kaslo/synapse
1
0
Fork 0
Code Wiki Activity

Merge tag 'v1.37.0' into babolivier/dinsic_1.41.0

Browse Source 
Synapse 1.37.0 (2021-06-29)
===========================

This release deprecates the current spam checker interface. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#deprecation-of-the-current-spam-checker-interface) for more information on how to update to the new generic module interface.

This release also removes support for fetching and renewing TLS certificates using the ACME v1 protocol, which has been fully decommissioned by Let's Encrypt on June 1st 2021. Admins previously using this feature should use a [reverse proxy](https://matrix-org.github.io/synapse/develop/reverse_proxy.html) to handle TLS termination, or use an external ACME client (such as [certbot](https://certbot.eff.org/)) to retrieve a certificate and key and provide them to Synapse using the `tls_certificate_path` and `tls_private_key_path` configuration settings.

Synapse 1.37.0rc1 (2021-06-24)
==============================

Features
--------

- Implement "room knocking" as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403). Contributed by @Sorunome and anoa. ([\#6739](https://github.com/matrix-org/synapse/issues/6739), [\#9359](https://github.com/matrix-org/synapse/issues/9359), [\#10167](https://github.com/matrix-org/synapse/issues/10167), [\#10212](https://github.com/matrix-org/synapse/issues/10212), [\#10227](https://github.com/matrix-org/synapse/issues/10227))
- Add experimental support for backfilling history into rooms ([MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716)). ([\#9247](https://github.com/matrix-org/synapse/issues/9247))
- Implement a generic interface for third-party plugin modules. ([\#10062](https://github.com/matrix-org/synapse/issues/10062), [\#10206](https://github.com/matrix-org/synapse/issues/10206))
- Implement config option `sso.update_profile_information` to sync SSO users' profile information with the identity provider each time they login. Currently only displayname is supported. ([\#10108](https://github.com/matrix-org/synapse/issues/10108))
- Ensure that errors during startup are written to the logs and the console. ([\#10191](https://github.com/matrix-org/synapse/issues/10191))

Bugfixes
--------

- Fix a bug introduced in Synapse v1.25.0 that prevented the `ip_range_whitelist` configuration option from working for federation and identity servers. Contributed by @mikure. ([\#10115](https://github.com/matrix-org/synapse/issues/10115))
- Remove a broken import line in Synapse's `admin_cmd` worker. Broke in Synapse v1.33.0. ([\#10154](https://github.com/matrix-org/synapse/issues/10154))
- Fix a bug introduced in Synapse v1.21.0 which could cause `/sync` to return immediately with an empty response. ([\#10157](https://github.com/matrix-org/synapse/issues/10157), [\#10158](https://github.com/matrix-org/synapse/issues/10158))
- Fix a minor bug in the response to `/_matrix/client/r0/user/{user}/openid/request_token` causing `expires_in` to be a float instead of an integer. Contributed by @lukaslihotzki. ([\#10175](https://github.com/matrix-org/synapse/issues/10175))
- Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs. ([\#10184](https://github.com/matrix-org/synapse/issues/10184))
- Fix a bug introduced in Synpase v1.7.2 where remote server count metrics collection would be incorrectly delayed on startup. Found by @heftig. ([\#10195](https://github.com/matrix-org/synapse/issues/10195))
- Fix a bug introduced in Synapse v1.35.1 where an `allow` key of a `m.room.join_rules` event could be applied for incorrect room versions and configurations. ([\#10208](https://github.com/matrix-org/synapse/issues/10208))
- Fix performance regression in responding to user key requests over federation. Introduced in Synapse v1.34.0rc1. ([\#10221](https://github.com/matrix-org/synapse/issues/10221))

Improved Documentation
----------------------

- Add a new guide to decoding request logs. ([\#8436](https://github.com/matrix-org/synapse/issues/8436))
- Mention in the sample homeserver config that you may need to configure max upload size in your reverse proxy. Contributed by @aaronraimist. ([\#10122](https://github.com/matrix-org/synapse/issues/10122))
- Fix broken links in documentation. ([\#10180](https://github.com/matrix-org/synapse/issues/10180))
- Deploy a snapshot of the documentation website upon each new Synapse release. ([\#10198](https://github.com/matrix-org/synapse/issues/10198))

Deprecations and Removals
-------------------------

- The current spam checker interface is deprecated in favour of a new generic modules system. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#deprecation-of-the-current-spam-checker-interface) for more information on how to update to the new system. ([\#10062](https://github.com/matrix-org/synapse/issues/10062), [\#10210](https://github.com/matrix-org/synapse/issues/10210), [\#10238](https://github.com/matrix-org/synapse/issues/10238))
- Stop supporting the unstable spaces prefixes from MSC1772. ([\#10161](https://github.com/matrix-org/synapse/issues/10161))
- Remove Synapse's support for automatically fetching and renewing certificates using the ACME v1 protocol. This protocol has been fully turned off by Let's Encrypt for existing installations on June 1st 2021. Admins previously using this feature should use a [reverse proxy](https://matrix-org.github.io/synapse/develop/reverse_proxy.html) to handle TLS termination, or use an external ACME client (such as [certbot](https://certbot.eff.org/)) to retrieve a certificate and key and provide them to Synapse using the `tls_certificate_path` and `tls_private_key_path` configuration settings. ([\#10194](https://github.com/matrix-org/synapse/issues/10194))

