gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22257 Commits
842 Branches
407 MiB
 
 
 
 
 
 
Tree: 9bb2eac719
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9bb2eac719'
${ noResults }
synapse/tests/rest/client/test_register.py

1245 lines
46 KiB
Raw Blame History 

  1. # Copyright 2014-2016 OpenMarket Ltd

  2. # Copyright 2017-2018 New Vector Ltd

  3. # Copyright 2019 The Matrix.org Foundation C.I.C.

  4. #

  5. # Licensed under the Apache License, Version 2.0 (the "License");

  6. # you may not use this file except in compliance with the License.

  7. # You may obtain a copy of the License at

  8. #

  9. #     http://www.apache.org/licenses/LICENSE-2.0

  10. #

  11. # Unless required by applicable law or agreed to in writing, software

  12. # distributed under the License is distributed on an "AS IS" BASIS,

  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. # See the License for the specific language governing permissions and

  15. # limitations under the License.

  16. import datetime

  17. import os

  18. from typing import Any, Dict, List, Tuple

  19. 

  20. import pkg_resources

  21. 

  22. from twisted.test.proto_helpers import MemoryReactor

  23. 

  24. import synapse.rest.admin

  25. from synapse.api.constants import (

  26.     APP_SERVICE_REGISTRATION_TYPE,

  27.     ApprovalNoticeMedium,

  28.     LoginType,

  29. )

  30. from synapse.api.errors import Codes

  31. from synapse.appservice import ApplicationService

  32. from synapse.rest.client import account, account_validity, login, logout, register, sync

  33. from synapse.server import HomeServer

  34. from synapse.storage._base import db_to_json

  35. from synapse.types import JsonDict

  36. from synapse.util import Clock

  37. 

  38. from tests import unittest

  39. from tests.unittest import override_config

  40. 

  41. 

  42. class RegisterRestServletTestCase(unittest.HomeserverTestCase):

  43.     servlets = [

  44.         login.register_servlets,

  45.         register.register_servlets,

  46.         synapse.rest.admin.register_servlets,

  47.     ]

  48.     url = b"/_matrix/client/r0/register"

  49. 

  50.     def default_config(self) -> Dict[str, Any]:

  51.         config = super().default_config()

  52.         config["allow_guest_access"] = True

  53.         return config

  54. 

  55.     def test_POST_appservice_registration_valid(self) -> None:

  56.         user_id = "@as_user_kermit:test"

  57.         as_token = "i_am_an_app_service"

  58. 

  59.         appservice = ApplicationService(

  60.             as_token,

  61.             id="1234",

  62.             namespaces={"users": [{"regex": r"@as_user.*", "exclusive": True}]},

  63.             sender="@as:test",

  64.         )

  65. 

  66.         self.hs.get_datastores().main.services_cache.append(appservice)

  67.         request_data = {

  68.             "username": "as_user_kermit",

  69.             "type": APP_SERVICE_REGISTRATION_TYPE,

  70.         }

  71. 

  72.         channel = self.make_request(

  73.             b"POST", self.url + b"?access_token=i_am_an_app_service", request_data

  74.         )

  75. 

  76.         self.assertEqual(channel.code, 200, msg=channel.result)

  77.         det_data = {"user_id": user_id, "home_server": self.hs.hostname}

  78.         self.assertDictContainsSubset(det_data, channel.json_body)

  79. 

  80.     def test_POST_appservice_registration_no_type(self) -> None:

  81.         as_token = "i_am_an_app_service"

  82. 

  83.         appservice = ApplicationService(

  84.             as_token,

  85.             id="1234",

  86.             namespaces={"users": [{"regex": r"@as_user.*", "exclusive": True}]},

  87.             sender="@as:test",

  88.         )

  89. 

  90.         self.hs.get_datastores().main.services_cache.append(appservice)

  91.         request_data = {"username": "as_user_kermit"}

  92. 

  93.         channel = self.make_request(

  94.             b"POST", self.url + b"?access_token=i_am_an_app_service", request_data

  95.         )

  96. 

  97.         self.assertEqual(channel.code, 400, msg=channel.result)

  98. 

  99.     def test_POST_appservice_registration_invalid(self) -> None:

  100.         self.appservice = None  # no application service exists

  101.         request_data = {"username": "kermit", "type": APP_SERVICE_REGISTRATION_TYPE}

  102.         channel = self.make_request(

  103.             b"POST", self.url + b"?access_token=i_am_an_app_service", request_data

  104.         )

  105. 

  106.         self.assertEqual(channel.code, 401, msg=channel.result)

  107. 

  108.     def test_POST_bad_password(self) -> None:

  109.         request_data = {"username": "kermit", "password": 666}

  110.         channel = self.make_request(b"POST", self.url, request_data)

  111. 

  112.         self.assertEqual(channel.code, 400, msg=channel.result)

  113.         self.assertEqual(channel.json_body["error"], "Invalid password")

  114. 

  115.     def test_POST_bad_username(self) -> None:

  116.         request_data = {"username": 777, "password": "monkey"}

  117.         channel = self.make_request(b"POST", self.url, request_data)

  118. 

  119.         self.assertEqual(channel.code, 400, msg=channel.result)

  120.         self.assertEqual(channel.json_body["error"], "Invalid username")

  121. 

  122.     def test_POST_user_valid(self) -> None:

  123.         user_id = "@kermit:test"

  124.         device_id = "frogfone"

  125.         request_data = {

  126.             "username": "kermit",

  127.             "password": "monkey",

  128.             "device_id": device_id,

  129.             "auth": {"type": LoginType.DUMMY},

  130.         }

  131.         channel = self.make_request(b"POST", self.url, request_data)

  132. 

  133.         det_data = {

  134.             "user_id": user_id,

  135.             "home_server": self.hs.hostname,

  136.             "device_id": device_id,

  137.         }

  138.         self.assertEqual(channel.code, 200, msg=channel.result)

  139.         self.assertDictContainsSubset(det_data, channel.json_body)

  140. 

  141.     @override_config({"enable_registration": False})

  142.     def test_POST_disabled_registration(self) -> None:

  143.         request_data = {"username": "kermit", "password": "monkey"}

  144.         self.auth_result = (None, {"username": "kermit", "password": "monkey"}, None)

  145. 

  146.         channel = self.make_request(b"POST", self.url, request_data)

  147. 

  148.         self.assertEqual(channel.code, 403, msg=channel.result)

  149.         self.assertEqual(channel.json_body["error"], "Registration has been disabled")

  150.         self.assertEqual(channel.json_body["errcode"], "M_FORBIDDEN")

  151. 

