test_media.py 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961
  1. # Copyright 2020 Dirk Klimpel
  2. # Copyright 2021 The Matrix.org Foundation C.I.C.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License");
  5. # you may not use this file except in compliance with the License.
  6. # You may obtain a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS,
  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License.
  15. import os
  16. from http import HTTPStatus
  17. from parameterized import parameterized
  18. from twisted.test.proto_helpers import MemoryReactor
  19. import synapse.rest.admin
  20. from synapse.api.errors import Codes
  21. from synapse.rest.client import login, profile, room
  22. from synapse.rest.media.v1.filepath import MediaFilePaths
  23. from synapse.server import HomeServer
  24. from synapse.util import Clock
  25. from tests import unittest
  26. from tests.server import FakeSite, make_request
  27. from tests.test_utils import SMALL_PNG
  28. VALID_TIMESTAMP = 1609459200000 # 2021-01-01 in milliseconds
  29. INVALID_TIMESTAMP_IN_S = 1893456000 # 2030-01-01 in seconds
  30. class DeleteMediaByIDTestCase(unittest.HomeserverTestCase):
  31. servlets = [
  32. synapse.rest.admin.register_servlets,
  33. synapse.rest.admin.register_servlets_for_media_repo,
  34. login.register_servlets,
  35. ]
  36. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  37. self.media_repo = hs.get_media_repository_resource()
  38. self.server_name = hs.hostname
  39. self.admin_user = self.register_user("admin", "pass", admin=True)
  40. self.admin_user_tok = self.login("admin", "pass")
  41. self.filepaths = MediaFilePaths(hs.config.media.media_store_path)
  42. def test_no_auth(self) -> None:
  43. """
  44. Try to delete media without authentication.
  45. """
  46. url = "/_synapse/admin/v1/media/%s/%s" % (self.server_name, "12345")
  47. channel = self.make_request("DELETE", url, b"{}")
  48. self.assertEqual(
  49. HTTPStatus.UNAUTHORIZED,
  50. channel.code,
  51. msg=channel.json_body,
  52. )
  53. self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
  54. def test_requester_is_no_admin(self) -> None:
  55. """
  56. If the user is not a server admin, an error is returned.
  57. """
  58. self.other_user = self.register_user("user", "pass")
  59. self.other_user_token = self.login("user", "pass")
  60. url = "/_synapse/admin/v1/media/%s/%s" % (self.server_name, "12345")
  61. channel = self.make_request(
  62. "DELETE",
  63. url,
  64. access_token=self.other_user_token,
  65. )
  66. self.assertEqual(
  67. HTTPStatus.FORBIDDEN,
  68. channel.code,
  69. msg=channel.json_body,
  70. )
  71. self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
  72. def test_media_does_not_exist(self) -> None:
  73. """
  74. Tests that a lookup for a media that does not exist returns a HTTPStatus.NOT_FOUND
  75. """
  76. url = "/_synapse/admin/v1/media/%s/%s" % (self.server_name, "12345")
  77. channel = self.make_request(
  78. "DELETE",
  79. url,
  80. access_token=self.admin_user_tok,
  81. )
  82. self.assertEqual(HTTPStatus.NOT_FOUND, channel.code, msg=channel.json_body)
  83. self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
  84. def test_media_is_not_local(self) -> None:
  85. """
  86. Tests that a lookup for a media that is not a local returns a HTTPStatus.BAD_REQUEST
  87. """
  88. url = "/_synapse/admin/v1/media/%s/%s" % ("unknown_domain", "12345")
  89. channel = self.make_request(
  90. "DELETE",
  91. url,
  92. access_token=self.admin_user_tok,
  93. )
  94. self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code, msg=channel.json_body)
  95. self.assertEqual("Can only delete local media", channel.json_body["error"])
  96. def test_delete_media(self) -> None:
  97. """
  98. Tests that delete a media is successfully
  99. """
  100. download_resource = self.media_repo.children[b"download"]
  101. upload_resource = self.media_repo.children[b"upload"]
  102. # Upload some media into the room
  103. response = self.helper.upload_media(
  104. upload_resource,
  105. SMALL_PNG,
  106. tok=self.admin_user_tok,
  107. expect_code=HTTPStatus.OK,
  108. )
