gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22257 Commits
842 Branches
342 MiB
 
 
 
 
 
 
Tree: 9bb2eac719
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9bb2eac719'
${ noResults }
synapse/tests/federation/test_federation_server.py

336 lines
13 KiB
Raw Blame History 

  1. # Copyright 2018 New Vector Ltd

  2. # Copyright 2019 Matrix.org Federation C.I.C

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. import logging

  16. from http import HTTPStatus

  17. 

  18. from parameterized import parameterized

  19. 

  20. from twisted.test.proto_helpers import MemoryReactor

  21. 

  22. from synapse.api.room_versions import KNOWN_ROOM_VERSIONS

  23. from synapse.config.server import DEFAULT_ROOM_VERSION

  24. from synapse.events import EventBase, make_event_from_dict

  25. from synapse.federation.federation_server import server_matches_acl_event

  26. from synapse.rest import admin

  27. from synapse.rest.client import login, room

  28. from synapse.server import HomeServer

  29. from synapse.types import JsonDict

  30. from synapse.util import Clock

  31. 

  32. from tests import unittest

  33. from tests.unittest import override_config

  34. 

  35. 

  36. class FederationServerTests(unittest.FederatingHomeserverTestCase):

  37.     servlets = [

  38.         admin.register_servlets,

  39.         room.register_servlets,

  40.         login.register_servlets,

  41.     ]

  42. 

  43.     @parameterized.expand([(b"",), (b"foo",), (b'{"limit": Infinity}',)])

  44.     def test_bad_request(self, query_content: bytes) -> None:

  45.         """

  46.         Querying with bad data returns a reasonable error code.

  47.         """

  48.         u1 = self.register_user("u1", "pass")

  49.         u1_token = self.login("u1", "pass")

  50. 

  51.         room_1 = self.helper.create_room_as(u1, tok=u1_token)

  52.         self.inject_room_member(room_1, "@user:other.example.com", "join")

  53. 

  54.         "/get_missing_events/(?P<room_id>[^/]*)/?"

  55. 

  56.         channel = self.make_request(

  57.             "POST",

  58.             "/_matrix/federation/v1/get_missing_events/%s" % (room_1,),

  59.             query_content,

  60.         )

  61.         self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code, channel.result)

  62.         self.assertEqual(channel.json_body["errcode"], "M_NOT_JSON")

  63. 

  64. 

  65. class ServerACLsTestCase(unittest.TestCase):

  66.     def test_blacklisted_server(self) -> None:

  67.         e = _create_acl_event({"allow": ["*"], "deny": ["evil.com"]})

  68.         logging.info("ACL event: %s", e.content)

  69. 

  70.         self.assertFalse(server_matches_acl_event("evil.com", e))

  71.         self.assertFalse(server_matches_acl_event("EVIL.COM", e))

  72. 

  73.         self.assertTrue(server_matches_acl_event("evil.com.au", e))

  74.         self.assertTrue(server_matches_acl_event("honestly.not.evil.com", e))

  75. 

  76.     def test_block_ip_literals(self) -> None:

  77.         e = _create_acl_event({"allow_ip_literals": False, "allow": ["*"]})

  78.         logging.info("ACL event: %s", e.content)

  79. 

  80.         self.assertFalse(server_matches_acl_event("1.2.3.4", e))

  81.         self.assertTrue(server_matches_acl_event("1a.2.3.4", e))

  82.         self.assertFalse(server_matches_acl_event("[1:2::]", e))

  83.         self.assertTrue(server_matches_acl_event("1:2:3:4", e))

  84. 

  85.     def test_wildcard_matching(self) -> None:

  86.         e = _create_acl_event({"allow": ["good*.com"]})

  87.         self.assertTrue(

  88.             server_matches_acl_event("good.com", e),

  89.             "* matches 0 characters",

  90.         )

  91.         self.assertTrue(

  92.             server_matches_acl_event("GOOD.COM", e),

  93.             "pattern is case-insensitive",

  94.         )

  95.         self.assertTrue(

  96.             server_matches_acl_event("good.aa.com", e),

  97.             "* matches several characters, including '.'",

  98.         )

  99.         self.assertFalse(

  100.             server_matches_acl_event("ishgood.com", e),

  101.             "pattern does not allow prefixes",

  102.         )

  103. 

  104. 

  105. class StateQueryTests(unittest.FederatingHomeserverTestCase):

  106.     servlets = [

  107.         admin.register_servlets,

  108.         room.register_servlets,

  109.         login.register_servlets,

  110.     ]

  111. 