Internal Changes
----------------

- Update the database schema versioning to support gradual migration away from legacy tables. ([\#9933](https://github.com/matrix-org/synapse/issues/9933))
- Add type hints to the federation servlets. ([\#10080](https://github.com/matrix-org/synapse/issues/10080))
- Improve OpenTracing for event persistence. ([\#10134](https://github.com/matrix-org/synapse/issues/10134), [\#10193](https://github.com/matrix-org/synapse/issues/10193))
- Clean up the interface for injecting OpenTracing over HTTP. ([\#10143](https://github.com/matrix-org/synapse/issues/10143))
- Limit the number of in-flight `/keys/query` requests from a single device. ([\#10144](https://github.com/matrix-org/synapse/issues/10144))
- Refactor EventPersistenceQueue. ([\#10145](https://github.com/matrix-org/synapse/issues/10145))
- Document `SYNAPSE_TEST_LOG_LEVEL` to see the logger output when running tests. ([\#10148](https://github.com/matrix-org/synapse/issues/10148))
- Update the Complement build tags in GitHub Actions to test currently experimental features. ([\#10155](https://github.com/matrix-org/synapse/issues/10155))
- Add a `synapse_federation_soft_failed_events_total` metric to track how often events are soft failed. ([\#10156](https://github.com/matrix-org/synapse/issues/10156))
- Fetch the corresponding complement branch when performing CI. ([\#10160](https://github.com/matrix-org/synapse/issues/10160))
- Add some developer documentation about boolean columns in database schemas. ([\#10164](https://github.com/matrix-org/synapse/issues/10164))
- Add extra logging fields to better debug where events are being soft failed. ([\#10168](https://github.com/matrix-org/synapse/issues/10168))
- Add debug logging for when we enter and exit `Measure` blocks. ([\#10183](https://github.com/matrix-org/synapse/issues/10183))
- Improve comments in structured logging code. ([\#10188](https://github.com/matrix-org/synapse/issues/10188))
- Update [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083) support with modifications from the MSC. ([\#10189](https://github.com/matrix-org/synapse/issues/10189))
- Remove redundant DNS lookup limiter. ([\#10190](https://github.com/matrix-org/synapse/issues/10190))
- Upgrade `black` linting tool to 21.6b0. ([\#10197](https://github.com/matrix-org/synapse/issues/10197))
- Expose OpenTracing trace id in response headers. ([\#10199](https://github.com/matrix-org/synapse/issues/10199))
This commit is contained in:
Brendan Abolivier
2021-09-01 10:40:29 +01:00
parent 87e978bc76 88f9e8d62e
commit cba616de41
135 changed files with 3386 additions and 2059 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
tests/config/test_tls.py
View File

@@ -13,10 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import idna
import yaml
from OpenSSL import SSL
@@ -39,58 +36,6 @@ class TestConfig(RootConfig):
class TLSConfigTests(TestCase):
def test_warn_self_signed(self):
"""
Synapse will give a warning when it loads a self-signed certificate.
"""
config_dir = self.mktemp()
os.mkdir(config_dir)
with open(os.path.join(config_dir, "cert.pem"), "w") as f:
f.write(
"""-----BEGIN CERTIFICATE-----
MIID6DCCAtACAws9CjANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCVFIxDzAN
BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0xNzA3MTIxNDAxNTNaGA8yMTE3MDYx
ODE0MDE1M1owgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwT6kbqtMUI0sMkx4h
I+L780dA59KfksZCqJGmOsMD6hte9EguasfkZzvCF3dk3NhwCjFSOvKx6rCwiteo
WtYkVfo+rSuVNmt7bEsOUDtuTcaxTzIFB+yHOYwAaoz3zQkyVW0c4pzioiLCGCmf
FLdiDBQGGp74tb+7a0V6kC3vMLFoM3L6QWq5uYRB5+xLzlPJ734ltyvfZHL3Us6p
cUbK+3WTWvb4ER0W2RqArAj6Bc/ERQKIAPFEiZi9bIYTwvBH27OKHRz+KoY/G8zY
+l+WZoJqDhupRAQAuh7O7V/y6bSP+KNxJRie9QkZvw1PSaGSXtGJI3WWdO12/Ulg
epJpAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJXEq5P9xwvP9aDkXIqzcD0L8sf8
ewlhlxTQdeqt2Nace0Yk18lIo2oj1t86Y8jNbpAnZJeI813Rr5M7FbHCXoRc/SZG
I8OtG1xGwcok53lyDuuUUDexnK4O5BkjKiVlNPg4HPim5Kuj2hRNFfNt/F2BVIlj
iZupikC5MT1LQaRwidkSNxCku1TfAyueiBwhLnFwTmIGNnhuDCutEVAD9kFmcJN2
SznugAcPk4doX2+rL+ila+ThqgPzIkwTUHtnmjI0TI6xsDUlXz5S3UyudrE2Qsfz
s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
-----END CERTIFICATE-----"""
)
config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
}
t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="")
t.read_tls_certificate()
warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1)
self.assertEqual(
warnings[0]["message"],
(
"Self-signed TLS certificates will not be accepted by "
"Synapse 1.0. Please either provide a valid certificate, "
"or use Synapse's ACME support to provision one."
),
)
def test_tls_client_minimum_default(self):
"""
The default client TLS version is 1.0.
@@ -202,48 +147,6 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
self.assertEqual(options & SSL.OP_NO_TLSv1_1, 0)
self.assertEqual(options & SSL.OP_NO_TLSv1_2, 0)
def test_acme_disabled_in_generated_config_no_acme_domain_provied(self):
"""
Checks acme is disabled by default.
"""
conf = TestConfig()
conf.read_config(
yaml.safe_load(
TestConfig().generate_config(
"/config_dir_path",
"my_super_secure_server",
"/data_dir_path",
tls_certificate_path="/tls_cert_path",
tls_private_key_path="tls_private_key",
acme_domain=None, # This is the acme_domain
)
),
"/config_dir_path",
)
self.assertFalse(conf.acme_enabled)
def test_acme_enabled_in_generated_config_domain_provided(self):
"""
Checks acme is enabled if the acme_domain arg is set to some string.
"""
conf = TestConfig()
conf.read_config(
yaml.safe_load(
TestConfig().generate_config(
"/config_dir_path",
"my_super_secure_server",
"/data_dir_path",
tls_certificate_path="/tls_cert_path",
tls_private_key_path="tls_private_key",
acme_domain="my_supe_secure_server", # This is the acme_domain
)
),
"/config_dir_path",
)
self.assertTrue(conf.acme_enabled)
def test_whitelist_idna_failure(self):
"""
The federation certificate whitelist will not allow IDNA domain names.