  109. # Extract media ID from the response
  110. server_and_media_id = response["content_uri"][6:] # Cut off 'mxc://'
  111. server_name, media_id = server_and_media_id.split("/")
  112. self.assertEqual(server_name, self.server_name)
  113. # Attempt to access media
  114. channel = make_request(
  115. self.reactor,
  116. FakeSite(download_resource, self.reactor),
  117. "GET",
  118. server_and_media_id,
  119. shorthand=False,
  120. access_token=self.admin_user_tok,
  121. )
  122. # Should be successful
  123. self.assertEqual(
  124. HTTPStatus.OK,
  125. channel.code,
  126. msg=(
  127. "Expected to receive a HTTPStatus.OK on accessing media: %s"
  128. % server_and_media_id
  129. ),
  130. )
  131. # Test if the file exists
  132. local_path = self.filepaths.local_media_filepath(media_id)
  133. self.assertTrue(os.path.exists(local_path))
  134. url = "/_synapse/admin/v1/media/%s/%s" % (self.server_name, media_id)
  135. # Delete media
  136. channel = self.make_request(
  137. "DELETE",
  138. url,
  139. access_token=self.admin_user_tok,
  140. )
  141. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  142. self.assertEqual(1, channel.json_body["total"])
  143. self.assertEqual(
  144. media_id,
  145. channel.json_body["deleted_media"][0],
  146. )
  147. # Attempt to access media
  148. channel = make_request(
  149. self.reactor,
  150. FakeSite(download_resource, self.reactor),
  151. "GET",
  152. server_and_media_id,
  153. shorthand=False,
  154. access_token=self.admin_user_tok,
  155. )
  156. self.assertEqual(
  157. HTTPStatus.NOT_FOUND,
  158. channel.code,
  159. msg=(
  160. "Expected to receive a HTTPStatus.NOT_FOUND on accessing deleted media: %s"
  161. % server_and_media_id
  162. ),
  163. )
  164. # Test if the file is deleted
  165. self.assertFalse(os.path.exists(local_path))
  166. class DeleteMediaByDateSizeTestCase(unittest.HomeserverTestCase):
  167. servlets = [
  168. synapse.rest.admin.register_servlets,
  169. synapse.rest.admin.register_servlets_for_media_repo,
  170. login.register_servlets,
  171. profile.register_servlets,
  172. room.register_servlets,
  173. ]
  174. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  175. self.media_repo = hs.get_media_repository_resource()
  176. self.server_name = hs.hostname
  177. self.admin_user = self.register_user("admin", "pass", admin=True)
  178. self.admin_user_tok = self.login("admin", "pass")
  179. self.filepaths = MediaFilePaths(hs.config.media.media_store_path)
  180. self.url = "/_synapse/admin/v1/media/%s/delete" % self.server_name
  181. # Move clock up to somewhat realistic time
  182. self.reactor.advance(1000000000)
  183. def test_no_auth(self) -> None:
  184. """
  185. Try to delete media without authentication.
  186. """
  187. channel = self.make_request("POST", self.url, b"{}")
  188. self.assertEqual(
  189. HTTPStatus.UNAUTHORIZED,
  190. channel.code,
  191. msg=channel.json_body,
  192. )
  193. self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
  194. def test_requester_is_no_admin(self) -> None:
  195. """
  196. If the user is not a server admin, an error is returned.
  197. """
  198. self.other_user = self.register_user("user", "pass")
  199. self.other_user_token = self.login("user", "pass")
  200. channel = self.make_request(
  201. "POST",
  202. self.url,
  203. access_token=self.other_user_token,
  204. )
  205. self.assertEqual(
  206. HTTPStatus.FORBIDDEN,
  207. channel.code,
  208. msg=channel.json_body,
  209. )
  210. self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
  211. def test_media_is_not_local(self) -> None:
  212. """
  213. Tests that a lookup for media that is not local returns a HTTPStatus.BAD_REQUEST
  214. """
  215. url = "/_synapse/admin/v1/media/%s/delete" % "unknown_domain"
  216. channel = self.make_request(
  217. "POST",
  218. url + f"?before_ts={VALID_TIMESTAMP}",
  219. access_token=self.admin_user_tok,
  220. )
  221. self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code, msg=channel.json_body)
  222. self.assertEqual("Can only delete local media", channel.json_body["error"])
  223. def test_missing_parameter(self) -> None:
  224. """
