1
0

test_event_auth.py 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608
  1. # Copyright 2018 New Vector Ltd
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. import unittest
  15. from typing import Optional
  16. from synapse import event_auth
  17. from synapse.api.constants import EventContentFields
  18. from synapse.api.errors import AuthError
  19. from synapse.api.room_versions import RoomVersions
  20. from synapse.events import EventBase, make_event_from_dict
  21. from synapse.types import JsonDict, get_domain_from_id
  22. class EventAuthTestCase(unittest.TestCase):
  23. def test_rejected_auth_events(self):
  24. """
  25. Events that refer to rejected events in their auth events are rejected
  26. """
  27. creator = "@creator:example.com"
  28. auth_events = [
  29. _create_event(creator),
  30. _join_event(creator),
  31. ]
  32. # creator should be able to send state
  33. event_auth.check_auth_rules_for_event(
  34. RoomVersions.V9,
  35. _random_state_event(creator),
  36. auth_events,
  37. )
  38. # ... but a rejected join_rules event should cause it to be rejected
  39. rejected_join_rules = _join_rules_event(creator, "public")
  40. rejected_join_rules.rejected_reason = "stinky"
  41. auth_events.append(rejected_join_rules)
  42. self.assertRaises(
  43. AuthError,
  44. event_auth.check_auth_rules_for_event,
  45. RoomVersions.V9,
  46. _random_state_event(creator),
  47. auth_events,
  48. )
  49. # ... even if there is *also* a good join rules
  50. auth_events.append(_join_rules_event(creator, "public"))
  51. self.assertRaises(
  52. AuthError,
  53. event_auth.check_auth_rules_for_event,
  54. RoomVersions.V9,
  55. _random_state_event(creator),
  56. auth_events,
  57. )
  58. def test_random_users_cannot_send_state_before_first_pl(self):
  59. """
  60. Check that, before the first PL lands, the creator is the only user
  61. that can send a state event.
  62. """
  63. creator = "@creator:example.com"
  64. joiner = "@joiner:example.com"
  65. auth_events = [
  66. _create_event(creator),
  67. _join_event(creator),
  68. _join_event(joiner),
  69. ]
  70. # creator should be able to send state
  71. event_auth.check_auth_rules_for_event(
  72. RoomVersions.V1,
  73. _random_state_event(creator),
  74. auth_events,
  75. )
  76. # joiner should not be able to send state
  77. self.assertRaises(
  78. AuthError,
  79. event_auth.check_auth_rules_for_event,
  80. RoomVersions.V1,
  81. _random_state_event(joiner),
  82. auth_events,
  83. )
  84. def test_state_default_level(self):
  85. """
  86. Check that users above the state_default level can send state and
  87. those below cannot
  88. """
  89. creator = "@creator:example.com"
  90. pleb = "@joiner:example.com"
  91. king = "@joiner2:example.com"
  92. auth_events = [
  93. _create_event(creator),
  94. _join_event(creator),
  95. _power_levels_event(
  96. creator, {"state_default": "30", "users": {pleb: "29", king: "30"}}
  97. ),
  98. _join_event(pleb),
  99. _join_event(king),
  100. ]
  101. # pleb should not be able to send state
  102. self.assertRaises(
  103. AuthError,
  104. event_auth.check_auth_rules_for_event,
  105. RoomVersions.V1,
  106. _random_state_event(pleb),
  107. auth_events,
  108. ),
  109. # king should be able to send state
  110. event_auth.check_auth_rules_for_event(
  111. RoomVersions.V1,
  112. _random_state_event(king),
  113. auth_events,
  114. )
  115. def test_alias_event(self):
  116. """Alias events have special behavior up through room version 6."""
  117. creator = "@creator:example.com"
  118. other = "@other:example.com"
  119. auth_events = [
  120. _create_event(creator),
  121. _join_event(creator),
  122. ]
  123. # creator should be able to send aliases
  124. event_auth.check_auth_rules_for_event(
  125. RoomVersions.V1,
  126. _alias_event(creator),
  127. auth_events,
  128. )
  129. # Reject an event with no state key.
  130. with self.assertRaises(AuthError):
  131. event_auth.check_auth_rules_for_event(
  132. RoomVersions.V1,
  133. _alias_event(creator, state_key=""),
  134. auth_events,
  135. )
  136. # If the domain of the sender does not match the state key, reject.
  137. with self.assertRaises(AuthError):
  138. event_auth.check_auth_rules_for_event(
  139. RoomVersions.V1,
  140. _alias_event(creator, state_key="test.com"),
  141. auth_events,
  142. )
  143. # Note that the member does *not* need to be in the room.