  152.     def test_POST_guest_registration(self) -> None:

  153.         self.hs.config.key.macaroon_secret_key = b"test"

  154.         self.hs.config.registration.allow_guest_access = True

  155. 

  156.         channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")

  157. 

  158.         det_data = {"home_server": self.hs.hostname, "device_id": "guest_device"}

  159.         self.assertEqual(channel.code, 200, msg=channel.result)

  160.         self.assertDictContainsSubset(det_data, channel.json_body)

  161. 

  162.     def test_POST_disabled_guest_registration(self) -> None:

  163.         self.hs.config.registration.allow_guest_access = False

  164. 

  165.         channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")

  166. 

  167.         self.assertEqual(channel.code, 403, msg=channel.result)

  168.         self.assertEqual(channel.json_body["error"], "Guest access is disabled")

  169. 

  170.     @override_config({"rc_registration": {"per_second": 0.17, "burst_count": 5}})

  171.     def test_POST_ratelimiting_guest(self) -> None:

  172.         for i in range(0, 6):

  173.             url = self.url + b"?kind=guest"

  174.             channel = self.make_request(b"POST", url, b"{}")

  175. 

  176.             if i == 5:

  177.                 self.assertEqual(channel.code, 429, msg=channel.result)

  178.                 retry_after_ms = int(channel.json_body["retry_after_ms"])

  179.             else:

  180.                 self.assertEqual(channel.code, 200, msg=channel.result)

  181. 

  182.         self.reactor.advance(retry_after_ms / 1000.0 + 1.0)

  183. 

  184.         channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")

  185. 

  186.         self.assertEqual(channel.code, 200, msg=channel.result)

  187. 

  188.     @override_config({"rc_registration": {"per_second": 0.17, "burst_count": 5}})

  189.     def test_POST_ratelimiting(self) -> None:

  190.         for i in range(0, 6):

  191.             request_data = {

  192.                 "username": "kermit" + str(i),

  193.                 "password": "monkey",

  194.                 "device_id": "frogfone",

  195.                 "auth": {"type": LoginType.DUMMY},

  196.             }

  197.             channel = self.make_request(b"POST", self.url, request_data)

  198. 

  199.             if i == 5:

  200.                 self.assertEqual(channel.code, 429, msg=channel.result)

  201.                 retry_after_ms = int(channel.json_body["retry_after_ms"])

  202.             else:

  203.                 self.assertEqual(channel.code, 200, msg=channel.result)

  204. 

  205.         self.reactor.advance(retry_after_ms / 1000.0 + 1.0)

  206. 

  207.         channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")

  208. 

  209.         self.assertEqual(channel.code, 200, msg=channel.result)

  210. 

  211.     @override_config({"registration_requires_token": True})

  212.     def test_POST_registration_requires_token(self) -> None:

  213.         username = "kermit"

  214.         device_id = "frogfone"

  215.         token = "abcd"

  216.         store = self.hs.get_datastores().main

  217.         self.get_success(

  218.             store.db_pool.simple_insert(

  219.                 "registration_tokens",

  220.                 {

  221.                     "token": token,

  222.                     "uses_allowed": None,

  223.                     "pending": 0,

  224.                     "completed": 0,

  225.                     "expiry_time": None,

  226.                 },

  227.             )

  228.         )

  229.         params: JsonDict = {

  230.             "username": username,

  231.             "password": "monkey",

  232.             "device_id": device_id,

  233.         }

  234. 

  235.         # Request without auth to get flows and session

  236.         channel = self.make_request(b"POST", self.url, params)

  237.         self.assertEqual(channel.code, 401, msg=channel.result)

  238.         flows = channel.json_body["flows"]

  239.         # Synapse adds a dummy stage to differentiate flows where otherwise one

  240.         # flow would be a subset of another flow.

  241.         self.assertCountEqual(

  242.             [[LoginType.REGISTRATION_TOKEN, LoginType.DUMMY]],

  243.             (f["stages"] for f in flows),

  244.         )

  245.         session = channel.json_body["session"]

  246. 

  247.         # Do the registration token stage and check it has completed

  248.         params["auth"] = {

  249.             "type": LoginType.REGISTRATION_TOKEN,

  250.             "token": token,

  251.             "session": session,

  252.         }

  253.         channel = self.make_request(b"POST", self.url, params)

  254.         self.assertEqual(channel.code, 401, msg=channel.result)

  255.         completed = channel.json_body["completed"]

  256.         self.assertCountEqual([LoginType.REGISTRATION_TOKEN], completed)

  257. 

  258.         # Do the m.login.dummy stage and check registration was successful

  259.         params["auth"] = {

  260.             "type": LoginType.DUMMY,

  261.             "session": session,

  262.         }

  263.         channel = self.make_request(b"POST", self.url, params)

  264.         det_data = {

  265.             "user_id": f"@{username}:{self.hs.hostname}",

  266.             "home_server": self.hs.hostname,

  267.             "device_id": device_id,

  268.         }

  269.         self.assertEqual(channel.code, 200, msg=channel.result)

  270.         self.assertDictContainsSubset(det_data, channel.json_body)

  271. 

  272.         # Check the `completed` counter has been incremented and pending is 0

  273.         res = self.get_success(

  274.             store.db_pool.simple_select_one(

  275.                 "registration_tokens",

  276.                 keyvalues={"token": token},

  277.                 retcols=["pending", "completed"],

  278.             )

  279.         )

  280.         self.assertEqual(res["completed"], 1)

  281.         self.assertEqual(res["pending"], 0)

  282. 

  283.     @override_config({"registration_requires_token": True})

  284.     def test_POST_registration_token_invalid(self) -> None:

  285.         params: JsonDict = {

  286.             "username": "kermit",

  287.             "password": "monkey",

  288.         }

  289.         # Request without auth to get session

  290.         channel = self.make_request(b"POST", self.url, params)

  291.         session = channel.json_body["session"]

  292. 

  293.         # Test with token param missing (invalid)

  294.         params["auth"] = {

  295.             "type": LoginType.REGISTRATION_TOKEN,

  296.             "session": session,

  297.         }

  298.         channel = self.make_request(b"POST", self.url, params)

  299.         self.assertEqual(channel.code, 401, msg=channel.result)

  300.         self.assertEqual(channel.json_body["errcode"], Codes.MISSING_PARAM)

  301.         self.assertEqual(channel.json_body["completed"], [])

  302. 