  225. If the parameter `before_ts` is missing, an error is returned.
  226. """
  227. channel = self.make_request(
  228. "POST",
  229. self.url,
  230. access_token=self.admin_user_tok,
  231. )
  232. self.assertEqual(
  233. HTTPStatus.BAD_REQUEST,
  234. channel.code,
  235. msg=channel.json_body,
  236. )
  237. self.assertEqual(Codes.MISSING_PARAM, channel.json_body["errcode"])
  238. self.assertEqual(
  239. "Missing integer query parameter 'before_ts'", channel.json_body["error"]
  240. )
  241. def test_invalid_parameter(self) -> None:
  242. """
  243. If parameters are invalid, an error is returned.
  244. """
  245. channel = self.make_request(
  246. "POST",
  247. self.url + "?before_ts=-1234",
  248. access_token=self.admin_user_tok,
  249. )
  250. self.assertEqual(
  251. HTTPStatus.BAD_REQUEST,
  252. channel.code,
  253. msg=channel.json_body,
  254. )
  255. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  256. self.assertEqual(
  257. "Query parameter before_ts must be a positive integer.",
  258. channel.json_body["error"],
  259. )
  260. channel = self.make_request(
  261. "POST",
  262. self.url + f"?before_ts={INVALID_TIMESTAMP_IN_S}",
  263. access_token=self.admin_user_tok,
  264. )
  265. self.assertEqual(
  266. HTTPStatus.BAD_REQUEST,
  267. channel.code,
  268. msg=channel.json_body,
  269. )
  270. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  271. self.assertEqual(
  272. "Query parameter before_ts you provided is from the year 1970. "
  273. + "Double check that you are providing a timestamp in milliseconds.",
  274. channel.json_body["error"],
  275. )
  276. channel = self.make_request(
  277. "POST",
  278. self.url + f"?before_ts={VALID_TIMESTAMP}&size_gt=-1234",
  279. access_token=self.admin_user_tok,
  280. )
  281. self.assertEqual(
  282. HTTPStatus.BAD_REQUEST,
  283. channel.code,
  284. msg=channel.json_body,
  285. )
  286. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  287. self.assertEqual(
  288. "Query parameter size_gt must be a string representing a positive integer.",
  289. channel.json_body["error"],
  290. )
  291. channel = self.make_request(
  292. "POST",
  293. self.url + f"?before_ts={VALID_TIMESTAMP}&keep_profiles=not_bool",
  294. access_token=self.admin_user_tok,
  295. )
  296. self.assertEqual(
  297. HTTPStatus.BAD_REQUEST,
  298. channel.code,
  299. msg=channel.json_body,
  300. )
  301. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  302. self.assertEqual(
  303. "Boolean query parameter 'keep_profiles' must be one of ['true', 'false']",
  304. channel.json_body["error"],
  305. )
  306. def test_delete_media_never_accessed(self) -> None:
  307. """
  308. Tests that media deleted if it is older than `before_ts` and never accessed
  309. `last_access_ts` is `NULL` and `created_ts` < `before_ts`
  310. """
  311. # upload and do not access
  312. server_and_media_id = self._create_media()
  313. self.pump(1.0)
  314. # test that the file exists
  315. media_id = server_and_media_id.split("/")[1]
  316. local_path = self.filepaths.local_media_filepath(media_id)
  317. self.assertTrue(os.path.exists(local_path))
  318. # timestamp after upload/create
  319. now_ms = self.clock.time_msec()
  320. channel = self.make_request(
  321. "POST",
  322. self.url + "?before_ts=" + str(now_ms),
  323. access_token=self.admin_user_tok,
  324. )
  325. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  326. self.assertEqual(1, channel.json_body["total"])
  327. self.assertEqual(
  328. media_id,
  329. channel.json_body["deleted_media"][0],
  330. )
  331. self._access_media(server_and_media_id, False)
  332. def test_keep_media_by_date(self) -> None:
  333. """
  334. Tests that media is not deleted if it is newer than `before_ts`
  335. """
  336. # timestamp before upload
  337. now_ms = self.clock.time_msec()
  338. server_and_media_id = self._create_media()
  339. self._access_media(server_and_media_id)
  340. channel = self.make_request(
  341. "POST",
  342. self.url + "?before_ts=" + str(now_ms),
  343. access_token=self.admin_user_tok,
  344. )
  345. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  346. self.assertEqual(0, channel.json_body["total"])
