock_send_join,

  182.         ), patch(

  183.             "synapse.event_auth._is_membership_change_allowed",

  184.             return_value=None,

  185.         ), patch(

  186.             "synapse.handlers.federation_event.check_state_dependent_auth_rules",

  187.             return_value=None,

  188.         ):

  189.             self.get_success(

  190.                 self.handler.update_membership(

  191.                     requester=create_requester(self.bob),

  192.                     target=UserID.from_string(self.bob),

  193.                     room_id=self.intially_unjoined_room_id,

  194.                     action=Membership.JOIN,

  195.                     remote_room_hosts=[self.OTHER_SERVER_NAME],

  196.                 )

  197.             )

  198. 

  199.             # Try to join as Chris. Should get denied.

  200.             self.get_failure(

  201.                 self.handler.update_membership(

  202.                     requester=create_requester(self.chris),

  203.                     target=UserID.from_string(self.chris),

  204.                     room_id=self.intially_unjoined_room_id,

  205.                     action=Membership.JOIN,

  206.                     remote_room_hosts=[self.OTHER_SERVER_NAME],

  207.                 ),

  208.                 LimitExceededError,

  209.             )

  210. 

  211.     # TODO: test that remote joins to a room are rate limited.

  212.     #   Could do this by setting the burst count to 1, then:

  213.     #   - remote-joining a room

  214.     #   - immediately leaving

  215.     #   - trying to remote-join again.

  216. 

  217. 

  218. class TestReplicatedJoinsLimitedByPerRoomRateLimiter(BaseMultiWorkerStreamTestCase):

  219.     servlets = [

  220.         synapse.rest.admin.register_servlets,

  221.         synapse.rest.client.login.register_servlets,

  222.         synapse.rest.client.room.register_servlets,

  223.     ]

  224. 

  225.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  226.         self.handler = hs.get_room_member_handler()

  227. 

  228.         # Create three users.

  229.         self.alice = self.register_user("alice", "pass")

  230.         self.alice_token = self.login("alice", "pass")

  231.         self.bob = self.register_user("bob", "pass")

  232.         self.bob_token = self.login("bob", "pass")

  233.         self.chris = self.register_user("chris", "pass")

  234.         self.chris_token = self.login("chris", "pass")

  235. 

  236.         # Create a room on this homeserver.

  237.         # Note that this counts as a

  238.         self.room_id = self.helper.create_room_as(self.alice, tok=self.alice_token)

  239.         self.intially_unjoined_room_id = "!example:otherhs"

  240. 

  241.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 2}})

  242.     def test_local_users_joining_on_another_worker_contribute_to_rate_limit(

  243.         self,

  244.     ) -> None:

  245.         # The rate limiter has accumulated one token from Alice's join after the create

  246.         # event.

  247.         self.replicate()

  248. 

  249.         # Spawn another worker and have bob join via it.

  250.         worker_app = self.make_worker_hs(

  251.             "synapse.app.generic_worker", extra_config={"worker_name": "other worker"}

  252.         )

  253.         worker_site = self._hs_to_site[worker_app]

  254.         channel = make_request(

  255.             self.reactor,

  256.             worker_site,

  257.             "POST",

  258.             f"/_matrix/client/v3/rooms/{self.room_id}/join",

  259.             access_token=self.bob_token,

  260.         )

  261.         self.assertEqual(channel.code, 200, channel.json_body)

  262. 

  263.         # wait for join to arrive over replication

  264.         self.replicate()

  265. 

  266.         # Try to join as Chris on the worker. Should get denied because Alice

  267.         # and Bob have both joined the room.

  268.         self.get_failure(

  269.             worker_app.get_room_member_handler().update_membership(

  270.                 requester=create_requester(self.chris),

  271.                 target=UserID.from_string(self.chris),

  272.                 room_id=self.room_id,

  273.                 action=Membership.JOIN,

  274.             ),

  275.             LimitExceededError,

  276.         )

  277. 

  278.         # Try to join as Chris on the original worker. Should get denied because Alice

  279.         # and Bob have both joined the room.

  280.         self.get_failure(

  281.             self.handler.update_membership(

  282.                 requester=create_requester(self.chris),

  283.                 target=UserID.from_string(self.chris),

  284.                 room_id=self.room_id,

  285.                 action=Membership.JOIN,

  286.             ),

  287.             LimitExceededError,

  288.         )

  289. 

  290. 

  291. class RoomMemberMasterHandlerTestCase(HomeserverTestCase):

  292.     servlets = [

  293.         synapse.rest.admin.register_servlets,

  294.         synapse.rest.client.login.register_servlets,

  295.         synapse.rest.client.room.register_servlets,

  296.     ]

  297. 

  298.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  299.         self.handler = hs.get_room_member_handler()

  300.         self.store = hs.get_datastores().main

  301. 