  303.         # Test with non-string (invalid)

  304.         params["auth"]["token"] = 1234

  305.         channel = self.make_request(b"POST", self.url, params)

  306.         self.assertEqual(channel.code, 401, msg=channel.result)

  307.         self.assertEqual(channel.json_body["errcode"], Codes.INVALID_PARAM)

  308.         self.assertEqual(channel.json_body["completed"], [])

  309. 

  310.         # Test with unknown token (invalid)

  311.         params["auth"]["token"] = "1234"

  312.         channel = self.make_request(b"POST", self.url, params)

  313.         self.assertEqual(channel.code, 401, msg=channel.result)

  314.         self.assertEqual(channel.json_body["errcode"], Codes.UNAUTHORIZED)

  315.         self.assertEqual(channel.json_body["completed"], [])

  316. 

  317.     @override_config({"registration_requires_token": True})

  318.     def test_POST_registration_token_limit_uses(self) -> None:

  319.         token = "abcd"

  320.         store = self.hs.get_datastores().main

  321.         # Create token that can be used once

  322.         self.get_success(

  323.             store.db_pool.simple_insert(

  324.                 "registration_tokens",

  325.                 {

  326.                     "token": token,

  327.                     "uses_allowed": 1,

  328.                     "pending": 0,

  329.                     "completed": 0,

  330.                     "expiry_time": None,

  331.                 },

  332.             )

  333.         )

  334.         params1: JsonDict = {"username": "bert", "password": "monkey"}

  335.         params2: JsonDict = {"username": "ernie", "password": "monkey"}

  336.         # Do 2 requests without auth to get two session IDs

  337.         channel1 = self.make_request(b"POST", self.url, params1)

  338.         session1 = channel1.json_body["session"]

  339.         channel2 = self.make_request(b"POST", self.url, params2)

  340.         session2 = channel2.json_body["session"]

  341. 

  342.         # Use token with session1 and check `pending` is 1

  343.         params1["auth"] = {

  344.             "type": LoginType.REGISTRATION_TOKEN,

  345.             "token": token,

  346.             "session": session1,

  347.         }

  348.         self.make_request(b"POST", self.url, params1)

  349.         # Repeat request to make sure pending isn't increased again

  350.         self.make_request(b"POST", self.url, params1)

  351.         pending = self.get_success(

  352.             store.db_pool.simple_select_one_onecol(

  353.                 "registration_tokens",

  354.                 keyvalues={"token": token},

  355.                 retcol="pending",

  356.             )

  357.         )

  358.         self.assertEqual(pending, 1)

  359. 

  360.         # Check auth fails when using token with session2

  361.         params2["auth"] = {

  362.             "type": LoginType.REGISTRATION_TOKEN,

  363.             "token": token,

  364.             "session": session2,

  365.         }

  366.         channel = self.make_request(b"POST", self.url, params2)

  367.         self.assertEqual(channel.code, 401, msg=channel.result)

  368.         self.assertEqual(channel.json_body["errcode"], Codes.UNAUTHORIZED)

  369.         self.assertEqual(channel.json_body["completed"], [])

  370. 

  371.         # Complete registration with session1

  372.         params1["auth"]["type"] = LoginType.DUMMY

  373.         self.make_request(b"POST", self.url, params1)

  374.         # Check pending=0 and completed=1

  375.         res = self.get_success(

  376.             store.db_pool.simple_select_one(

  377.                 "registration_tokens",

  378.                 keyvalues={"token": token},

  379.                 retcols=["pending", "completed"],

  380.             )

  381.         )

  382.         self.assertEqual(res["pending"], 0)

  383.         self.assertEqual(res["completed"], 1)

  384. 

  385.         # Check auth still fails when using token with session2

  386.         channel = self.make_request(b"POST", self.url, params2)

  387.         self.assertEqual(channel.code, 401, msg=channel.result)

  388.         self.assertEqual(channel.json_body["errcode"], Codes.UNAUTHORIZED)

  389.         self.assertEqual(channel.json_body["completed"], [])

  390. 

  391.     @override_config({"registration_requires_token": True})

  392.     def test_POST_registration_token_expiry(self) -> None:

  393.         token = "abcd"

  394.         now = self.hs.get_clock().time_msec()

  395.         store = self.hs.get_datastores().main

  396.         # Create token that expired yesterday

  397.         self.get_success(

  398.             store.db_pool.simple_insert(

  399.                 "registration_tokens",

  400.                 {

  401.                     "token": token,

  402.                     "uses_allowed": None,

  403.                     "pending": 0,

  404.                     "completed": 0,

  405.                     "expiry_time": now - 24 * 60 * 60 * 1000,

  406.                 },

  407.             )

  408.         )

  409.         params: JsonDict = {"username": "kermit", "password": "monkey"}

  410.         # Request without auth to get session

  411.         channel = self.make_request(b"POST", self.url, params)

  412.         session = channel.json_body["session"]

  413. 

  414.         # Check authentication fails with expired token

  415.         params["auth"] = {

  416.             "type": LoginType.REGISTRATION_TOKEN,

  417.             "token": token,

  418.             "session": session,

  419.         }

  420.         channel = self.make_request(b"POST", self.url, params)

  421.         self.assertEqual(channel.code, 401, msg=channel.result)

  422.         self.assertEqual(channel.json_body["errcode"], Codes.UNAUTHORIZED)

  423.         self.assertEqual(channel.json_body["completed"], [])

  424. 

  425.         # Update token so it expires tomorrow

  426.         self.get_success(

  427.             store.db_pool.simple_update_one(

  428.                 "registration_tokens",

  429.                 keyvalues={"token": token},

  430.                 updatevalues={"expiry_time": now + 24 * 60 * 60 * 1000},

  431.             )

  432.         )

  433. 

  434.         # Check authentication succeeds

  435.         channel = self.make_request(b"POST", self.url, params)

  436.         completed = channel.json_body["completed"]

  437.         self.assertCountEqual([LoginType.REGISTRATION_TOKEN], completed)

  438. 

  439.     @override_config({"registration_requires_token": True})

  440.     def test_POST_registration_token_session_expiry(self) -> None:

  441.         """Test `pending` is decremented when an uncompleted session expires."""

  442.         token = "abcd"

  443.         store = self.hs.get_datastores().main

  444.         self.get_success(

  445.             store.db_pool.simple_insert(

  446.                 "registration_tokens",

  447.                 {

  448.                     "token": token,

  449.                     "uses_allowed": None,

  450.                     "pending": 0,

  451.                     "completed": 0,

  452.                     "expiry_time": None,

  453.                 },

  454.             )

  455.         )

  456. 