37
tests/federation/transport/test_knocking.py
View File

@@ -1,4 +1,3 @@
# -*- coding: utf-8 -*-
# Copyright 2020 Matrix.org Federation C.I.C
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,8 +14,6 @@
from collections import OrderedDict
from typing import Dict, List
from twisted.internet.defer import succeed
from synapse.api.constants import EventTypes, JoinRules, Membership
from synapse.api.room_versions import RoomVersions
from synapse.events import builder
@@ -28,9 +25,6 @@ from synapse.types import RoomAlias
from tests.test_utils import event_injection
from tests.unittest import FederatingHomeserverTestCase, TestCase, override_config
# An identifier to use while MSC2304 is not in a stable release of the spec
KNOCK_UNSTABLE_IDENTIFIER = "xyz.amorgan.knock"
class KnockingStrippedStateEventHelperMixin(TestCase):
def send_example_state_events_to_room(
@@ -133,6 +127,16 @@ class KnockingStrippedStateEventHelperMixin(TestCase):
)
)
# Finally, we expect to see the m.room.create event of the room as part of the
# stripped state. We don't need to inject this event though.
room_state[EventTypes.Create] = {
"content": {
"creator": sender,
"room_version": RoomVersions.V7.identifier,
},
"state_key": "",
}
return room_state
def check_knock_room_state_against_room_state(
@@ -192,19 +196,21 @@ class FederationKnockingTestCase(
# Note that these checks are not relevant to this test case.
# Have this homeserver auto-approve all event signature checking.
def approve_all_signature_checking(_, ev):
return [succeed(ev[0])]
async def approve_all_signature_checking(_, pdu):
return pdu
homeserver.get_federation_server()._check_sigs_and_hashes = (
homeserver.get_federation_server()._check_sigs_and_hash = (
approve_all_signature_checking
)
# Have this homeserver skip event auth checks. This is necessary due to
# event auth checks ensuring that events were signed the sender's homeserver.
async def do_auth(origin, event, context, auth_events):
# event auth checks ensuring that events were signed by the sender's homeserver.
async def _check_event_auth(
origin, event, context, state, auth_events, backfilled
):
return context
homeserver.get_federation_handler().do_auth = do_auth
homeserver.get_federation_handler()._check_event_auth = _check_event_auth
return super().prepare(reactor, clock, homeserver)
@@ -234,9 +240,8 @@ class FederationKnockingTestCase(
channel = self.make_request(
"GET",
"/_matrix/federation/unstable/%s/make_knock/%s/%s?ver=%s"
"/_matrix/federation/v1/make_knock/%s/%s?ver=%s"
% (
KNOCK_UNSTABLE_IDENTIFIER,
room_id,
fake_knocking_user_id,
# Inform the remote that we support the room version of the room we're
@@ -278,8 +283,8 @@ class FederationKnockingTestCase(
# Send the signed knock event into the room
channel = self.make_request(
"PUT",
"/_matrix/federation/unstable/%s/send_knock/%s/%s"
% (KNOCK_UNSTABLE_IDENTIFIER, room_id, signed_knock_event.event_id),
"/_matrix/federation/v1/send_knock/%s/%s"
% (room_id, signed_knock_event.event_id),
signed_knock_event_json,
)
self.assertEquals(200, channel.code, channel.result)

2
tests/handlers/test_appservice.py
View File

@@ -26,7 +26,7 @@ from .. import unittest
class AppServiceHandlerTestCase(unittest.TestCase):
""" Tests the ApplicationServicesHandler. """
"""Tests the ApplicationServicesHandler."""
def setUp(self):
self.mock_store = Mock()

2
tests/handlers/test_directory.py
View File

@@ -27,7 +27,7 @@ from tests.test_utils import make_awaitable
class DirectoryTestCase(unittest.HomeserverTestCase):
""" Tests the directory service. """
"""Tests the directory service."""
def make_homeserver(self, reactor, clock):
self.mock_federation = Mock()

