gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22257 Commits
842 Branches
342 MiB
 
 
 
 
 
 
Tree: 9bb2eac719
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9bb2eac719'
${ noResults }
synapse/tests/rest/admin/test_device.py

539 lines
17 KiB
Raw Blame History 

  1. # Copyright 2020 Dirk Klimpel

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. #     http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. import urllib.parse

  15. 

  16. from parameterized import parameterized

  17. 

  18. from twisted.test.proto_helpers import MemoryReactor

  19. 

  20. import synapse.rest.admin

  21. from synapse.api.errors import Codes

  22. from synapse.handlers.device import DeviceHandler

  23. from synapse.rest.client import login

  24. from synapse.server import HomeServer

  25. from synapse.util import Clock

  26. 

  27. from tests import unittest

  28. 

  29. 

  30. class DeviceRestTestCase(unittest.HomeserverTestCase):

  31.     servlets = [

  32.         synapse.rest.admin.register_servlets,

  33.         login.register_servlets,

  34.     ]

  35. 

  36.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  37.         handler = hs.get_device_handler()

  38.         assert isinstance(handler, DeviceHandler)

  39.         self.handler = handler

  40. 

  41.         self.admin_user = self.register_user("admin", "pass", admin=True)

  42.         self.admin_user_tok = self.login("admin", "pass")

  43. 

  44.         self.other_user = self.register_user("user", "pass")

  45.         self.other_user_token = self.login("user", "pass")

  46.         res = self.get_success(self.handler.get_devices_by_user(self.other_user))

  47.         self.other_user_device_id = res[0]["device_id"]

  48. 

  49.         self.url = "/_synapse/admin/v2/users/%s/devices/%s" % (

  50.             urllib.parse.quote(self.other_user),

  51.             self.other_user_device_id,

  52.         )

  53. 

  54.     @parameterized.expand(["GET", "PUT", "DELETE"])

  55.     def test_no_auth(self, method: str) -> None:

  56.         """

  57.         Try to get a device of an user without authentication.

  58.         """

  59.         channel = self.make_request(method, self.url, b"{}")

  60. 

  61.         self.assertEqual(

  62.             401,

  63.             channel.code,

  64.             msg=channel.json_body,

  65.         )

  66.         self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])

  67. 

  68.     @parameterized.expand(["GET", "PUT", "DELETE"])

  69.     def test_requester_is_no_admin(self, method: str) -> None:

  70.         """

  71.         If the user is not a server admin, an error is returned.

  72.         """

  73.         channel = self.make_request(

  74.             method,

  75.             self.url,

  76.             access_token=self.other_user_token,

  77.         )

  78. 

  79.         self.assertEqual(

  80.             403,

  81.             channel.code,

  82.             msg=channel.json_body,

  83.         )

  84.         self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])

  85. 

  86.     @parameterized.expand(["GET", "PUT", "DELETE"])

  87.     def test_user_does_not_exist(self, method: str) -> None:

  88.         """

  89.         Tests that a lookup for a user that does not exist returns a 404

  90.         """

  91.         url = (

  92.             "/_synapse/admin/v2/users/@unknown_person:test/devices/%s"

  93.             % self.other_user_device_id

  94.         )

  95. 

  96.         channel = self.make_request(

  97.             method,

  98.             url,

  99.             access_token=self.admin_user_tok,

  100.         )

  101. 

  102.         self.assertEqual(404, channel.code, msg=channel.json_body)

  103.         self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])

  104. 

  105.     @parameterized.expand(["GET", "PUT", "DELETE"])

  106.     def test_user_is_not_local(self, method: str) -> None:

  107.         """

  108.         Tests that a lookup for a user that is not a local returns a 400

  109.         """

  110.         url = (

  111.             "/_synapse/admin/v2/users/@unknown_person:unknown_domain/devices/%s"

  112.             % self.other_user_device_id

  113.         )

  114. 

  115.         channel = self.make_request(

  116.             method,

  117.             url,

  118.             access_token=self.admin_user_tok,

  119.         )

  120. 

  121.         self.assertEqual(400, channel.code, msg=channel.json_body)

  122.         self.assertEqual("Can only lookup local users", channel.json_body["error"])

  123. 

  124.     def test_unknown_device(self) -> None:

  125.         """

  126.         Tests that a lookup for a device that does not exist returns either 404 or 200.

  127.         """

  128.         url = "/_synapse/admin/v2/users/%s/devices/unknown_device" % urllib.parse.quote(

  129.             self.other_user

  130.         )

  131. 

  132.         channel = self.make_request(

  133.             "GET",

  134.             url,

  135.             access_token=self.admin_user_tok,

  136.         )

  137. 