  457.         # Do 2 requests without auth to get two session IDs

  458.         params1: JsonDict = {"username": "bert", "password": "monkey"}

  459.         params2: JsonDict = {"username": "ernie", "password": "monkey"}

  460.         channel1 = self.make_request(b"POST", self.url, params1)

  461.         session1 = channel1.json_body["session"]

  462.         channel2 = self.make_request(b"POST", self.url, params2)

  463.         session2 = channel2.json_body["session"]

  464. 

  465.         # Use token with both sessions

  466.         params1["auth"] = {

  467.             "type": LoginType.REGISTRATION_TOKEN,

  468.             "token": token,

  469.             "session": session1,

  470.         }

  471.         self.make_request(b"POST", self.url, params1)

  472. 

  473.         params2["auth"] = {

  474.             "type": LoginType.REGISTRATION_TOKEN,

  475.             "token": token,

  476.             "session": session2,

  477.         }

  478.         self.make_request(b"POST", self.url, params2)

  479. 

  480.         # Complete registration with session1

  481.         params1["auth"]["type"] = LoginType.DUMMY

  482.         self.make_request(b"POST", self.url, params1)

  483. 

  484.         # Check `result` of registration token stage for session1 is `True`

  485.         result1 = self.get_success(

  486.             store.db_pool.simple_select_one_onecol(

  487.                 "ui_auth_sessions_credentials",

  488.                 keyvalues={

  489.                     "session_id": session1,

  490.                     "stage_type": LoginType.REGISTRATION_TOKEN,

  491.                 },

  492.                 retcol="result",

  493.             )

  494.         )

  495.         self.assertTrue(db_to_json(result1))

  496. 

  497.         # Check `result` for session2 is the token used

  498.         result2 = self.get_success(

  499.             store.db_pool.simple_select_one_onecol(

  500.                 "ui_auth_sessions_credentials",

  501.                 keyvalues={

  502.                     "session_id": session2,

  503.                     "stage_type": LoginType.REGISTRATION_TOKEN,

  504.                 },

  505.                 retcol="result",

  506.             )

  507.         )

  508.         self.assertEqual(db_to_json(result2), token)

  509. 

  510.         # Delete both sessions (mimics expiry)

  511.         self.get_success(

  512.             store.delete_old_ui_auth_sessions(self.hs.get_clock().time_msec())

  513.         )

  514. 

  515.         # Check pending is now 0

  516.         pending = self.get_success(

  517.             store.db_pool.simple_select_one_onecol(

  518.                 "registration_tokens",

  519.                 keyvalues={"token": token},

  520.                 retcol="pending",

  521.             )

  522.         )

  523.         self.assertEqual(pending, 0)

  524. 

  525.     @override_config({"registration_requires_token": True})

  526.     def test_POST_registration_token_session_expiry_deleted_token(self) -> None:

  527.         """Test session expiry doesn't break when the token is deleted.

  528. 

  529.         1. Start but don't complete UIA with a registration token

  530.         2. Delete the token from the database

  531.         3. Expire the session

  532.         """

  533.         token = "abcd"

  534.         store = self.hs.get_datastores().main

  535.         self.get_success(

  536.             store.db_pool.simple_insert(

  537.                 "registration_tokens",

  538.                 {

  539.                     "token": token,

  540.                     "uses_allowed": None,

  541.                     "pending": 0,

  542.                     "completed": 0,

  543.                     "expiry_time": None,

  544.                 },

  545.             )

  546.         )

  547. 

  548.         # Do request without auth to get a session ID

  549.         params: JsonDict = {"username": "kermit", "password": "monkey"}

  550.         channel = self.make_request(b"POST", self.url, params)

  551.         session = channel.json_body["session"]

  552. 

  553.         # Use token

  554.         params["auth"] = {

  555.             "type": LoginType.REGISTRATION_TOKEN,

  556.             "token": token,

  557.             "session": session,

  558.         }

  559.         self.make_request(b"POST", self.url, params)

  560. 

  561.         # Delete token

  562.         self.get_success(

  563.             store.db_pool.simple_delete_one(

  564.                 "registration_tokens",

  565.                 keyvalues={"token": token},

  566.             )

  567.         )

  568. 

  569.         # Delete session (mimics expiry)

  570.         self.get_success(

  571.             store.delete_old_ui_auth_sessions(self.hs.get_clock().time_msec())

  572.         )

  573. 

  574.     def test_advertised_flows(self) -> None:

  575.         channel = self.make_request(b"POST", self.url, b"{}")

  576.         self.assertEqual(channel.code, 401, msg=channel.result)

  577.         flows = channel.json_body["flows"]

  578. 

  579.         # with the stock config, we only expect the dummy flow

  580.         self.assertCountEqual([["m.login.dummy"]], (f["stages"] for f in flows))

  581. 

  582.     @unittest.override_config(

  583.         {

  584.             "public_baseurl": "https://test_server",

  585.             "enable_registration_captcha": True,

  586.             "user_consent": {

  587.                 "version": "1",

  588.                 "template_dir": "/",

  589.                 "require_at_registration": True,

  590.             },

  591.             "account_threepid_delegates": {

  592.                 "msisdn": "https://id_server",

  593.             },

  594.             "email": {"notif_from": "Synapse <synapse@example.com>"},

  595.         }

  596.     )

  597.     def test_advertised_flows_captcha_and_terms_and_3pids(self) -> None:

  598.         channel = self.make_request(b"POST", self.url, b"{}")

  599.         self.assertEqual(channel.code, 401, msg=channel.result)

  600.         flows = channel.json_body["flows"]

  601. 

  602.         self.assertCountEqual(

  603.             [

  604.                 ["m.login.recaptcha", "m.login.terms", "m.login.dummy"],

  605.                 ["m.login.recaptcha", "m.login.terms", "m.login.email.identity"],

  606.                 ["m.login.recaptcha", "m.login.terms", "m.login.msisdn"],

  607.                 [

  608.                     "m.login.recaptcha",

  609.                     "m.login.terms",

  610.                     "m.login.msisdn",

  611.                     "m.login.email.identity",

  612.                 ],

  613.             ],

  614.             (f["stages"] for f in flows),

  615.         )

  616. 