  347. self._access_media(server_and_media_id)
  348. # timestamp after upload
  349. now_ms = self.clock.time_msec()
  350. channel = self.make_request(
  351. "POST",
  352. self.url + "?before_ts=" + str(now_ms),
  353. access_token=self.admin_user_tok,
  354. )
  355. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  356. self.assertEqual(1, channel.json_body["total"])
  357. self.assertEqual(
  358. server_and_media_id.split("/")[1],
  359. channel.json_body["deleted_media"][0],
  360. )
  361. self._access_media(server_and_media_id, False)
  362. def test_keep_media_by_size(self) -> None:
  363. """
  364. Tests that media is not deleted if its size is smaller than or equal
  365. to `size_gt`
  366. """
  367. server_and_media_id = self._create_media()
  368. self._access_media(server_and_media_id)
  369. now_ms = self.clock.time_msec()
  370. channel = self.make_request(
  371. "POST",
  372. self.url + "?before_ts=" + str(now_ms) + "&size_gt=67",
  373. access_token=self.admin_user_tok,
  374. )
  375. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  376. self.assertEqual(0, channel.json_body["total"])
  377. self._access_media(server_and_media_id)
  378. now_ms = self.clock.time_msec()
  379. channel = self.make_request(
  380. "POST",
  381. self.url + "?before_ts=" + str(now_ms) + "&size_gt=66",
  382. access_token=self.admin_user_tok,
  383. )
  384. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  385. self.assertEqual(1, channel.json_body["total"])
  386. self.assertEqual(
  387. server_and_media_id.split("/")[1],
  388. channel.json_body["deleted_media"][0],
  389. )
  390. self._access_media(server_and_media_id, False)
  391. def test_keep_media_by_user_avatar(self) -> None:
  392. """
  393. Tests that we do not delete media if is used as a user avatar
  394. Tests parameter `keep_profiles`
  395. """
  396. server_and_media_id = self._create_media()
  397. self._access_media(server_and_media_id)
  398. # set media as avatar
  399. channel = self.make_request(
  400. "PUT",
  401. "/profile/%s/avatar_url" % (self.admin_user,),
  402. content={"avatar_url": "mxc://%s" % (server_and_media_id,)},
  403. access_token=self.admin_user_tok,
  404. )
  405. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  406. now_ms = self.clock.time_msec()
  407. channel = self.make_request(
  408. "POST",
  409. self.url + "?before_ts=" + str(now_ms) + "&keep_profiles=true",
  410. access_token=self.admin_user_tok,
  411. )
  412. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  413. self.assertEqual(0, channel.json_body["total"])
  414. self._access_media(server_and_media_id)
  415. now_ms = self.clock.time_msec()
  416. channel = self.make_request(
  417. "POST",
  418. self.url + "?before_ts=" + str(now_ms) + "&keep_profiles=false",
  419. access_token=self.admin_user_tok,
  420. )
  421. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  422. self.assertEqual(1, channel.json_body["total"])
  423. self.assertEqual(
  424. server_and_media_id.split("/")[1],
  425. channel.json_body["deleted_media"][0],
  426. )
  427. self._access_media(server_and_media_id, False)
  428. def test_keep_media_by_room_avatar(self) -> None:
  429. """
  430. Tests that we do not delete media if it is used as a room avatar
  431. Tests parameter `keep_profiles`
  432. """
  433. server_and_media_id = self._create_media()
  434. self._access_media(server_and_media_id)
  435. # set media as room avatar
  436. room_id = self.helper.create_room_as(self.admin_user, tok=self.admin_user_tok)
  437. channel = self.make_request(
  438. "PUT",
  439. "/rooms/%s/state/m.room.avatar" % (room_id,),
  440. content={"url": "mxc://%s" % (server_and_media_id,)},
  441. access_token=self.admin_user_tok,
  442. )
  443. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  444. now_ms = self.clock.time_msec()
  445. channel = self.make_request(
  446. "POST",
  447. self.url + "?before_ts=" + str(now_ms) + "&keep_profiles=true",
  448. access_token=self.admin_user_tok,
  449. )
  450. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  451. self.assertEqual(0, channel.json_body["total"])