  138.         self.assertEqual(404, channel.code, msg=channel.json_body)

  139.         self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])

  140. 

  141.         channel = self.make_request(

  142.             "PUT",

  143.             url,

  144.             access_token=self.admin_user_tok,

  145.         )

  146. 

  147.         self.assertEqual(200, channel.code, msg=channel.json_body)

  148. 

  149.         channel = self.make_request(

  150.             "DELETE",

  151.             url,

  152.             access_token=self.admin_user_tok,

  153.         )

  154. 

  155.         # Delete unknown device returns status 200

  156.         self.assertEqual(200, channel.code, msg=channel.json_body)

  157. 

  158.     def test_update_device_too_long_display_name(self) -> None:

  159.         """

  160.         Update a device with a display name that is invalid (too long).

  161.         """

  162.         # Set iniital display name.

  163.         update = {"display_name": "new display"}

  164.         self.get_success(

  165.             self.handler.update_device(

  166.                 self.other_user, self.other_user_device_id, update

  167.             )

  168.         )

  169. 

  170.         # Request to update a device display name with a new value that is longer than allowed.

  171.         update = {

  172.             "display_name": "a"

  173.             * (synapse.handlers.device.MAX_DEVICE_DISPLAY_NAME_LEN + 1)

  174.         }

  175. 

  176.         channel = self.make_request(

  177.             "PUT",

  178.             self.url,

  179.             access_token=self.admin_user_tok,

  180.             content=update,

  181.         )

  182. 

  183.         self.assertEqual(400, channel.code, msg=channel.json_body)

  184.         self.assertEqual(Codes.TOO_LARGE, channel.json_body["errcode"])

  185. 

  186.         # Ensure the display name was not updated.

  187.         channel = self.make_request(

  188.             "GET",

  189.             self.url,

  190.             access_token=self.admin_user_tok,

  191.         )

  192. 

  193.         self.assertEqual(200, channel.code, msg=channel.json_body)

  194.         self.assertEqual("new display", channel.json_body["display_name"])

  195. 

  196.     def test_update_no_display_name(self) -> None:

  197.         """

  198.         Tests that a update for a device without JSON returns a 200

  199.         """

  200.         # Set iniital display name.

  201.         update = {"display_name": "new display"}

  202.         self.get_success(

  203.             self.handler.update_device(

  204.                 self.other_user, self.other_user_device_id, update

  205.             )

  206.         )

  207. 

  208.         channel = self.make_request(

  209.             "PUT",

  210.             self.url,

  211.             access_token=self.admin_user_tok,

  212.         )

  213. 

  214.         self.assertEqual(200, channel.code, msg=channel.json_body)

  215. 

  216.         # Ensure the display name was not updated.

  217.         channel = self.make_request(

  218.             "GET",

  219.             self.url,

  220.             access_token=self.admin_user_tok,

  221.         )

  222. 

  223.         self.assertEqual(200, channel.code, msg=channel.json_body)

  224.         self.assertEqual("new display", channel.json_body["display_name"])

  225. 

  226.     def test_update_display_name(self) -> None:

  227.         """

  228.         Tests a normal successful update of display name

  229.         """

  230.         # Set new display_name

  231.         channel = self.make_request(

  232.             "PUT",

  233.             self.url,

  234.             access_token=self.admin_user_tok,

  235.             content={"display_name": "new displayname"},

  236.         )

  237. 

  238.         self.assertEqual(200, channel.code, msg=channel.json_body)

  239. 

  240.         # Check new display_name

  241.         channel = self.make_request(

  242.             "GET",

  243.             self.url,

  244.             access_token=self.admin_user_tok,

  245.         )

  246. 

  247.         self.assertEqual(200, channel.code, msg=channel.json_body)

  248.         self.assertEqual("new displayname", channel.json_body["display_name"])

  249. 

  250.     def test_get_device(self) -> None:

  251.         """

  252.         Tests that a normal lookup for a device is successfully

  253.         """

  254.         channel = self.make_request(

  255.             "GET",

  256.             self.url,

  257.             access_token=self.admin_user_tok,

  258.         )

  259. 

  260.         self.assertEqual(200, channel.code, msg=channel.json_body)

  261.         self.assertEqual(self.other_user, channel.json_body["user_id"])

  262.         # Check that all fields are available

  263.         self.assertIn("user_id", channel.json_body)

  264.         self.assertIn("device_id", channel.json_body)

  265.         self.assertIn("display_name", channel.json_body)

  266.         self.assertIn("last_seen_ip", channel.json_body)

  267.         self.assertIn("last_seen_ts", channel.json_body)

  268. 