  617.     @unittest.override_config(

  618.         {

  619.             "public_baseurl": "https://test_server",

  620.             "registrations_require_3pid": ["email"],

  621.             "disable_msisdn_registration": True,

  622.             "email": {

  623.                 "smtp_host": "mail_server",

  624.                 "smtp_port": 2525,

  625.                 "notif_from": "sender@host",

  626.             },

  627.         }

  628.     )

  629.     def test_advertised_flows_no_msisdn_email_required(self) -> None:

  630.         channel = self.make_request(b"POST", self.url, b"{}")

  631.         self.assertEqual(channel.code, 401, msg=channel.result)

  632.         flows = channel.json_body["flows"]

  633. 

  634.         # with the stock config, we expect all four combinations of 3pid

  635.         self.assertCountEqual(

  636.             [["m.login.email.identity"]], (f["stages"] for f in flows)

  637.         )

  638. 

  639.     @unittest.override_config(

  640.         {

  641.             "request_token_inhibit_3pid_errors": True,

  642.             "public_baseurl": "https://test_server",

  643.             "email": {

  644.                 "smtp_host": "mail_server",

  645.                 "smtp_port": 2525,

  646.                 "notif_from": "sender@host",

  647.             },

  648.         }

  649.     )

  650.     def test_request_token_existing_email_inhibit_error(self) -> None:

  651.         """Test that requesting a token via this endpoint doesn't leak existing

  652.         associations if configured that way.

  653.         """

  654.         user_id = self.register_user("kermit", "monkey")

  655.         self.login("kermit", "monkey")

  656. 

  657.         email = "test@example.com"

  658. 

  659.         # Add a threepid

  660.         self.get_success(

  661.             self.hs.get_datastores().main.user_add_threepid(

  662.                 user_id=user_id,

  663.                 medium="email",

  664.                 address=email,

  665.                 validated_at=0,

  666.                 added_at=0,

  667.             )

  668.         )

  669. 

  670.         channel = self.make_request(

  671.             "POST",

  672.             b"register/email/requestToken",

  673.             {"client_secret": "foobar", "email": email, "send_attempt": 1},

  674.         )

  675.         self.assertEqual(200, channel.code, channel.result)

  676. 

  677.         self.assertIsNotNone(channel.json_body.get("sid"))

  678. 

  679.     @unittest.override_config(

  680.         {

  681.             "public_baseurl": "https://test_server",

  682.             "email": {

  683.                 "smtp_host": "mail_server",

  684.                 "smtp_port": 2525,

  685.                 "notif_from": "sender@host",

  686.             },

  687.         }

  688.     )

  689.     def test_reject_invalid_email(self) -> None:

  690.         """Check that bad emails are rejected"""

  691. 

  692.         # Test for email with multiple @

  693.         channel = self.make_request(

  694.             "POST",

  695.             b"register/email/requestToken",

  696.             {"client_secret": "foobar", "email": "email@@email", "send_attempt": 1},

  697.         )

  698.         self.assertEqual(400, channel.code, channel.result)

  699.         # Check error to ensure that we're not erroring due to a bug in the test.

  700.         self.assertEqual(

  701.             channel.json_body,

  702.             {"errcode": "M_UNKNOWN", "error": "Unable to parse email address"},

  703.         )

  704. 

  705.         # Test for email with no @

  706.         channel = self.make_request(

  707.             "POST",

  708.             b"register/email/requestToken",

  709.             {"client_secret": "foobar", "email": "email", "send_attempt": 1},

  710.         )

  711.         self.assertEqual(400, channel.code, channel.result)

  712.         self.assertEqual(

  713.             channel.json_body,

  714.             {"errcode": "M_UNKNOWN", "error": "Unable to parse email address"},

  715.         )

  716. 

  717.         # Test for super long email

  718.         email = "a@" + "a" * 1000

  719.         channel = self.make_request(

  720.             "POST",

  721.             b"register/email/requestToken",

  722.             {"client_secret": "foobar", "email": email, "send_attempt": 1},

  723.         )

  724.         self.assertEqual(400, channel.code, channel.result)

  725.         self.assertEqual(

  726.             channel.json_body,

  727.             {"errcode": "M_UNKNOWN", "error": "Unable to parse email address"},

  728.         )

  729. 

  730.     @override_config(

  731.         {

  732.             "inhibit_user_in_use_error": True,

  733.         }

  734.     )

  735.     def test_inhibit_user_in_use_error(self) -> None:

  736.         """Tests that the 'inhibit_user_in_use_error' configuration flag behaves

  737.         correctly.

  738.         """

  739.         username = "arthur"

  740. 

  741.         # Manually register the user, so we know the test isn't passing because of a lack

  742.         # of clashing.

  743.         reg_handler = self.hs.get_registration_handler()

  744.         self.get_success(reg_handler.register_user(username))

  745. 

  746.         # Check that /available correctly ignores the username provided despite the

  747.         # username being already registered.

  748.         channel = self.make_request("GET", "register/available?username=" + username)

  749.         self.assertEqual(200, channel.code, channel.result)

  750. 

  751.         # Test that when starting a UIA registration flow the request doesn't fail because

  752.         # of a conflicting username

  753.         channel = self.make_request(

  754.             "POST",

  755.             "register",

  756.             {"username": username, "type": "m.login.password", "password": "foo"},

  757.         )

  758.         self.assertEqual(channel.code, 401)

  759.         self.assertIn("session", channel.json_body)

  760. 

  761.         # Test that finishing the registration fails because of a conflicting username.

  762.         session = channel.json_body["session"]

  763.         channel = self.make_request(

  764.             "POST",

  765.             "register",

  766.             {"auth": {"session": session, "type": LoginType.DUMMY}},

  767.         )

  768.         self.assertEqual(channel.code, 400, channel.json_body)

  769.         self.assertEqual(channel.json_body["errcode"], Codes.USER_IN_USE)

  770. 

  771.     @override_config(

  772.         {

  773.             "experimental_features": {

  774.                 "msc3866": {

  775.                     "enabled": True,

  776.                     "require_approval_for_new_accounts": True,

  777.                 }

  778.             }

  779.         }

  780.     )

  781.     def test_require_approval(self) -> None:

  782.         channel = self.make_request(

  783.             "POST",

  784.             "register",

  785.             {

  786.                 "username": "kermit",

  787.                 "password": "monkey",

  788.                 "auth": {"type": LoginType.DUMMY},

  789.             },

  790.         )

  791.         self.assertEqual(403, channel.code, channel.result)

  792.         self.assertEqual(Codes.USER_AWAITING_APPROVAL, channel.json_body["errcode"])

  793.         self.assertEqual(

  794.             ApprovalNoticeMedium.NONE, channel.json_body["approval_notice_medium"]

  795.         )

  796. 