  302.         # Create two users.

  303.         self.alice = self.register_user("alice", "pass")

  304.         self.alice_ID = UserID.from_string(self.alice)

  305.         self.alice_token = self.login("alice", "pass")

  306.         self.bob = self.register_user("bob", "pass")

  307.         self.bob_ID = UserID.from_string(self.bob)

  308.         self.bob_token = self.login("bob", "pass")

  309. 

  310.         # Create a room on this homeserver.

  311.         self.room_id = self.helper.create_room_as(self.alice, tok=self.alice_token)

  312. 

  313.     def test_leave_and_forget(self) -> None:

  314.         """Tests that forget a room is successfully. The test is performed with two users,

  315.         as forgetting by the last user respectively after all users had left the

  316.         is a special edge case."""

  317.         self.helper.join(self.room_id, user=self.bob, tok=self.bob_token)

  318. 

  319.         # alice is not the last room member that leaves and forgets the room

  320.         self.helper.leave(self.room_id, user=self.alice, tok=self.alice_token)

  321.         self.get_success(self.handler.forget(self.alice_ID, self.room_id))

  322.         self.assertTrue(

  323.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  324.         )

  325. 

  326.         # the server has not forgotten the room

  327.         self.assertFalse(

  328.             self.get_success(self.store.is_locally_forgotten_room(self.room_id))

  329.         )

  330. 

  331.     def test_leave_and_unforget(self) -> None:

  332.         """Tests if rejoining a room unforgets the room, so that it shows up in sync again."""

  333.         self.helper.join(self.room_id, user=self.bob, tok=self.bob_token)

  334. 

  335.         # alice is not the last room member that leaves and forgets the room

  336.         self.helper.leave(self.room_id, user=self.alice, tok=self.alice_token)

  337.         self.get_success(self.handler.forget(self.alice_ID, self.room_id))

  338.         self.assertTrue(

  339.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  340.         )

  341. 

  342.         self.helper.join(self.room_id, user=self.alice, tok=self.alice_token)

  343.         self.assertFalse(

  344.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  345.         )

  346. 

  347.         # the server has not forgotten the room

  348.         self.assertFalse(

  349.             self.get_success(self.store.is_locally_forgotten_room(self.room_id))

  350.         )

  351. 

  352.     @override_config({"forget_rooms_on_leave": True})

  353.     def test_leave_and_auto_forget(self) -> None:

  354.         """Tests the `forget_rooms_on_leave` config option."""

  355.         self.helper.join(self.room_id, user=self.bob, tok=self.bob_token)

  356. 

  357.         # alice is not the last room member that leaves and forgets the room

  358.         self.helper.leave(self.room_id, user=self.alice, tok=self.alice_token)

  359.         self.assertTrue(

  360.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  361.         )

  362. 

  363.     def test_leave_and_forget_last_user(self) -> None:

  364.         """Tests that forget a room is successfully when the last user has left the room."""

  365. 

  366.         # alice is the last room member that leaves and forgets the room

  367.         self.helper.leave(self.room_id, user=self.alice, tok=self.alice_token)

  368.         self.get_success(self.handler.forget(self.alice_ID, self.room_id))

  369.         self.assertTrue(

  370.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  371.         )

  372. 

  373.         # the server has forgotten the room

  374.         self.assertTrue(

  375.             self.get_success(self.store.is_locally_forgotten_room(self.room_id))

  376.         )

  377. 

  378.     def test_forget_when_not_left(self) -> None:

  379.         """Tests that a user cannot not forgets a room that has not left."""

  380.         self.get_failure(self.handler.forget(self.alice_ID, self.room_id), SynapseError)

  381. 

  382.     def test_rejoin_forgotten_by_user(self) -> None:

  383.         """Test that a user that has forgotten a room can do a re-join.

  384.         The room was not forgotten from the local server.

  385.         One local user is still member of the room."""

  386.         self.helper.join(self.room_id, user=self.bob, tok=self.bob_token)

  387. 

  388.         self.helper.leave(self.room_id, user=self.alice, tok=self.alice_token)

  389.         self.get_success(self.handler.forget(self.alice_ID, self.room_id))

  390.         self.assertTrue(

  391.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  392.         )

  393. 

  394.         # the server has not forgotten the room

  395.         self.assertFalse(

  396.             self.get_success(self.store.is_locally_forgotten_room(self.room_id))

  397.         )

  398. 

  399.         self.helper.join(self.room_id, user=self.alice, tok=self.alice_token)

  400.         # TODO: A join to a room does not invalidate the forgotten cache

  401.         # see https://github.com/matrix-org/synapse/issues/13262

  402.         self.store.did_forget.invalidate_all()

  403.         self.assertFalse(

  404.             self.get_success(self.store.did_forget(self.alice, self.room_id))

  405.         )