gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23022 Commits
842 Branches
342 MiB
 
 
 
 
 
 
Tree: 9ec3da06da
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9ec3da06da'
${ noResults }
synapse/tests/appservice/test_api.py

243 lines
8.6 KiB
Raw Blame History 

  1. # Copyright 2022 The Matrix.org Foundation C.I.C.

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. #     http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. from typing import Any, List, Mapping, Optional, Sequence, Union

  15. from unittest.mock import Mock

  16. 

  17. from twisted.test.proto_helpers import MemoryReactor

  18. 

  19. from synapse.appservice import ApplicationService

  20. from synapse.server import HomeServer

  21. from synapse.types import JsonDict

  22. from synapse.util import Clock

  23. 

  24. from tests import unittest

  25. from tests.unittest import override_config

  26. 

  27. PROTOCOL = "myproto"

  28. TOKEN = "myastoken"

  29. URL = "http://mytestservice"

  30. 

  31. 

  32. class ApplicationServiceApiTestCase(unittest.HomeserverTestCase):

  33.     def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:

  34.         self.api = hs.get_application_service_api()

  35.         self.service = ApplicationService(

  36.             id="unique_identifier",

  37.             sender="@as:test",

  38.             url=URL,

  39.             token="unused",

  40.             hs_token=TOKEN,

  41.         )

  42. 

  43.     def test_query_3pe_authenticates_token_via_header(self) -> None:

  44.         """

  45.         Tests that 3pe queries to the appservice are authenticated

  46.         with the appservice's token.

  47.         """

  48. 

  49.         SUCCESS_RESULT_USER = [

  50.             {

  51.                 "protocol": PROTOCOL,

  52.                 "userid": "@a:user",

  53.                 "fields": {

  54.                     "more": "fields",

  55.                 },

  56.             }

  57.         ]

  58.         SUCCESS_RESULT_LOCATION = [

  59.             {

  60.                 "protocol": PROTOCOL,

  61.                 "alias": "#a:room",

  62.                 "fields": {

  63.                     "more": "fields",

  64.                 },

  65.             }

  66.         ]

  67. 

  68.         URL_USER = f"{URL}/_matrix/app/v1/thirdparty/user/{PROTOCOL}"

  69.         URL_LOCATION = f"{URL}/_matrix/app/v1/thirdparty/location/{PROTOCOL}"

  70. 

  71.         self.request_url = None

  72. 

  73.         async def get_json(

  74.             url: str,

  75.             args: Mapping[Any, Any],

  76.             headers: Mapping[Union[str, bytes], Sequence[Union[str, bytes]]],

  77.         ) -> List[JsonDict]:

  78.             # Ensure the access token is passed as a header.

  79.             if not headers or not headers.get("Authorization"):

  80.                 raise RuntimeError("Access token not provided")

  81.             # ... and not as a query param

  82.             if b"access_token" in args:

  83.                 raise RuntimeError(

  84.                     "Access token should not be passed as a query param."

  85.                 )

  86. 

  87.             self.assertEqual(headers.get("Authorization"), [f"Bearer {TOKEN}"])

  88.             self.request_url = url

  89.             if url == URL_USER:

  90.                 return SUCCESS_RESULT_USER

  91.             elif url == URL_LOCATION:

  92.                 return SUCCESS_RESULT_LOCATION

  93.             else:

  94.                 raise RuntimeError(

  95.                     "URL provided was invalid. This should never be seen."

  96.                 )

  97. 

  98.         # We assign to a method, which mypy doesn't like.

  99.         self.api.get_json = Mock(side_effect=get_json)  # type: ignore[method-assign]

  100. 

  101.         result = self.get_success(

  102.             self.api.query_3pe(self.service, "user", PROTOCOL, {b"some": [b"field"]})

  103.         )

  104.         self.assertEqual(self.request_url, URL_USER)

  105.         self.assertEqual(result, SUCCESS_RESULT_USER)

  106.         result = self.get_success(

  107.             self.api.query_3pe(

  108.                 self.service, "location", PROTOCOL, {b"some": [b"field"]}

  109.             )

  110.         )

  111.         self.assertEqual(self.request_url, URL_LOCATION)

  112.         self.assertEqual(result, SUCCESS_RESULT_LOCATION)

  113. 

  114.     @override_config({"use_appservice_legacy_authorization": True})

  115.     def test_query_3pe_authenticates_token_via_param(self) -> None:

  116.         """

  117.         Tests that 3pe queries to the appservice are authenticated

  118.         with the appservice's token.

  119.         """

  120. 

  121.         SUCCESS_RESULT_USER = [

  122.             {

  123.                 "protocol": PROTOCOL,

  124.                 "userid": "@a:user",

  125.                 "fields": {

  126.                     "more": "fields",

  127.                 },

  128.             }

  129.         ]

  130.         SUCCESS_RESULT_LOCATION = [

  131.             {

  132.                 "protocol": PROTOCOL,

  133.                 "alias": "#a:room",

  134.                 "fields": {

  135.                     "more": "fields",

  136.                 },

  137.             }

  138.         ]

  139. 