  797. 

  798. class AccountValidityTestCase(unittest.HomeserverTestCase):

  799.     servlets = [

  800.         register.register_servlets,

  801.         synapse.rest.admin.register_servlets_for_client_rest_resource,

  802.         login.register_servlets,

  803.         sync.register_servlets,

  804.         logout.register_servlets,

  805.         account_validity.register_servlets,

  806.     ]

  807. 

  808.     def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:

  809.         config = self.default_config()

  810.         # Test for account expiring after a week.

  811.         config["enable_registration"] = True

  812.         config["account_validity"] = {

  813.             "enabled": True,

  814.             "period": 604800000,  # Time in ms for 1 week

  815.         }

  816.         self.hs = self.setup_test_homeserver(config=config)

  817. 

  818.         return self.hs

  819. 

  820.     def test_validity_period(self) -> None:

  821.         self.register_user("kermit", "monkey")

  822.         tok = self.login("kermit", "monkey")

  823. 

  824.         # The specific endpoint doesn't matter, all we need is an authenticated

  825.         # endpoint.

  826.         channel = self.make_request(b"GET", "/sync", access_token=tok)

  827. 

  828.         self.assertEqual(channel.code, 200, msg=channel.result)

  829. 

  830.         self.reactor.advance(datetime.timedelta(weeks=1).total_seconds())

  831. 

  832.         channel = self.make_request(b"GET", "/sync", access_token=tok)

  833. 

  834.         self.assertEqual(channel.code, 403, msg=channel.result)

  835.         self.assertEqual(

  836.             channel.json_body["errcode"], Codes.EXPIRED_ACCOUNT, channel.result

  837.         )

  838. 

  839.     def test_manual_renewal(self) -> None:

  840.         user_id = self.register_user("kermit", "monkey")

  841.         tok = self.login("kermit", "monkey")

  842. 

  843.         self.reactor.advance(datetime.timedelta(weeks=1).total_seconds())

  844. 

  845.         # If we register the admin user at the beginning of the test, it will

  846.         # expire at the same time as the normal user and the renewal request

  847.         # will be denied.

  848.         self.register_user("admin", "adminpassword", admin=True)

  849.         admin_tok = self.login("admin", "adminpassword")

  850. 

  851.         url = "/_synapse/admin/v1/account_validity/validity"

  852.         request_data = {"user_id": user_id}

  853.         channel = self.make_request(b"POST", url, request_data, access_token=admin_tok)

  854.         self.assertEqual(channel.code, 200, msg=channel.result)

  855. 

  856.         # The specific endpoint doesn't matter, all we need is an authenticated

  857.         # endpoint.

  858.         channel = self.make_request(b"GET", "/sync", access_token=tok)

  859.         self.assertEqual(channel.code, 200, msg=channel.result)

  860. 

  861.     def test_manual_expire(self) -> None:

  862.         user_id = self.register_user("kermit", "monkey")

  863.         tok = self.login("kermit", "monkey")

  864. 

  865.         self.register_user("admin", "adminpassword", admin=True)

  866.         admin_tok = self.login("admin", "adminpassword")

  867. 

  868.         url = "/_synapse/admin/v1/account_validity/validity"

  869.         request_data = {

  870.             "user_id": user_id,

  871.             "expiration_ts": 0,

  872.             "enable_renewal_emails": False,

  873.         }

  874.         channel = self.make_request(b"POST", url, request_data, access_token=admin_tok)

  875.         self.assertEqual(channel.code, 200, msg=channel.result)

  876. 

  877.         # The specific endpoint doesn't matter, all we need is an authenticated

  878.         # endpoint.

  879.         channel = self.make_request(b"GET", "/sync", access_token=tok)

  880.         self.assertEqual(channel.code, 403, msg=channel.result)

  881.         self.assertEqual(

  882.             channel.json_body["errcode"], Codes.EXPIRED_ACCOUNT, channel.result

  883.         )

  884. 

  885.     def test_logging_out_expired_user(self) -> None:

  886.         user_id = self.register_user("kermit", "monkey")

  887.         tok = self.login("kermit", "monkey")

  888. 

  889.         self.register_user("admin", "adminpassword", admin=True)

  890.         admin_tok = self.login("admin", "adminpassword")

  891. 

  892.         url = "/_synapse/admin/v1/account_validity/validity"

  893.         request_data = {

  894.             "user_id": user_id,

  895.             "expiration_ts": 0,

  896.             "enable_renewal_emails": False,

  897.         }

  898.         channel = self.make_request(b"POST", url, request_data, access_token=admin_tok)

  899.         self.assertEqual(channel.code, 200, msg=channel.result)

  900. 

  901.         # Try to log the user out

  902.         channel = self.make_request(b"POST", "/logout", access_token=tok)

  903.         self.assertEqual(channel.code, 200, msg=channel.result)

  904. 

  905.         # Log the user in again (allowed for expired accounts)

  906.         tok = self.login("kermit", "monkey")

  907. 

  908.         # Try to log out all of the user's sessions

  909.         channel = self.make_request(b"POST", "/logout/all", access_token=tok)

  910.         self.assertEqual(channel.code, 200, msg=channel.result)

  911. 

  912. 

  913. class AccountValidityRenewalByEmailTestCase(unittest.HomeserverTestCase):

  914.     servlets = [

  915.         register.register_servlets,

  916.         synapse.rest.admin.register_servlets_for_client_rest_resource,

  917.         login.register_servlets,

  918.         sync.register_servlets,

  919.         account_validity.register_servlets,

  920.         account.register_servlets,

  921.     ]

  922. 

  923.     def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:

  924.         config = self.default_config()

  925. 

  926.         # Test for account expiring after a week and renewal emails being sent 2

  927.         # days before expiry.

  928.         config["enable_registration"] = True

  929.         config["account_validity"] = {

  930.             "enabled": True,

  931.             "period": 604800000,  # Time in ms for 1 week

  932.             "renew_at": 172800000,  # Time in ms for 2 days

  933.             "renew_by_email_enabled": True,

  934.             "renew_email_subject": "Renew your account",

  935.             "account_renewed_html_path": "account_renewed.html",

  936.             "invalid_token_html_path": "invalid_token.html",

  937.         }

  938. 

  939.         # Email config.

  940. 