13
tests/handlers/test_e2e_keys.py
View File

@@ -257,7 +257,9 @@ class E2eKeysHandlerTestCase(unittest.HomeserverTestCase):
self.get_success(self.handler.upload_signing_keys_for_user(local_user, keys2))
devices = self.get_success(
self.handler.query_devices({"device_keys": {local_user: []}}, 0, local_user)
self.handler.query_devices(
{"device_keys": {local_user: []}}, 0, local_user, "device123"
)
)
self.assertDictEqual(devices["master_keys"], {local_user: keys2["master_key"]})
@@ -357,7 +359,9 @@ class E2eKeysHandlerTestCase(unittest.HomeserverTestCase):
device_key_1["signatures"][local_user]["ed25519:abc"] = "base64+signature"
device_key_2["signatures"][local_user]["ed25519:def"] = "base64+signature"
devices = self.get_success(
self.handler.query_devices({"device_keys": {local_user: []}}, 0, local_user)
self.handler.query_devices(
{"device_keys": {local_user: []}}, 0, local_user, "device123"
)
)
del devices["device_keys"][local_user]["abc"]["unsigned"]
del devices["device_keys"][local_user]["def"]["unsigned"]
@@ -591,7 +595,10 @@ class E2eKeysHandlerTestCase(unittest.HomeserverTestCase):
# fetch the signed keys/devices and make sure that the signatures are there
ret = self.get_success(
self.handler.query_devices(
{"device_keys": {local_user: [], other_user: []}}, 0, local_user
{"device_keys": {local_user: [], other_user: []}},
0,
local_user,
"device123",
)
)

4
tests/handlers/test_presence.py
View File

@@ -863,7 +863,9 @@ class PresenceJoinTestCase(unittest.HomeserverTestCase):
self.store.get_latest_event_ids_in_room(room_id)
)
event = self.get_success(builder.build(prev_event_ids, None))
event = self.get_success(
builder.build(prev_event_ids=prev_event_ids, auth_event_ids=None)
)
self.get_success(self.federation_handler.on_receive_pdu(hostname, event))

2
tests/handlers/test_profile.py
View File

@@ -23,7 +23,7 @@ from tests.test_utils import make_awaitable
class ProfileTestCase(unittest.HomeserverTestCase):
""" Tests profile management. """
"""Tests profile management."""
def make_homeserver(self, reactor, clock):
self.mock_federation = Mock()

198
tests/handlers/test_register.py
View File

@@ -17,6 +17,7 @@ from unittest.mock import Mock
from synapse.api.auth import Auth
from synapse.api.constants import UserTypes
from synapse.api.errors import Codes, ResourceLimitError, SynapseError
from synapse.events.spamcheck import load_legacy_spam_checkers
from synapse.rest.client.v2_alpha.register import (
_map_email_to_displayname,
register_servlets,
@@ -32,8 +33,93 @@ from tests.utils import mock_getRawHeaders
from .. import unittest
class TestSpamChecker:
def __init__(self, config, api):
api.register_spam_checker_callbacks(
check_registration_for_spam=self.check_registration_for_spam,
)
@staticmethod
def parse_config(config):
return config
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
auth_provider_id,
):
pass
class DenyAll(TestSpamChecker):
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
auth_provider_id,
):
return RegistrationBehaviour.DENY
class BanAll(TestSpamChecker):
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
auth_provider_id,
):
return RegistrationBehaviour.SHADOW_BAN
class BanBadIdPUser(TestSpamChecker):
async def check_registration_for_spam(
self, email_threepid, username, request_info, auth_provider_id=None
):
# Reject any user coming from CAS and whose username contains profanity
if auth_provider_id == "cas" and "flimflob" in username:
return RegistrationBehaviour.DENY
return RegistrationBehaviour.ALLOW
class TestLegacyRegistrationSpamChecker:
def __init__(self, config, api):
pass
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
):
pass
class LegacyAllowAll(TestLegacyRegistrationSpamChecker):
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
):
return RegistrationBehaviour.ALLOW
class LegacyDenyAll(TestLegacyRegistrationSpamChecker):
async def check_registration_for_spam(
self,
email_threepid,
username,
request_info,
):
return RegistrationBehaviour.DENY
class RegistrationTestCase(unittest.HomeserverTestCase):
""" Tests the RegistrationHandler. """
"""Tests the RegistrationHandler."""
servlets = [
register_servlets,
@@ -51,6 +137,13 @@ class RegistrationTestCase(unittest.HomeserverTestCase):
hs_config["limit_usage_by_mau"] = True
hs = self.setup_test_homeserver(config=hs_config)
load_legacy_spam_checkers(hs)
module_api = hs.get_module_api()
for module, config in hs.config.modules.loaded_modules:
module(config=config, api=module_api)
return hs
def prepare(self, reactor, clock, hs):
@@ -474,34 +567,70 @@ class RegistrationTestCase(unittest.HomeserverTestCase):
self.handler.register_user(localpart=invalid_user_id), SynapseError
)
@override_config(
{
"modules": [
{
"module": TestSpamChecker.__module__ + ".DenyAll",
}
]
}
)
def test_spam_checker_deny(self):
"""A spam checker can deny registration, which results in an error."""
class DenyAll:
def check_registration_for_spam(
self, email_threepid, username, request_info
):
return RegistrationBehaviour.DENY
# Configure a spam checker that denies all users.
spam_checker = self.hs.get_spam_checker()
spam_checker.spam_checkers = [DenyAll()]
self.get_failure(self.handler.register_user(localpart="user"), SynapseError)
@override_config(
{
"spam_checker": [
{
"module": TestSpamChecker.__module__ + ".LegacyAllowAll",
}
]
}
)
def test_spam_checker_legacy_allow(self):
"""Tests that a legacy spam checker implementing the legacy 3-arg version of the
check_registration_for_spam callback is correctly called.
In this test and the following one we test both success and failure to make sure
any failure comes from the spam checker (and not something else failing in the
call stack) and any success comes from the spam checker (and not because a
misconfiguration prevented it from being loaded).
"""
self.get_success(self.handler.register_user(localpart="user"))
@override_config(
{
"spam_checker": [
{
"module": TestSpamChecker.__module__ + ".LegacyDenyAll",
}
]
}
)
def test_spam_checker_legacy_deny(self):
"""Tests that a legacy spam checker implementing the legacy 3-arg version of the
check_registration_for_spam callback is correctly called.
In this test and the previous one we test both success and failure to make sure
any failure comes from the spam checker (and not something else failing in the
call stack) and any success comes from the spam checker (and not because a
misconfiguration prevented it from being loaded).
"""
self.get_failure(self.handler.register_user(localpart="user"), SynapseError)
@override_config(
{
"modules": [
{
"module": TestSpamChecker.__module__ + ".BanAll",
}
]
}
)
def test_spam_checker_shadow_ban(self):
"""A spam checker can choose to shadow-ban a user, which allows registration to succeed."""
class BanAll:
def check_registration_for_spam(
self, email_threepid, username, request_info
):
return RegistrationBehaviour.SHADOW_BAN
# Configure a spam checker that denies all users.
spam_checker = self.hs.get_spam_checker()
spam_checker.spam_checkers = [BanAll()]
user_id = self.get_success(self.handler.register_user(localpart="user"))
# Get an access token.
@@ -521,22 +650,17 @@ class RegistrationTestCase(unittest.HomeserverTestCase):
self.assertTrue(requester.shadow_banned)
@override_config(
{
"modules": [
{
"module": TestSpamChecker.__module__ + ".BanBadIdPUser",
}
]
}
)
def test_spam_checker_receives_sso_type(self):
"""Test rejecting registration based on SSO type"""
class BanBadIdPUser:
def check_registration_for_spam(
self, email_threepid, username, request_info, auth_provider_id=None
):
# Reject any user coming from CAS and whose username contains profanity
if auth_provider_id == "cas" and "flimflob" in username:
return RegistrationBehaviour.DENY
return RegistrationBehaviour.ALLOW
# Configure a spam checker that denies a certain user on a specific IdP
spam_checker = self.hs.get_spam_checker()
spam_checker.spam_checkers = [BanBadIdPUser()]
f = self.get_failure(
self.handler.register_user(localpart="bobflimflob", auth_provider_id="cas"),
SynapseError,