  144. event_auth.check_auth_rules_for_event(
  145. RoomVersions.V1,
  146. _alias_event(other),
  147. auth_events,
  148. )
  149. def test_msc2432_alias_event(self):
  150. """After MSC2432, alias events have no special behavior."""
  151. creator = "@creator:example.com"
  152. other = "@other:example.com"
  153. auth_events = [
  154. _create_event(creator),
  155. _join_event(creator),
  156. ]
  157. # creator should be able to send aliases
  158. event_auth.check_auth_rules_for_event(
  159. RoomVersions.V6,
  160. _alias_event(creator),
  161. auth_events,
  162. )
  163. # No particular checks are done on the state key.
  164. event_auth.check_auth_rules_for_event(
  165. RoomVersions.V6,
  166. _alias_event(creator, state_key=""),
  167. auth_events,
  168. )
  169. event_auth.check_auth_rules_for_event(
  170. RoomVersions.V6,
  171. _alias_event(creator, state_key="test.com"),
  172. auth_events,
  173. )
  174. # Per standard auth rules, the member must be in the room.
  175. with self.assertRaises(AuthError):
  176. event_auth.check_auth_rules_for_event(
  177. RoomVersions.V6,
  178. _alias_event(other),
  179. auth_events,
  180. )
  181. def test_msc2209(self):
  182. """
  183. Notifications power levels get checked due to MSC2209.
  184. """
  185. creator = "@creator:example.com"
  186. pleb = "@joiner:example.com"
  187. auth_events = [
  188. _create_event(creator),
  189. _join_event(creator),
  190. _power_levels_event(
  191. creator, {"state_default": "30", "users": {pleb: "30"}}
  192. ),
  193. _join_event(pleb),
  194. ]
  195. # pleb should be able to modify the notifications power level.
  196. event_auth.check_auth_rules_for_event(
  197. RoomVersions.V1,
  198. _power_levels_event(pleb, {"notifications": {"room": 100}}),
  199. auth_events,
  200. )
  201. # But an MSC2209 room rejects this change.
  202. with self.assertRaises(AuthError):
  203. event_auth.check_auth_rules_for_event(
  204. RoomVersions.V6,
  205. _power_levels_event(pleb, {"notifications": {"room": 100}}),
  206. auth_events,
  207. )
  208. def test_join_rules_public(self):
  209. """
  210. Test joining a public room.
  211. """
  212. creator = "@creator:example.com"
  213. pleb = "@joiner:example.com"
  214. auth_events = {
  215. ("m.room.create", ""): _create_event(creator),
  216. ("m.room.member", creator): _join_event(creator),
  217. ("m.room.join_rules", ""): _join_rules_event(creator, "public"),
  218. }
  219. # Check join.
  220. event_auth.check_auth_rules_for_event(
  221. RoomVersions.V6,
  222. _join_event(pleb),
  223. auth_events.values(),
  224. )
  225. # A user cannot be force-joined to a room.
  226. with self.assertRaises(AuthError):
  227. event_auth.check_auth_rules_for_event(
  228. RoomVersions.V6,
  229. _member_event(pleb, "join", sender=creator),
  230. auth_events.values(),
  231. )
  232. # Banned should be rejected.
  233. auth_events[("m.room.member", pleb)] = _member_event(pleb, "ban")
  234. with self.assertRaises(AuthError):
  235. event_auth.check_auth_rules_for_event(
  236. RoomVersions.V6,
  237. _join_event(pleb),
  238. auth_events.values(),
  239. )
  240. # A user who left can re-join.
  241. auth_events[("m.room.member", pleb)] = _member_event(pleb, "leave")
  242. event_auth.check_auth_rules_for_event(
  243. RoomVersions.V6,
  244. _join_event(pleb),
  245. auth_events.values(),
  246. )
  247. # A user can send a join if they're in the room.
  248. auth_events[("m.room.member", pleb)] = _member_event(pleb, "join")
  249. event_auth.check_auth_rules_for_event(
  250. RoomVersions.V6,
  251. _join_event(pleb),
  252. auth_events.values(),
  253. )
  254. # A user can accept an invite.
  255. auth_events[("m.room.member", pleb)] = _member_event(
  256. pleb, "invite", sender=creator
  257. )
  258. event_auth.check_auth_rules_for_event(
  259. RoomVersions.V6,
  260. _join_event(pleb),
  261. auth_events.values(),
  262. )
  263. def test_join_rules_invite(self):
  264. """
  265. Test joining an invite only room.
  266. """
  267. creator = "@creator:example.com"
  268. pleb = "@joiner:example.com"
  269. auth_events = {
  270. ("m.room.create", ""): _create_event(creator),
  271. ("m.room.member", creator): _join_event(creator),
  272. ("m.room.join_rules", ""): _join_rules_event(creator, "invite"),
  273. }
  274. # A join without an invite is rejected.