  269.     def test_delete_device(self) -> None:

  270.         """

  271.         Tests that a remove of a device is successfully

  272.         """

  273.         # Count number of devies of an user.

  274.         res = self.get_success(self.handler.get_devices_by_user(self.other_user))

  275.         number_devices = len(res)

  276.         self.assertEqual(1, number_devices)

  277. 

  278.         # Delete device

  279.         channel = self.make_request(

  280.             "DELETE",

  281.             self.url,

  282.             access_token=self.admin_user_tok,

  283.         )

  284. 

  285.         self.assertEqual(200, channel.code, msg=channel.json_body)

  286. 

  287.         # Ensure that the number of devices is decreased

  288.         res = self.get_success(self.handler.get_devices_by_user(self.other_user))

  289.         self.assertEqual(number_devices - 1, len(res))

  290. 

  291. 

  292. class DevicesRestTestCase(unittest.HomeserverTestCase):

  293.     servlets = [

  294.         synapse.rest.admin.register_servlets,

  295.         login.register_servlets,

  296.     ]

  297. 

  298.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  299.         self.admin_user = self.register_user("admin", "pass", admin=True)

  300.         self.admin_user_tok = self.login("admin", "pass")

  301. 

  302.         self.other_user = self.register_user("user", "pass")

  303. 

  304.         self.url = "/_synapse/admin/v2/users/%s/devices" % urllib.parse.quote(

  305.             self.other_user

  306.         )

  307. 

  308.     def test_no_auth(self) -> None:

  309.         """

  310.         Try to list devices of an user without authentication.

  311.         """

  312.         channel = self.make_request("GET", self.url, b"{}")

  313. 

  314.         self.assertEqual(

  315.             401,

  316.             channel.code,

  317.             msg=channel.json_body,

  318.         )

  319.         self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])

  320. 

  321.     def test_requester_is_no_admin(self) -> None:

  322.         """

  323.         If the user is not a server admin, an error is returned.

  324.         """

  325.         other_user_token = self.login("user", "pass")

  326. 

  327.         channel = self.make_request(

  328.             "GET",

  329.             self.url,

  330.             access_token=other_user_token,

  331.         )

  332. 

  333.         self.assertEqual(

  334.             403,

  335.             channel.code,

  336.             msg=channel.json_body,

  337.         )

  338.         self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])

  339. 

  340.     def test_user_does_not_exist(self) -> None:

  341.         """

  342.         Tests that a lookup for a user that does not exist returns a 404

  343.         """

  344.         url = "/_synapse/admin/v2/users/@unknown_person:test/devices"

  345.         channel = self.make_request(

  346.             "GET",

  347.             url,

  348.             access_token=self.admin_user_tok,

  349.         )

  350. 

  351.         self.assertEqual(404, channel.code, msg=channel.json_body)

  352.         self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])

  353. 

  354.     def test_user_is_not_local(self) -> None:

  355.         """

  356.         Tests that a lookup for a user that is not a local returns a 400

  357.         """

  358.         url = "/_synapse/admin/v2/users/@unknown_person:unknown_domain/devices"

  359. 

  360.         channel = self.make_request(

  361.             "GET",

  362.             url,

  363.             access_token=self.admin_user_tok,

  364.         )

  365. 

  366.         self.assertEqual(400, channel.code, msg=channel.json_body)

  367.         self.assertEqual("Can only lookup local users", channel.json_body["error"])

  368. 

  369.     def test_user_has_no_devices(self) -> None:

  370.         """

  371.         Tests that a normal lookup for devices is successfully

  372.         if user has no devices

  373.         """

  374. 

  375.         # Get devices

  376.         channel = self.make_request(

  377.             "GET",

  378.             self.url,

  379.             access_token=self.admin_user_tok,

  380.         )

  381. 

  382.         self.assertEqual(200, channel.code, msg=channel.json_body)

  383.         self.assertEqual(0, channel.json_body["total"])

  384.         self.assertEqual(0, len(channel.json_body["devices"]))

  385. 

  386.     def test_get_devices(self) -> None:

  387.         """

  388.         Tests that a normal lookup for devices is successfully

  389.         """

  390.         # Create devices

  391.         number_devices = 5

  392.         for _ in range(number_devices):

  393.             self.login("user", "pass")

  394. 

  395.         # Get devices

  396.         channel = self.make_request(

  397.             "GET",

  398.             self.url,

  399.             access_token=self.admin_user_tok,

  400.         )

  401. 