  941.         config["email"] = {

  942.             "enable_notifs": True,

  943.             "template_dir": os.path.abspath(

  944.                 pkg_resources.resource_filename("synapse", "res/templates")

  945.             ),

  946.             "expiry_template_html": "notice_expiry.html",

  947.             "expiry_template_text": "notice_expiry.txt",

  948.             "notif_template_html": "notif_mail.html",

  949.             "notif_template_text": "notif_mail.txt",

  950.             "smtp_host": "127.0.0.1",

  951.             "smtp_port": 20,

  952.             "require_transport_security": False,

  953.             "smtp_user": None,

  954.             "smtp_pass": None,

  955.             "notif_from": "test@example.com",

  956.         }

  957. 

  958.         self.hs = self.setup_test_homeserver(config=config)

  959. 

  960.         async def sendmail(*args: Any, **kwargs: Any) -> None:

  961.             self.email_attempts.append((args, kwargs))

  962. 

  963.         self.email_attempts: List[Tuple[Any, Any]] = []

  964.         self.hs.get_send_email_handler()._sendmail = sendmail

  965. 

  966.         self.store = self.hs.get_datastores().main

  967. 

  968.         return self.hs

  969. 

  970.     def test_renewal_email(self) -> None:

  971.         self.email_attempts = []

  972. 

  973.         (user_id, tok) = self.create_user()

  974. 

  975.         # Move 5 days forward. This should trigger a renewal email to be sent.

  976.         self.reactor.advance(datetime.timedelta(days=5).total_seconds())

  977.         self.assertEqual(len(self.email_attempts), 1)

  978. 

  979.         # Retrieving the URL from the email is too much pain for now, so we

  980.         # retrieve the token from the DB.

  981.         renewal_token = self.get_success(self.store.get_renewal_token_for_user(user_id))

  982.         url = "/_matrix/client/unstable/account_validity/renew?token=%s" % renewal_token

  983.         channel = self.make_request(b"GET", url)

  984.         self.assertEqual(channel.code, 200, msg=channel.result)

  985. 

  986.         # Check that we're getting HTML back.

  987.         content_type = channel.headers.getRawHeaders(b"Content-Type")

  988.         self.assertEqual(content_type, [b"text/html; charset=utf-8"], channel.result)

  989. 

  990.         # Check that the HTML we're getting is the one we expect on a successful renewal.

  991.         expiration_ts = self.get_success(self.store.get_expiration_ts_for_user(user_id))

  992.         expected_html = self.hs.config.account_validity.account_validity_account_renewed_template.render(

  993.             expiration_ts=expiration_ts

  994.         )

  995.         self.assertEqual(

  996.             channel.result["body"], expected_html.encode("utf8"), channel.result

  997.         )

  998. 

  999.         # Move 1 day forward. Try to renew with the same token again.

  1000.         url = "/_matrix/client/unstable/account_validity/renew?token=%s" % renewal_token

  1001.         channel = self.make_request(b"GET", url)

  1002.         self.assertEqual(channel.code, 200, msg=channel.result)

  1003. 

  1004.         # Check that we're getting HTML back.

  1005.         content_type = channel.headers.getRawHeaders(b"Content-Type")

  1006.         self.assertEqual(content_type, [b"text/html; charset=utf-8"], channel.result)

  1007. 

  1008.         # Check that the HTML we're getting is the one we expect when reusing a

  1009.         # token. The account expiration date should not have changed.

  1010.         expected_html = self.hs.config.account_validity.account_validity_account_previously_renewed_template.render(

  1011.             expiration_ts=expiration_ts

  1012.         )

  1013.         self.assertEqual(

  1014.             channel.result["body"], expected_html.encode("utf8"), channel.result

  1015.         )

  1016. 

  1017.         # Move 3 days forward. If the renewal failed, every authed request with

  1018.         # our access token should be denied from now, otherwise they should

  1019.         # succeed.

  1020.         self.reactor.advance(datetime.timedelta(days=3).total_seconds())

  1021.         channel = self.make_request(b"GET", "/sync", access_token=tok)

  1022.         self.assertEqual(channel.code, 200, msg=channel.result)

  1023. 

  1024.     def test_renewal_invalid_token(self) -> None:

  1025.         # Hit the renewal endpoint with an invalid token and check that it behaves as

  1026.         # expected, i.e. that it responds with 404 Not Found and the correct HTML.

  1027.         url = "/_matrix/client/unstable/account_validity/renew?token=123"

  1028.         channel = self.make_request(b"GET", url)

  1029.         self.assertEqual(channel.code, 404, msg=channel.result)

  1030. 

  1031.         # Check that we're getting HTML back.

  1032.         content_type = channel.headers.getRawHeaders(b"Content-Type")

  1033.         self.assertEqual(content_type, [b"text/html; charset=utf-8"], channel.result)

  1034. 

  1035.         # Check that the HTML we're getting is the one we expect when using an

  1036.         # invalid/unknown token.

  1037.         expected_html = (

  1038.             self.hs.config.account_validity.account_validity_invalid_token_template.render()

  1039.         )

  1040.         self.assertEqual(

  1041.             channel.result["body"], expected_html.encode("utf8"), channel.result

  1042.         )

  1043. 

  1044.     def test_manual_email_send(self) -> None:

  1045.         self.email_attempts = []

  1046. 

  1047.         (user_id, tok) = self.create_user()

  1048.         channel = self.make_request(

  1049.             b"POST",

  1050.             "/_matrix/client/unstable/account_validity/send_mail",

  1051.             access_token=tok,

  1052.         )

  1053.         self.assertEqual(channel.code, 200, msg=channel.result)

  1054. 

  1055.         self.assertEqual(len(self.email_attempts), 1)

  1056. 

  1057.     def test_deactivated_user(self) -> None:

  1058.         self.email_attempts = []

  1059. 

  1060.         (user_id, tok) = self.create_user()

  1061. 

  1062.         request_data = {

  1063.             "auth": {

  1064.                 "type": "m.login.password",

  1065.                 "user": user_id,

  1066.                 "password": "monkey",

  1067.             },

  1068.             "erase": False,

  1069.         }

  1070.         channel = self.make_request(

  1071.             "POST", "account/deactivate", request_data, access_token=tok

  1072.         )

  1073.         self.assertEqual(channel.code, 200)

  1074. 

  1075.         self.reactor.advance(datetime.timedelta(days=8).total_seconds())

  1076. 

  1077.         self.assertEqual(len(self.email_attempts), 0)

  1078. 

  1079.     def create_user(self) -> Tuple[str, str]:

  1080.         user_id = self.register_user("kermit", "monkey")

  1081.         tok = self.login("kermit", "monkey")

  1082.         # We need to manually add an email address otherwise the handler will do

  1083.         # nothing.