  275. with self.assertRaises(AuthError):
  276. event_auth.check_auth_rules_for_event(
  277. RoomVersions.V6,
  278. _join_event(pleb),
  279. auth_events.values(),
  280. )
  281. # A user cannot be force-joined to a room.
  282. with self.assertRaises(AuthError):
  283. event_auth.check_auth_rules_for_event(
  284. RoomVersions.V6,
  285. _member_event(pleb, "join", sender=creator),
  286. auth_events.values(),
  287. )
  288. # Banned should be rejected.
  289. auth_events[("m.room.member", pleb)] = _member_event(pleb, "ban")
  290. with self.assertRaises(AuthError):
  291. event_auth.check_auth_rules_for_event(
  292. RoomVersions.V6,
  293. _join_event(pleb),
  294. auth_events.values(),
  295. )
  296. # A user who left cannot re-join.
  297. auth_events[("m.room.member", pleb)] = _member_event(pleb, "leave")
  298. with self.assertRaises(AuthError):
  299. event_auth.check_auth_rules_for_event(
  300. RoomVersions.V6,
  301. _join_event(pleb),
  302. auth_events.values(),
  303. )
  304. # A user can send a join if they're in the room.
  305. auth_events[("m.room.member", pleb)] = _member_event(pleb, "join")
  306. event_auth.check_auth_rules_for_event(
  307. RoomVersions.V6,
  308. _join_event(pleb),
  309. auth_events.values(),
  310. )
  311. # A user can accept an invite.
  312. auth_events[("m.room.member", pleb)] = _member_event(
  313. pleb, "invite", sender=creator
  314. )
  315. event_auth.check_auth_rules_for_event(
  316. RoomVersions.V6,
  317. _join_event(pleb),
  318. auth_events.values(),
  319. )
  320. def test_join_rules_msc3083_restricted(self):
  321. """
  322. Test joining a restricted room from MSC3083.
  323. This is similar to the public test, but has some additional checks on
  324. signatures.
  325. The checks which care about signatures fake them by simply adding an
  326. object of the proper form, not generating valid signatures.
  327. """
  328. creator = "@creator:example.com"
  329. pleb = "@joiner:example.com"
  330. auth_events = {
  331. ("m.room.create", ""): _create_event(creator),
  332. ("m.room.member", creator): _join_event(creator),
  333. ("m.room.power_levels", ""): _power_levels_event(creator, {"invite": 0}),
  334. ("m.room.join_rules", ""): _join_rules_event(creator, "restricted"),
  335. }
  336. # Older room versions don't understand this join rule
  337. with self.assertRaises(AuthError):
  338. event_auth.check_auth_rules_for_event(
  339. RoomVersions.V6,
  340. _join_event(pleb),
  341. auth_events.values(),
  342. )
  343. # A properly formatted join event should work.
  344. authorised_join_event = _join_event(
  345. pleb,
  346. additional_content={
  347. EventContentFields.AUTHORISING_USER: "@creator:example.com"
  348. },
  349. )
  350. event_auth.check_auth_rules_for_event(
  351. RoomVersions.V8,
  352. authorised_join_event,
  353. auth_events.values(),
  354. )
  355. # A join issued by a specific user works (i.e. the power level checks
  356. # are done properly).
  357. pl_auth_events = auth_events.copy()
  358. pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
  359. creator, {"invite": 100, "users": {"@inviter:foo.test": 150}}
  360. )
  361. pl_auth_events[("m.room.member", "@inviter:foo.test")] = _join_event(
  362. "@inviter:foo.test"
  363. )
  364. event_auth.check_auth_rules_for_event(
  365. RoomVersions.V8,
  366. _join_event(
  367. pleb,
  368. additional_content={
  369. EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
  370. },
  371. ),
  372. pl_auth_events.values(),
  373. )
  374. # A join which is missing an authorised server is rejected.
  375. with self.assertRaises(AuthError):
  376. event_auth.check_auth_rules_for_event(
  377. RoomVersions.V8,
  378. _join_event(pleb),
  379. auth_events.values(),
  380. )
  381. # An join authorised by a user who is not in the room is rejected.
  382. pl_auth_events = auth_events.copy()
  383. pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
  384. creator, {"invite": 100, "users": {"@other:example.com": 150}}
  385. )
  386. with self.assertRaises(AuthError):
  387. event_auth.check_auth_rules_for_event(
  388. RoomVersions.V8,
  389. _join_event(
  390. pleb,
  391. additional_content={
  392. EventContentFields.AUTHORISING_USER: "@other:example.com"
  393. },
  394. ),
  395. auth_events.values(),
  396. )
  397. # A user cannot be force-joined to a room. (This uses an event which
  398. # *would* be valid, but is sent be a different user.)