  452. self._access_media(server_and_media_id)
  453. now_ms = self.clock.time_msec()
  454. channel = self.make_request(
  455. "POST",
  456. self.url + "?before_ts=" + str(now_ms) + "&keep_profiles=false",
  457. access_token=self.admin_user_tok,
  458. )
  459. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  460. self.assertEqual(1, channel.json_body["total"])
  461. self.assertEqual(
  462. server_and_media_id.split("/")[1],
  463. channel.json_body["deleted_media"][0],
  464. )
  465. self._access_media(server_and_media_id, False)
  466. def _create_media(self) -> str:
  467. """
  468. Create a media and return media_id and server_and_media_id
  469. """
  470. upload_resource = self.media_repo.children[b"upload"]
  471. # Upload some media into the room
  472. response = self.helper.upload_media(
  473. upload_resource,
  474. SMALL_PNG,
  475. tok=self.admin_user_tok,
  476. expect_code=HTTPStatus.OK,
  477. )
  478. # Extract media ID from the response
  479. server_and_media_id = response["content_uri"][6:] # Cut off 'mxc://'
  480. server_name = server_and_media_id.split("/")[0]
  481. # Check that new media is a local and not remote
  482. self.assertEqual(server_name, self.server_name)
  483. return server_and_media_id
  484. def _access_media(
  485. self, server_and_media_id: str, expect_success: bool = True
  486. ) -> None:
  487. """
  488. Try to access a media and check the result
  489. """
  490. download_resource = self.media_repo.children[b"download"]
  491. media_id = server_and_media_id.split("/")[1]
  492. local_path = self.filepaths.local_media_filepath(media_id)
  493. channel = make_request(
  494. self.reactor,
  495. FakeSite(download_resource, self.reactor),
  496. "GET",
  497. server_and_media_id,
  498. shorthand=False,
  499. access_token=self.admin_user_tok,
  500. )
  501. if expect_success:
  502. self.assertEqual(
  503. HTTPStatus.OK,
  504. channel.code,
  505. msg=(
  506. "Expected to receive a HTTPStatus.OK on accessing media: %s"
  507. % server_and_media_id
  508. ),
  509. )
  510. # Test that the file exists
  511. self.assertTrue(os.path.exists(local_path))
  512. else:
  513. self.assertEqual(
  514. HTTPStatus.NOT_FOUND,
  515. channel.code,
  516. msg=(
  517. "Expected to receive a HTTPStatus.NOT_FOUND on accessing deleted media: %s"
  518. % (server_and_media_id)
  519. ),
  520. )
  521. # Test that the file is deleted
  522. self.assertFalse(os.path.exists(local_path))
  523. class QuarantineMediaByIDTestCase(unittest.HomeserverTestCase):
  524. servlets = [
  525. synapse.rest.admin.register_servlets,
  526. synapse.rest.admin.register_servlets_for_media_repo,
  527. login.register_servlets,
  528. ]
  529. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  530. media_repo = hs.get_media_repository_resource()
  531. self.store = hs.get_datastores().main
  532. self.server_name = hs.hostname
  533. self.admin_user = self.register_user("admin", "pass", admin=True)
  534. self.admin_user_tok = self.login("admin", "pass")
  535. # Create media
  536. upload_resource = media_repo.children[b"upload"]
  537. # Upload some media into the room
  538. response = self.helper.upload_media(
  539. upload_resource,
  540. SMALL_PNG,
  541. tok=self.admin_user_tok,
  542. expect_code=HTTPStatus.OK,
  543. )
  544. # Extract media ID from the response
  545. server_and_media_id = response["content_uri"][6:] # Cut off 'mxc://'
  546. self.media_id = server_and_media_id.split("/")[1]
  547. self.url = "/_synapse/admin/v1/media/%s/%s/%s"
  548. @parameterized.expand(["quarantine", "unquarantine"])
  549. def test_no_auth(self, action: str) -> None:
  550. """
  551. Try to protect media without authentication.
  552. """
  553. channel = self.make_request(
  554. "POST",
  555. self.url % (action, self.server_name, self.media_id),
  556. b"{}",
  557. )
  558. self.assertEqual(
  559. HTTPStatus.UNAUTHORIZED,
  560. channel.code,
  561. msg=channel.json_body,
  562. )
  563. self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
  564. @parameterized.expand(["quarantine", "unquarantine"])
  565. def test_requester_is_no_admin(self, action: str) -> None:
  566. """