  402.         self.assertEqual(200, channel.code, msg=channel.json_body)

  403.         self.assertEqual(number_devices, channel.json_body["total"])

  404.         self.assertEqual(number_devices, len(channel.json_body["devices"]))

  405.         self.assertEqual(self.other_user, channel.json_body["devices"][0]["user_id"])

  406.         # Check that all fields are available

  407.         for d in channel.json_body["devices"]:

  408.             self.assertIn("user_id", d)

  409.             self.assertIn("device_id", d)

  410.             self.assertIn("display_name", d)

  411.             self.assertIn("last_seen_ip", d)

  412.             self.assertIn("last_seen_ts", d)

  413. 

  414. 

  415. class DeleteDevicesRestTestCase(unittest.HomeserverTestCase):

  416.     servlets = [

  417.         synapse.rest.admin.register_servlets,

  418.         login.register_servlets,

  419.     ]

  420. 

  421.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  422.         self.handler = hs.get_device_handler()

  423. 

  424.         self.admin_user = self.register_user("admin", "pass", admin=True)

  425.         self.admin_user_tok = self.login("admin", "pass")

  426. 

  427.         self.other_user = self.register_user("user", "pass")

  428. 

  429.         self.url = "/_synapse/admin/v2/users/%s/delete_devices" % urllib.parse.quote(

  430.             self.other_user

  431.         )

  432. 

  433.     def test_no_auth(self) -> None:

  434.         """

  435.         Try to delete devices of an user without authentication.

  436.         """

  437.         channel = self.make_request("POST", self.url, b"{}")

  438. 

  439.         self.assertEqual(

  440.             401,

  441.             channel.code,

  442.             msg=channel.json_body,

  443.         )

  444.         self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])

  445. 

  446.     def test_requester_is_no_admin(self) -> None:

  447.         """

  448.         If the user is not a server admin, an error is returned.

  449.         """

  450.         other_user_token = self.login("user", "pass")

  451. 

  452.         channel = self.make_request(

  453.             "POST",

  454.             self.url,

  455.             access_token=other_user_token,

  456.         )

  457. 

  458.         self.assertEqual(

  459.             403,

  460.             channel.code,

  461.             msg=channel.json_body,

  462.         )

  463.         self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])

  464. 

  465.     def test_user_does_not_exist(self) -> None:

  466.         """

  467.         Tests that a lookup for a user that does not exist returns a 404

  468.         """

  469.         url = "/_synapse/admin/v2/users/@unknown_person:test/delete_devices"

  470.         channel = self.make_request(

  471.             "POST",

  472.             url,

  473.             access_token=self.admin_user_tok,

  474.         )

  475. 

  476.         self.assertEqual(404, channel.code, msg=channel.json_body)

  477.         self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])

  478. 

  479.     def test_user_is_not_local(self) -> None:

  480.         """

  481.         Tests that a lookup for a user that is not a local returns a 400

  482.         """

  483.         url = "/_synapse/admin/v2/users/@unknown_person:unknown_domain/delete_devices"

  484. 

  485.         channel = self.make_request(

  486.             "POST",

  487.             url,

  488.             access_token=self.admin_user_tok,

  489.         )

  490. 

  491.         self.assertEqual(400, channel.code, msg=channel.json_body)

  492.         self.assertEqual("Can only lookup local users", channel.json_body["error"])

  493. 

  494.     def test_unknown_devices(self) -> None:

  495.         """

  496.         Tests that a remove of a device that does not exist returns 200.

  497.         """

  498.         channel = self.make_request(

  499.             "POST",

  500.             self.url,

  501.             access_token=self.admin_user_tok,

  502.             content={"devices": ["unknown_device1", "unknown_device2"]},

  503.         )

  504. 

  505.         # Delete unknown devices returns status 200

  506.         self.assertEqual(200, channel.code, msg=channel.json_body)

  507. 

  508.     def test_delete_devices(self) -> None:

  509.         """

  510.         Tests that a remove of devices is successfully

  511.         """

  512. 

  513.         # Create devices

  514.         number_devices = 5

  515.         for _ in range(number_devices):

  516.             self.login("user", "pass")

  517. 

  518.         # Get devices

  519.         res = self.get_success(self.handler.get_devices_by_user(self.other_user))

  520.         self.assertEqual(number_devices, len(res))

  521. 

  522.         # Create list of device IDs

  523.         device_ids = []

  524.         for d in res:

  525.             device_ids.append(str(d["device_id"]))

  526. 

  527.         # Delete devices

  528.         channel = self.make_request(

  529.             "POST",

  530.             self.url,

  531.             access_token=self.admin_user_tok,

  532.             content={"devices": device_ids},

  533.         )

  534. 

  535.         self.assertEqual(200, channel.code, msg=channel.json_body)

  536. 

  537.         res = self.get_success(self.handler.get_devices_by_user(self.other_user))

  538.         self.assertEqual(0, len(res))