  140.         URL_USER = f"{URL}/_matrix/app/v1/thirdparty/user/{PROTOCOL}"

  141.         URL_LOCATION = f"{URL}/_matrix/app/v1/thirdparty/location/{PROTOCOL}"

  142. 

  143.         self.request_url = None

  144. 

  145.         async def get_json(

  146.             url: str,

  147.             args: Mapping[Any, Any],

  148.             headers: Optional[

  149.                 Mapping[Union[str, bytes], Sequence[Union[str, bytes]]]

  150.             ] = None,

  151.         ) -> List[JsonDict]:

  152.             # Ensure the access token is passed as a both a query param and in the headers.

  153.             if not args.get(b"access_token"):

  154.                 raise RuntimeError("Access token should be provided in query params.")

  155.             if not headers or not headers.get("Authorization"):

  156.                 raise RuntimeError("Access token should be provided in auth headers.")

  157. 

  158.             self.assertEqual(args.get(b"access_token"), TOKEN)

  159.             self.assertEqual(headers.get("Authorization"), [f"Bearer {TOKEN}"])

  160.             self.request_url = url

  161.             if url == URL_USER:

  162.                 return SUCCESS_RESULT_USER

  163.             elif url == URL_LOCATION:

  164.                 return SUCCESS_RESULT_LOCATION

  165.             else:

  166.                 raise RuntimeError(

  167.                     "URL provided was invalid. This should never be seen."

  168.                 )

  169. 

  170.         # We assign to a method, which mypy doesn't like.

  171.         self.api.get_json = Mock(side_effect=get_json)  # type: ignore[method-assign]

  172. 

  173.         result = self.get_success(

  174.             self.api.query_3pe(self.service, "user", PROTOCOL, {b"some": [b"field"]})

  175.         )

  176.         self.assertEqual(self.request_url, URL_USER)

  177.         self.assertEqual(result, SUCCESS_RESULT_USER)

  178.         result = self.get_success(

  179.             self.api.query_3pe(

  180.                 self.service, "location", PROTOCOL, {b"some": [b"field"]}

  181.             )

  182.         )

  183.         self.assertEqual(self.request_url, URL_LOCATION)

  184.         self.assertEqual(result, SUCCESS_RESULT_LOCATION)

  185. 

  186.     def test_claim_keys(self) -> None:

  187.         """

  188.         Tests that the /keys/claim response is properly parsed for missing

  189.         keys.

  190.         """

  191. 

  192.         RESPONSE: JsonDict = {

  193.             "@alice:example.org": {

  194.                 "DEVICE_1": {

  195.                     "signed_curve25519:AAAAHg": {

  196.                         # We don't really care about the content of the keys,

  197.                         # they get passed back transparently.

  198.                     },

  199.                     "signed_curve25519:BBBBHg": {},

  200.                 },

  201.                 "DEVICE_2": {"signed_curve25519:CCCCHg": {}},

  202.             },

  203.         }

  204. 

  205.         async def post_json_get_json(

  206.             uri: str,

  207.             post_json: Any,

  208.             headers: Mapping[Union[str, bytes], Sequence[Union[str, bytes]]],

  209.         ) -> JsonDict:

  210.             # Ensure the access token is passed as both a header and query arg.

  211.             if not headers.get("Authorization"):

  212.                 raise RuntimeError("Access token not provided")

  213. 

  214.             self.assertEqual(headers.get("Authorization"), [f"Bearer {TOKEN}"])

  215.             return RESPONSE

  216. 

  217.         # We assign to a method, which mypy doesn't like.

  218.         self.api.post_json_get_json = Mock(side_effect=post_json_get_json)  # type: ignore[method-assign]

  219. 

  220.         MISSING_KEYS = [

  221.             # Known user, known device, missing algorithm.

  222.             ("@alice:example.org", "DEVICE_2", "xyz", 1),

  223.             # Known user, missing device.

  224.             ("@alice:example.org", "DEVICE_3", "signed_curve25519", 1),

  225.             # Unknown user.

  226.             ("@bob:example.org", "DEVICE_4", "signed_curve25519", 1),

  227.         ]

  228. 

  229.         claimed_keys, missing = self.get_success(

  230.             self.api.claim_client_keys(

  231.                 self.service,

  232.                 [

  233.                     # Found devices

  234.                     ("@alice:example.org", "DEVICE_1", "signed_curve25519", 1),

  235.                     ("@alice:example.org", "DEVICE_2", "signed_curve25519", 1),

  236.                 ]

  237.                 + MISSING_KEYS,

  238.             )

  239.         )

  240. 

  241.         self.assertEqual(claimed_keys, RESPONSE)

  242.         self.assertEqual(missing, MISSING_KEYS)