99
tests/handlers/test_space_summary.py
View File

@@ -11,10 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from typing import Any, Optional
from typing import Any, Iterable, Optional, Tuple
from unittest import mock
from synapse.api.errors import AuthError
from synapse.handlers.space_summary import _child_events_comparison_key
from synapse.rest import admin
from synapse.rest.client.v1 import login, room
from synapse.server import HomeServer
from synapse.types import JsonDict
from tests import unittest
@@ -79,3 +84,95 @@ class TestSpaceSummarySort(unittest.TestCase):
ev1 = _create_event("!abc:test", "a" * 51)
self.assertEqual([ev2, ev1], _order(ev1, ev2))
class SpaceSummaryTestCase(unittest.HomeserverTestCase):
servlets = [
admin.register_servlets_for_client_rest_resource,
room.register_servlets,
login.register_servlets,
]
def prepare(self, reactor, clock, hs: HomeServer):
self.hs = hs
self.handler = self.hs.get_space_summary_handler()
self.user = self.register_user("user", "pass")
self.token = self.login("user", "pass")
def _add_child(self, space_id: str, room_id: str, token: str) -> None:
"""Add a child room to a space."""
self.helper.send_state(
space_id,
event_type="m.space.child",
body={"via": [self.hs.hostname]},
tok=token,
state_key=room_id,
)
def _assert_rooms(self, result: JsonDict, rooms: Iterable[str]) -> None:
"""Assert that the expected room IDs are in the response."""
self.assertCountEqual([room.get("room_id") for room in result["rooms"]], rooms)
def _assert_events(
self, result: JsonDict, events: Iterable[Tuple[str, str]]
) -> None:
"""Assert that the expected parent / child room IDs are in the response."""
self.assertCountEqual(
[
(event.get("room_id"), event.get("state_key"))
for event in result["events"]
],
events,
)
def test_simple_space(self):
"""Test a simple space with a single room."""
space = self.helper.create_room_as(self.user, tok=self.token)
room = self.helper.create_room_as(self.user, tok=self.token)
self._add_child(space, room, self.token)
result = self.get_success(self.handler.get_space_summary(self.user, space))
# The result should have the space and the room in it, along with a link
# from space -> room.
self._assert_rooms(result, [space, room])
self._assert_events(result, [(space, room)])
def test_visibility(self):
"""A user not in a space cannot inspect it."""
space = self.helper.create_room_as(self.user, tok=self.token)
room = self.helper.create_room_as(self.user, tok=self.token)
self._add_child(space, room, self.token)
user2 = self.register_user("user2", "pass")
token2 = self.login("user2", "pass")
# The user cannot see the space.
self.get_failure(self.handler.get_space_summary(user2, space), AuthError)
# Joining the room causes it to be visible.
self.helper.join(space, user2, tok=token2)
result = self.get_success(self.handler.get_space_summary(user2, space))
# The result should only have the space, but includes the link to the room.
self._assert_rooms(result, [space])
self._assert_events(result, [(space, room)])
def test_world_readable(self):
"""A world-readable room is visible to everyone."""
space = self.helper.create_room_as(self.user, tok=self.token)
room = self.helper.create_room_as(self.user, tok=self.token)
self._add_child(space, room, self.token)
self.helper.send_state(
space,
event_type="m.room.history_visibility",
body={"history_visibility": "world_readable"},
tok=self.token,
)
user2 = self.register_user("user2", "pass")
# The space should be visible, as well as the link to the room.
result = self.get_success(self.handler.get_space_summary(user2, space))
self._assert_rooms(result, [space])
self._assert_events(result, [(space, room)])