  1084.         now = self.hs.get_clock().time_msec()

  1085.         self.get_success(

  1086.             self.store.user_add_threepid(

  1087.                 user_id=user_id,

  1088.                 medium="email",

  1089.                 address="kermit@example.com",

  1090.                 validated_at=now,

  1091.                 added_at=now,

  1092.             )

  1093.         )

  1094.         return user_id, tok

  1095. 

  1096.     def test_manual_email_send_expired_account(self) -> None:

  1097.         user_id = self.register_user("kermit", "monkey")

  1098.         tok = self.login("kermit", "monkey")

  1099. 

  1100.         # We need to manually add an email address otherwise the handler will do

  1101.         # nothing.

  1102.         now = self.hs.get_clock().time_msec()

  1103.         self.get_success(

  1104.             self.store.user_add_threepid(

  1105.                 user_id=user_id,

  1106.                 medium="email",

  1107.                 address="kermit@example.com",

  1108.                 validated_at=now,

  1109.                 added_at=now,

  1110.             )

  1111.         )

  1112. 

  1113.         # Make the account expire.

  1114.         self.reactor.advance(datetime.timedelta(days=8).total_seconds())

  1115. 

  1116.         # Ignore all emails sent by the automatic background task and only focus on the

  1117.         # ones sent manually.

  1118.         self.email_attempts = []

  1119. 

  1120.         # Test that we're still able to manually trigger a mail to be sent.

  1121.         channel = self.make_request(

  1122.             b"POST",

  1123.             "/_matrix/client/unstable/account_validity/send_mail",

  1124.             access_token=tok,

  1125.         )

  1126.         self.assertEqual(channel.code, 200, msg=channel.result)

  1127. 

  1128.         self.assertEqual(len(self.email_attempts), 1)

  1129. 

  1130. 

  1131. class AccountValidityBackgroundJobTestCase(unittest.HomeserverTestCase):

  1132.     servlets = [synapse.rest.admin.register_servlets_for_client_rest_resource]

  1133. 

  1134.     def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:

  1135.         self.validity_period = 10

  1136.         self.max_delta = self.validity_period * 10.0 / 100.0

  1137. 

  1138.         config = self.default_config()

  1139. 

  1140.         config["enable_registration"] = True

  1141.         config["account_validity"] = {"enabled": False}

  1142. 

  1143.         self.hs = self.setup_test_homeserver(config=config)

  1144. 

  1145.         # We need to set these directly, instead of in the homeserver config dict above.

  1146.         # This is due to account validity-related config options not being read by

  1147.         # Synapse when account_validity.enabled is False.

  1148.         self.hs.get_datastores().main._account_validity_period = self.validity_period

  1149.         self.hs.get_datastores().main._account_validity_startup_job_max_delta = (

  1150.             self.max_delta

  1151.         )

  1152. 

  1153.         self.store = self.hs.get_datastores().main

  1154. 

  1155.         return self.hs

  1156. 

  1157.     def test_background_job(self) -> None:

  1158.         """

  1159.         Tests the same thing as test_background_job, except that it sets the

  1160.         startup_job_max_delta parameter and checks that the expiration date is within the

  1161.         allowed range.

  1162.         """

  1163.         user_id = self.register_user("kermit_delta", "user")

  1164. 

  1165.         self.hs.config.account_validity.account_validity_startup_job_max_delta = (

  1166.             self.max_delta

  1167.         )

  1168. 

  1169.         now_ms = self.hs.get_clock().time_msec()

  1170.         self.get_success(self.store._set_expiration_date_when_missing())

  1171. 

  1172.         res = self.get_success(self.store.get_expiration_ts_for_user(user_id))

  1173.         assert res is not None

  1174. 

  1175.         self.assertGreaterEqual(res, now_ms + self.validity_period - self.max_delta)

  1176.         self.assertLessEqual(res, now_ms + self.validity_period)

  1177. 

  1178. 

  1179. class RegistrationTokenValidityRestServletTestCase(unittest.HomeserverTestCase):

  1180.     servlets = [register.register_servlets]

  1181.     url = "/_matrix/client/v1/register/m.login.registration_token/validity"

  1182. 

  1183.     def default_config(self) -> Dict[str, Any]:

  1184.         config = super().default_config()

  1185.         config["registration_requires_token"] = True

  1186.         return config

  1187. 

  1188.     def test_GET_token_valid(self) -> None:

  1189.         token = "abcd"

  1190.         store = self.hs.get_datastores().main

  1191.         self.get_success(

  1192.             store.db_pool.simple_insert(

  1193.                 "registration_tokens",

  1194.                 {

  1195.                     "token": token,

  1196.                     "uses_allowed": None,

  1197.                     "pending": 0,

  1198.                     "completed": 0,

  1199.                     "expiry_time": None,

  1200.                 },

  1201.             )

  1202.         )

  1203. 

  1204.         channel = self.make_request(

  1205.             b"GET",

  1206.             f"{self.url}?token={token}",

  1207.         )

  1208.         self.assertEqual(channel.code, 200, msg=channel.result)

  1209.         self.assertEqual(channel.json_body["valid"], True)

  1210. 

  1211.     def test_GET_token_invalid(self) -> None:

  1212.         token = "1234"

  1213.         channel = self.make_request(

  1214.             b"GET",

  1215.             f"{self.url}?token={token}",

  1216.         )

  1217.         self.assertEqual(channel.code, 200, msg=channel.result)

  1218.         self.assertEqual(channel.json_body["valid"], False)

  1219. 

  1220.     @override_config(

  1221.         {"rc_registration_token_validity": {"per_second": 0.1, "burst_count": 5}}

  1222.     )

  1223.     def test_GET_ratelimiting(self) -> None:

  1224.         token = "1234"

  1225. 

  1226.         for i in range(0, 6):

  1227.             channel = self.make_request(

  1228.                 b"GET",

  1229.                 f"{self.url}?token={token}",

  1230.             )

  1231. 

  1232.             if i == 5:

  1233.                 self.assertEqual(channel.code, 429, msg=channel.result)

  1234.                 retry_after_ms = int(channel.json_body["retry_after_ms"])

  1235.             else:

  1236.                 self.assertEqual(channel.code, 200, msg=channel.result)

  1237. 

  1238.         self.reactor.advance(retry_after_ms / 1000.0 + 1.0)

  1239. 

  1240.         channel = self.make_request(

  1241.             b"GET",

  1242.             f"{self.url}?token={token}",

  1243.         )

  1244.         self.assertEqual(channel.code, 200, msg=channel.result)