  112.     def test_needs_to_be_in_room(self) -> None:

  113.         """/v1/state/<room_id> requires the server to be in the room"""

  114.         u1 = self.register_user("u1", "pass")

  115.         u1_token = self.login("u1", "pass")

  116. 

  117.         room_1 = self.helper.create_room_as(u1, tok=u1_token)

  118. 

  119.         channel = self.make_signed_federation_request(

  120.             "GET", "/_matrix/federation/v1/state/%s?event_id=xyz" % (room_1,)

  121.         )

  122.         self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, channel.result)

  123.         self.assertEqual(channel.json_body["errcode"], "M_FORBIDDEN")

  124. 

  125. 

  126. class SendJoinFederationTests(unittest.FederatingHomeserverTestCase):

  127.     servlets = [

  128.         admin.register_servlets,

  129.         room.register_servlets,

  130.         login.register_servlets,

  131.     ]

  132. 

  133.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  134.         super().prepare(reactor, clock, hs)

  135. 

  136.         self._storage_controllers = hs.get_storage_controllers()

  137. 

  138.         # create the room

  139.         creator_user_id = self.register_user("kermit", "test")

  140.         tok = self.login("kermit", "test")

  141.         self._room_id = self.helper.create_room_as(

  142.             room_creator=creator_user_id, tok=tok

  143.         )

  144. 

  145.         # a second member on the orgin HS

  146.         second_member_user_id = self.register_user("fozzie", "bear")

  147.         tok2 = self.login("fozzie", "bear")

  148.         self.helper.join(self._room_id, second_member_user_id, tok=tok2)

  149. 

  150.     def _make_join(self, user_id: str) -> JsonDict:

  151.         channel = self.make_signed_federation_request(

  152.             "GET",

  153.             f"/_matrix/federation/v1/make_join/{self._room_id}/{user_id}"

  154.             f"?ver={DEFAULT_ROOM_VERSION}",

  155.         )

  156.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  157.         return channel.json_body

  158. 

  159.     def test_send_join(self) -> None:

  160.         """happy-path test of send_join"""

  161.         joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME

  162.         join_result = self._make_join(joining_user)

  163. 

  164.         join_event_dict = join_result["event"]

  165.         self.add_hashes_and_signatures_from_other_server(

  166.             join_event_dict,

  167.             KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  168.         )

  169.         channel = self.make_signed_federation_request(

  170.             "PUT",

  171.             f"/_matrix/federation/v2/send_join/{self._room_id}/x",

  172.             content=join_event_dict,

  173.         )

  174.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  175. 

  176.         # we should get complete room state back

  177.         returned_state = [

  178.             (ev["type"], ev["state_key"]) for ev in channel.json_body["state"]

  179.         ]

  180.         self.assertCountEqual(

  181.             returned_state,

  182.             [

  183.                 ("m.room.create", ""),

  184.                 ("m.room.power_levels", ""),

  185.                 ("m.room.join_rules", ""),

  186.                 ("m.room.history_visibility", ""),

  187.                 ("m.room.member", "@kermit:test"),

  188.                 ("m.room.member", "@fozzie:test"),

  189.                 # nb: *not* the joining user

  190.             ],

  191.         )

  192. 

  193.         # also check the auth chain

  194.         returned_auth_chain_events = [

  195.             (ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]

  196.         ]

  197.         self.assertCountEqual(

  198.             returned_auth_chain_events,

  199.             [

  200.                 ("m.room.create", ""),

  201.                 ("m.room.member", "@kermit:test"),

  202.                 ("m.room.power_levels", ""),

  203.                 ("m.room.join_rules", ""),

  204.             ],

  205.         )

  206. 

  207.         # the room should show that the new user is a member

  208.         r = self.get_success(

  209.             self._storage_controllers.state.get_current_state(self._room_id)

  210.         )

  211.         self.assertEqual(r[("m.room.member", joining_user)].membership, "join")

  212. 

  213.     def test_send_join_partial_state(self) -> None:

  214.         """/send_join should return partial state, if requested"""

  215.         joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME

  216.         join_result = self._make_join(joining_user)

  217. 

  218.         join_event_dict = join_result["event"]

  219.         self.add_hashes_and_signatures_from_other_server(

  220.             join_event_dict,

  221.             KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  222.         )

  223.         channel = self.make_signed_federation_request(

  224.             "PUT",

  225.             f"/_matrix/federation/v2/send_join/{self._room_id}/x?omit_members=true",

  226.             content=join_event_dict,

  227.         )

  228.         self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

  229. 