2
tests/handlers/test_sync.py
View File

@@ -22,7 +22,7 @@ import tests.utils
class SyncTestCase(tests.unittest.HomeserverTestCase):
""" Tests Sync Handler. """
"""Tests Sync Handler."""
def prepare(self, reactor, clock, hs):
self.hs = hs

21
tests/handlers/test_user_directory.py
View File

@@ -312,15 +312,13 @@ class UserDirectoryTestCase(unittest.HomeserverTestCase):
s = self.get_success(self.handler.search_users(u1, "user2", 10))
self.assertEqual(len(s["results"]), 1)
async def allow_all(user_profile):
# Allow all users.
return False
# Configure a spam checker that does not filter any users.
spam_checker = self.hs.get_spam_checker()
class AllowAll:
async def check_username_for_spam(self, user_profile):
# Allow all users.
return False
spam_checker.spam_checkers = [AllowAll()]
spam_checker._check_username_for_spam_callbacks = [allow_all]
# The results do not change:
# We get one search result when searching for user2 by user1.
@@ -328,12 +326,11 @@ class UserDirectoryTestCase(unittest.HomeserverTestCase):
self.assertEqual(len(s["results"]), 1)
# Configure a spam checker that filters all users.
class BlockAll:
async def check_username_for_spam(self, user_profile):
# All users are spammy.
return True
async def block_all(user_profile):
# All users are spammy.
return True
spam_checker.spam_checkers = [BlockAll()]
spam_checker._check_username_for_spam_callbacks = [block_all]
# User1 now gets no search results for any of the other users.
s = self.get_success(self.handler.search_users(u1, "user2", 10))

4
tests/replication/test_federation_sender_shard.py
View File

@@ -224,7 +224,9 @@ class FederationSenderTestCase(BaseMultiWorkerStreamTestCase):
}
builder = factory.for_room_version(room_version, event_dict)
join_event = self.get_success(builder.build(prev_event_ids, None))
join_event = self.get_success(
builder.build(prev_event_ids=prev_event_ids, auth_event_ids=None)
)
self.get_success(federation.on_send_join_request(remote_server, join_event))
self.replicate()

2
tests/rest/client/v1/test_events.py
View File

@@ -23,7 +23,7 @@ from tests import unittest
class EventStreamPermissionsTestCase(unittest.HomeserverTestCase):
""" Tests event streaming (GET /events). """
"""Tests event streaming (GET /events)."""
servlets = [
events.register_servlets,

2
tests/rest/client/v1/test_presence.py
View File

@@ -24,7 +24,7 @@ from tests import unittest
class PresenceTestCase(unittest.HomeserverTestCase):
""" Tests presence REST API. """
"""Tests presence REST API."""
user_id = "@sid:red"

16
tests/rest/client/v1/test_rooms.py
View File

@@ -64,7 +64,7 @@ class RoomBase(unittest.HomeserverTestCase):
class RoomPermissionsTestCase(RoomBase):
""" Tests room permissions. """
"""Tests room permissions."""
user_id = "@sid1:red"
rmcreator_id = "@notme:red"
@@ -377,7 +377,7 @@ class RoomPermissionsTestCase(RoomBase):
class RoomsMemberListTestCase(RoomBase):
""" Tests /rooms/$room_id/members/list REST events."""
"""Tests /rooms/$room_id/members/list REST events."""
user_id = "@sid1:red"
@@ -416,7 +416,7 @@ class RoomsMemberListTestCase(RoomBase):
class RoomsCreateTestCase(RoomBase):
""" Tests /rooms and /rooms/$room_id REST events. """
"""Tests /rooms and /rooms/$room_id REST events."""
user_id = "@sid1:red"
@@ -502,7 +502,7 @@ class RoomsCreateTestCase(RoomBase):
class RoomTopicTestCase(RoomBase):
""" Tests /rooms/$room_id/topic REST events. """
"""Tests /rooms/$room_id/topic REST events."""
user_id = "@sid1:red"
@@ -566,7 +566,7 @@ class RoomTopicTestCase(RoomBase):
class RoomMemberStateTestCase(RoomBase):
""" Tests /rooms/$room_id/members/$user_id/state REST events. """
"""Tests /rooms/$room_id/members/$user_id/state REST events."""
user_id = "@sid1:red"
@@ -790,7 +790,7 @@ class RoomJoinRatelimitTestCase(RoomBase):
class RoomMessagesTestCase(RoomBase):
""" Tests /rooms/$room_id/messages/$user_id/$msg_id REST events. """
"""Tests /rooms/$room_id/messages/$user_id/$msg_id REST events."""
user_id = "@sid1:red"
@@ -838,7 +838,7 @@ class RoomMessagesTestCase(RoomBase):
class RoomInitialSyncTestCase(RoomBase):
""" Tests /rooms/$room_id/initialSync. """
"""Tests /rooms/$room_id/initialSync."""
user_id = "@sid1:red"
@@ -879,7 +879,7 @@ class RoomInitialSyncTestCase(RoomBase):
class RoomMessageListTestCase(RoomBase):
""" Tests /rooms/$room_id/messages REST events. """
"""Tests /rooms/$room_id/messages REST events."""
user_id = "@sid1:red"