  399. with self.assertRaises(AuthError):
  400. event_auth.check_auth_rules_for_event(
  401. RoomVersions.V8,
  402. _member_event(
  403. pleb,
  404. "join",
  405. sender=creator,
  406. additional_content={
  407. EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
  408. },
  409. ),
  410. auth_events.values(),
  411. )
  412. # Banned should be rejected.
  413. auth_events[("m.room.member", pleb)] = _member_event(pleb, "ban")
  414. with self.assertRaises(AuthError):
  415. event_auth.check_auth_rules_for_event(
  416. RoomVersions.V8,
  417. authorised_join_event,
  418. auth_events.values(),
  419. )
  420. # A user who left can re-join.
  421. auth_events[("m.room.member", pleb)] = _member_event(pleb, "leave")
  422. event_auth.check_auth_rules_for_event(
  423. RoomVersions.V8,
  424. authorised_join_event,
  425. auth_events.values(),
  426. )
  427. # A user can send a join if they're in the room. (This doesn't need to
  428. # be authorised since the user is already joined.)
  429. auth_events[("m.room.member", pleb)] = _member_event(pleb, "join")
  430. event_auth.check_auth_rules_for_event(
  431. RoomVersions.V8,
  432. _join_event(pleb),
  433. auth_events.values(),
  434. )
  435. # A user can accept an invite. (This doesn't need to be authorised since
  436. # the user was invited.)
  437. auth_events[("m.room.member", pleb)] = _member_event(
  438. pleb, "invite", sender=creator
  439. )
  440. event_auth.check_auth_rules_for_event(
  441. RoomVersions.V8,
  442. _join_event(pleb),
  443. auth_events.values(),
  444. )
  445. # helpers for making events
  446. TEST_ROOM_ID = "!test:room"
  447. def _create_event(user_id: str) -> EventBase:
  448. return make_event_from_dict(
  449. {
  450. "room_id": TEST_ROOM_ID,
  451. "event_id": _get_event_id(),
  452. "type": "m.room.create",
  453. "state_key": "",
  454. "sender": user_id,
  455. "content": {"creator": user_id},
  456. }
  457. )
  458. def _member_event(
  459. user_id: str,
  460. membership: str,
  461. sender: Optional[str] = None,
  462. additional_content: Optional[dict] = None,
  463. ) -> EventBase:
  464. return make_event_from_dict(
  465. {
  466. "room_id": TEST_ROOM_ID,
  467. "event_id": _get_event_id(),
  468. "type": "m.room.member",
  469. "sender": sender or user_id,
  470. "state_key": user_id,
  471. "content": {"membership": membership, **(additional_content or {})},
  472. "prev_events": [],
  473. }
  474. )
  475. def _join_event(user_id: str, additional_content: Optional[dict] = None) -> EventBase:
  476. return _member_event(user_id, "join", additional_content=additional_content)
  477. def _power_levels_event(sender: str, content: JsonDict) -> EventBase:
  478. return make_event_from_dict(
  479. {
  480. "room_id": TEST_ROOM_ID,
  481. "event_id": _get_event_id(),
  482. "type": "m.room.power_levels",
  483. "sender": sender,
  484. "state_key": "",
  485. "content": content,
  486. }
  487. )
  488. def _alias_event(sender: str, **kwargs) -> EventBase:
  489. data = {
  490. "room_id": TEST_ROOM_ID,
  491. "event_id": _get_event_id(),
  492. "type": "m.room.aliases",
  493. "sender": sender,
  494. "state_key": get_domain_from_id(sender),
  495. "content": {"aliases": []},
  496. }
  497. data.update(**kwargs)
  498. return make_event_from_dict(data)
  499. def _random_state_event(sender: str) -> EventBase:
  500. return make_event_from_dict(
  501. {
  502. "room_id": TEST_ROOM_ID,
  503. "event_id": _get_event_id(),
  504. "type": "test.state",
  505. "sender": sender,
  506. "state_key": "",
  507. "content": {"membership": "join"},
  508. }
  509. )
  510. def _join_rules_event(sender: str, join_rule: str) -> EventBase:
  511. return make_event_from_dict(
  512. {
  513. "room_id": TEST_ROOM_ID,
  514. "event_id": _get_event_id(),
  515. "type": "m.room.join_rules",
  516. "sender": sender,
  517. "state_key": "",
  518. "content": {
  519. "join_rule": join_rule,
  520. },
  521. }
  522. )
  523. event_count = 0
  524. def _get_event_id() -> str:
  525. global event_count
  526. c = event_count
  527. event_count += 1
  528. return "!%i:example.com" % (c,)