  230.         # expect a reduced room state

  231.         returned_state = [

  232.             (ev["type"], ev["state_key"]) for ev in channel.json_body["state"]

  233.         ]

  234.         self.assertCountEqual(

  235.             returned_state,

  236.             [

  237.                 ("m.room.create", ""),

  238.                 ("m.room.power_levels", ""),

  239.                 ("m.room.join_rules", ""),

  240.                 ("m.room.history_visibility", ""),

  241.                 # Users included here because they're heroes.

  242.                 ("m.room.member", "@kermit:test"),

  243.                 ("m.room.member", "@fozzie:test"),

  244.             ],

  245.         )

  246. 

  247.         # the auth chain should not include anything already in "state"

  248.         returned_auth_chain_events = [

  249.             (ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]

  250.         ]

  251.         self.assertCountEqual(

  252.             returned_auth_chain_events,

  253.             # TODO: change the test so that we get at least one event in the auth chain

  254.             #   here.

  255.             [],

  256.         )

  257. 

  258.         # the room should show that the new user is a member

  259.         r = self.get_success(

  260.             self._storage_controllers.state.get_current_state(self._room_id)

  261.         )

  262.         self.assertEqual(r[("m.room.member", joining_user)].membership, "join")

  263. 

  264.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})

  265.     def test_make_join_respects_room_join_rate_limit(self) -> None:

  266.         # In the test setup, two users join the room. Since the rate limiter burst

  267.         # count is 3, a new make_join request to the room should be accepted.

  268. 

  269.         joining_user = "@ronniecorbett:" + self.OTHER_SERVER_NAME

  270.         self._make_join(joining_user)

  271. 

  272.         # Now have a new local user join the room. This saturates the rate limiter

  273.         # bucket, so the next make_join should be denied.

  274.         new_local_user = self.register_user("animal", "animal")

  275.         token = self.login("animal", "animal")

  276.         self.helper.join(self._room_id, new_local_user, tok=token)

  277. 

  278.         joining_user = "@ronniebarker:" + self.OTHER_SERVER_NAME

  279.         channel = self.make_signed_federation_request(

  280.             "GET",

  281.             f"/_matrix/federation/v1/make_join/{self._room_id}/{joining_user}"

  282.             f"?ver={DEFAULT_ROOM_VERSION}",

  283.         )

  284.         self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)

  285. 

  286.     @override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})

  287.     def test_send_join_contributes_to_room_join_rate_limit_and_is_limited(self) -> None:

  288.         # Make two make_join requests up front. (These are rate limited, but do not

  289.         # contribute to the rate limit.)

  290.         join_event_dicts = []

  291.         for i in range(2):

  292.             joining_user = f"@misspiggy{i}:{self.OTHER_SERVER_NAME}"

  293.             join_result = self._make_join(joining_user)

  294.             join_event_dict = join_result["event"]

  295.             self.add_hashes_and_signatures_from_other_server(

  296.                 join_event_dict,

  297.                 KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],

  298.             )

  299.             join_event_dicts.append(join_event_dict)

  300. 

  301.         # In the test setup, two users join the room. Since the rate limiter burst

  302.         # count is 3, the first send_join should be accepted...

  303.         channel = self.make_signed_federation_request(

  304.             "PUT",

  305.             f"/_matrix/federation/v2/send_join/{self._room_id}/join0",

  306.             content=join_event_dicts[0],

  307.         )

  308.         self.assertEqual(channel.code, 200, channel.json_body)

  309. 

  310.         # ... but the second should be denied.

  311.         channel = self.make_signed_federation_request(

  312.             "PUT",

  313.             f"/_matrix/federation/v2/send_join/{self._room_id}/join1",

  314.             content=join_event_dicts[1],

  315.         )

  316.         self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)

  317. 

  318.     # NB: we could write a test which checks that the send_join event is seen

  319.     #   by other workers over replication, and that they update their rate limit

  320.     #   buckets accordingly. I'm going to assume that the join event gets sent over

  321.     #   replication, at which point the tests.handlers.room_member test

  322.     #       test_local_users_joining_on_another_worker_contribute_to_rate_limit

  323.     #   is probably sufficient to reassure that the bucket is updated.

  324. 

  325. 

  326. def _create_acl_event(content: JsonDict) -> EventBase:

  327.     return make_event_from_dict(

  328.         {

  329.             "room_id": "!a:b",

  330.             "event_id": "$a:b",

  331.             "type": "m.room.server_acls",

  332.             "sender": "@a:b",

  333.             "content": content,

  334.         }

  335.     )