2
tests/rest/client/v1/test_typing.py
View File

@@ -26,7 +26,7 @@ PATH_PREFIX = "/_matrix/client/api/v1"
class RoomTypingTestCase(unittest.HomeserverTestCase):
""" Tests /rooms/$room_id/typing/$user_id REST API. """
"""Tests /rooms/$room_id/typing/$user_id REST API."""
user_id = "@sid:red"

58
tests/rest/client/v2_alpha/test_sync.py
View File

@@ -339,7 +339,7 @@ class SyncKnockTestCase(
self.room_id = self.helper.create_room_as(
self.user_id,
is_public=False,
room_version=RoomVersions.V7.identifier,
room_version="7",
tok=self.tok,
)
@@ -369,7 +369,7 @@ class SyncKnockTestCase(
# Knock on a room
channel = self.make_request(
"POST",
"/_matrix/client/unstable/xyz.amorgan.knock/%s" % (self.room_id,),
"/_matrix/client/r0/knock/%s" % (self.room_id,),
b"{}",
self.knocker_tok,
)
@@ -377,7 +377,7 @@ class SyncKnockTestCase(
# We expect to see the knock event in the stripped room state later
self.expected_room_state[EventTypes.Member] = {
"content": {"membership": Membership.KNOCK, "displayname": "knocker"},
"content": {"membership": "knock", "displayname": "knocker"},
"state_key": "@knocker:test",
}
@@ -390,7 +390,7 @@ class SyncKnockTestCase(
self.assertEqual(channel.code, 200, channel.json_body)
# Extract the stripped room state events from /sync
knock_entry = channel.json_body["rooms"][Membership.KNOCK]
knock_entry = channel.json_body["rooms"]["knock"]
room_state_events = knock_entry[self.room_id]["knock_state"]["events"]
# Validate that the knock membership event came last
@@ -564,3 +564,53 @@ class UnreadMessagesTestCase(unittest.HomeserverTestCase):
# Store the next batch for the next request.
self.next_batch = channel.json_body["next_batch"]
class SyncCacheTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
sync.register_servlets,
]
def test_noop_sync_does_not_tightloop(self):
"""If the sync times out, we shouldn't cache the result
Essentially a regression test for #8518.
"""
self.user_id = self.register_user("kermit", "monkey")
self.tok = self.login("kermit", "monkey")
# we should immediately get an initial sync response
channel = self.make_request("GET", "/sync", access_token=self.tok)
self.assertEqual(channel.code, 200, channel.json_body)
# now, make an incremental sync request, with a timeout
next_batch = channel.json_body["next_batch"]
channel = self.make_request(
"GET",
f"/sync?since={next_batch}&timeout=10000",
access_token=self.tok,
await_result=False,
)
# that should block for 10 seconds
with self.assertRaises(TimedOutException):
channel.await_result(timeout_ms=9900)
channel.await_result(timeout_ms=200)
self.assertEqual(channel.code, 200, channel.json_body)
# we expect the next_batch in the result to be the same as before
self.assertEqual(channel.json_body["next_batch"], next_batch)
# another incremental sync should also block.
channel = self.make_request(
"GET",
f"/sync?since={next_batch}&timeout=10000",
access_token=self.tok,
await_result=False,
)
# that should block for 10 seconds
with self.assertRaises(TimedOutException):
channel.await_result(timeout_ms=9900)
channel.await_result(timeout_ms=200)
self.assertEqual(channel.code, 200, channel.json_body)

3
tests/rest/media/v1/test_media_storage.py
View File

@@ -27,6 +27,7 @@ from PIL import Image as Image
from twisted.internet import defer
from twisted.internet.defer import Deferred
from synapse.events.spamcheck import load_legacy_spam_checkers
from synapse.logging.context import make_deferred_yieldable
from synapse.rest import admin
from synapse.rest.client.v1 import login
@@ -535,6 +536,8 @@ class SpamCheckerTestCase(unittest.HomeserverTestCase):
self.download_resource = self.media_repo.children[b"download"]
self.upload_resource = self.media_repo.children[b"upload"]
load_legacy_spam_checkers(hs)
def default_config(self):
config = default_config("test")

8
tests/server.py
View File

@@ -138,21 +138,19 @@ class FakeChannel:
def transport(self):
return self
def await_result(self, timeout: int = 100) -> None:
def await_result(self, timeout_ms: int = 1000) -> None:
"""
Wait until the request is finished.
"""
end_time = self._reactor.seconds() + timeout_ms / 1000.0
self._reactor.run()
x = 0
while not self.is_finished():
# If there's a producer, tell it to resume producing so we get content
if self._producer:
self._producer.resumeProducing()
x += 1
if x > timeout:
if self._reactor.seconds() > end_time:
raise TimedOutException("Timed out waiting for request to finish.")
self._reactor.advance(0.1)

2
tests/storage/test_base.py
View File

@@ -27,7 +27,7 @@ from tests.utils import TestHomeServer, default_config
class SQLBaseStoreTestCase(unittest.TestCase):
""" Test the "simple" SQL generating methods in SQLBaseStore. """
"""Test the "simple" SQL generating methods in SQLBaseStore."""
def setUp(self):
self.db_pool = Mock(spec=["runInteraction"])

13
tests/storage/test_redaction.py
View File

@@ -232,9 +232,14 @@ class RedactionTestCase(unittest.HomeserverTestCase):
self._base_builder = base_builder
self._event_id = event_id
async def build(self, prev_event_ids, auth_event_ids):
async def build(
self,
prev_event_ids,
auth_event_ids,
depth: Optional[int] = None,
):
built_event = await self._base_builder.build(
prev_event_ids, auth_event_ids
prev_event_ids=prev_event_ids, auth_event_ids=auth_event_ids
)
built_event._event_id = self._event_id
@@ -251,6 +256,10 @@ class RedactionTestCase(unittest.HomeserverTestCase):
def type(self):
return self._base_builder.type
@property
def internal_metadata(self):
return self._base_builder.internal_metadata
event_1, context_1 = self.get_success(
self.event_creation_handler.create_new_client_event(
EventIdManglingBuilder(

75
tests/util/caches/test_responsecache.py → tests/util/caches/test_response_cache.py
View File

@@ -11,14 +11,17 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from parameterized import parameterized
from synapse.util.caches.response_cache import ResponseCache
from twisted.internet import defer
from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
from tests.server import get_clock
from tests.unittest import TestCase
class DeferredCacheTestCase(TestCase):
class ResponseCacheTestCase(TestCase):
"""
A TestCase class for ResponseCache.
@@ -48,7 +51,9 @@ class DeferredCacheTestCase(TestCase):
expected_result = "howdy"
wrap_d = cache.wrap(0, self.instant_return, expected_result)
wrap_d = defer.ensureDeferred(
cache.wrap(0, self.instant_return, expected_result)
)
self.assertEqual(
expected_result,
@@ -66,7 +71,9 @@ class DeferredCacheTestCase(TestCase):
expected_result = "howdy"
wrap_d = cache.wrap(0, self.instant_return, expected_result)
wrap_d = defer.ensureDeferred(
cache.wrap(0, self.instant_return, expected_result)
)
self.assertEqual(
expected_result,
@@ -80,7 +87,9 @@ class DeferredCacheTestCase(TestCase):
expected_result = "howdy"
wrap_d = cache.wrap(0, self.instant_return, expected_result)
wrap_d = defer.ensureDeferred(
cache.wrap(0, self.instant_return, expected_result)
)
self.assertEqual(expected_result, self.successResultOf(wrap_d))
self.assertEqual(
@@ -99,7 +108,10 @@ class DeferredCacheTestCase(TestCase):
expected_result = "howdy"
wrap_d = cache.wrap(0, self.delayed_return, expected_result)
wrap_d = defer.ensureDeferred(
cache.wrap(0, self.delayed_return, expected_result)
)
self.assertNoResult(wrap_d)
# function wakes up, returns result
@@ -112,7 +124,9 @@ class DeferredCacheTestCase(TestCase):
expected_result = "howdy"
wrap_d = cache.wrap(0, self.delayed_return, expected_result)
wrap_d = defer.ensureDeferred(
cache.wrap(0, self.delayed_return, expected_result)
)
self.assertNoResult(wrap_d)
# stop at 1 second to callback cache eviction callLater at that time, then another to set time at 2
@@ -129,3 +143,50 @@ class DeferredCacheTestCase(TestCase):
self.reactor.pump((2,))
self.assertIsNone(cache.get(0), "cache should not have the result now")
@parameterized.expand([(True,), (False,)])
def test_cache_context_nocache(self, should_cache: bool):
"""If the callback clears the should_cache bit, the result should not be cached"""
cache = self.with_cache("medium_cache", ms=3000)
expected_result = "howdy"
call_count = 0
async def non_caching(o: str, cache_context: ResponseCacheContext[int]):
nonlocal call_count
call_count += 1
await self.clock.sleep(1)
cache_context.should_cache = should_cache
return o
wrap_d = defer.ensureDeferred(
cache.wrap(0, non_caching, expected_result, cache_context=True)
)
# there should be no result to start with
self.assertNoResult(wrap_d)
# a second call should also return a pending deferred
wrap2_d = defer.ensureDeferred(
cache.wrap(0, non_caching, expected_result, cache_context=True)
)
self.assertNoResult(wrap2_d)
# and there should have been exactly one call
self.assertEqual(call_count, 1)
# let the call complete
self.reactor.advance(1)
# both results should have completed
self.assertEqual(expected_result, self.successResultOf(wrap_d))
self.assertEqual(expected_result, self.successResultOf(wrap2_d))
if should_cache:
self.assertEqual(
expected_result,
self.successResultOf(cache.get(0)),
"cache should still have the result",
)
else:
self.assertIsNone(cache.get(0), "cache should not have the result")