  567. If the user is not a server admin, an error is returned.
  568. """
  569. self.other_user = self.register_user("user", "pass")
  570. self.other_user_token = self.login("user", "pass")
  571. channel = self.make_request(
  572. "POST",
  573. self.url % (action, self.server_name, self.media_id),
  574. access_token=self.other_user_token,
  575. )
  576. self.assertEqual(
  577. HTTPStatus.FORBIDDEN,
  578. channel.code,
  579. msg=channel.json_body,
  580. )
  581. self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
  582. def test_quarantine_media(self) -> None:
  583. """
  584. Tests that quarantining and remove from quarantine a media is successfully
  585. """
  586. media_info = self.get_success(self.store.get_local_media(self.media_id))
  587. assert media_info is not None
  588. self.assertFalse(media_info["quarantined_by"])
  589. # quarantining
  590. channel = self.make_request(
  591. "POST",
  592. self.url % ("quarantine", self.server_name, self.media_id),
  593. access_token=self.admin_user_tok,
  594. )
  595. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  596. self.assertFalse(channel.json_body)
  597. media_info = self.get_success(self.store.get_local_media(self.media_id))
  598. assert media_info is not None
  599. self.assertTrue(media_info["quarantined_by"])
  600. # remove from quarantine
  601. channel = self.make_request(
  602. "POST",
  603. self.url % ("unquarantine", self.server_name, self.media_id),
  604. access_token=self.admin_user_tok,
  605. )
  606. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  607. self.assertFalse(channel.json_body)
  608. media_info = self.get_success(self.store.get_local_media(self.media_id))
  609. assert media_info is not None
  610. self.assertFalse(media_info["quarantined_by"])
  611. def test_quarantine_protected_media(self) -> None:
  612. """
  613. Tests that quarantining from protected media fails
  614. """
  615. # protect
  616. self.get_success(self.store.mark_local_media_as_safe(self.media_id, safe=True))
  617. # verify protection
  618. media_info = self.get_success(self.store.get_local_media(self.media_id))
  619. assert media_info is not None
  620. self.assertTrue(media_info["safe_from_quarantine"])
  621. # quarantining
  622. channel = self.make_request(
  623. "POST",
  624. self.url % ("quarantine", self.server_name, self.media_id),
  625. access_token=self.admin_user_tok,
  626. )
  627. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  628. self.assertFalse(channel.json_body)
  629. # verify that is not in quarantine
  630. media_info = self.get_success(self.store.get_local_media(self.media_id))
  631. assert media_info is not None
  632. self.assertFalse(media_info["quarantined_by"])
  633. class ProtectMediaByIDTestCase(unittest.HomeserverTestCase):
  634. servlets = [
  635. synapse.rest.admin.register_servlets,
  636. synapse.rest.admin.register_servlets_for_media_repo,
  637. login.register_servlets,
  638. ]
  639. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  640. media_repo = hs.get_media_repository_resource()
  641. self.store = hs.get_datastores().main
  642. self.admin_user = self.register_user("admin", "pass", admin=True)
  643. self.admin_user_tok = self.login("admin", "pass")
  644. # Create media
  645. upload_resource = media_repo.children[b"upload"]
  646. # Upload some media into the room
  647. response = self.helper.upload_media(
  648. upload_resource,
  649. SMALL_PNG,
  650. tok=self.admin_user_tok,
  651. expect_code=HTTPStatus.OK,
  652. )
  653. # Extract media ID from the response
  654. server_and_media_id = response["content_uri"][6:] # Cut off 'mxc://'
  655. self.media_id = server_and_media_id.split("/")[1]
  656. self.url = "/_synapse/admin/v1/media/%s/%s"
  657. @parameterized.expand(["protect", "unprotect"])
  658. def test_no_auth(self, action: str) -> None:
  659. """
  660. Try to protect media without authentication.
  661. """
  662. channel = self.make_request("POST", self.url % (action, self.media_id), b"{}")
  663. self.assertEqual(
  664. HTTPStatus.UNAUTHORIZED,
  665. channel.code,
  666. msg=channel.json_body,
  667. )
  668. self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
  669. @parameterized.expand(["protect", "unprotect"])
  670. def test_requester_is_no_admin(self, action: str) -> None:
  671. """
  672. If the user is not a server admin, an error is returned.
  673. """
  674. self.other_user = self.register_user("user", "pass")
  675. self.other_user_token = self.login("user", "pass")
  676. channel = self.make_request(
  677. "POST",
  678. self.url % (action, self.media_id),
  679. access_token=self.other_user_token,
  680. )
  681. self.assertEqual(
  682. HTTPStatus.FORBIDDEN,
  683. channel.code,
  684. msg=channel.json_body,
  685. )
  686. self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
  687. def test_protect_media(self) -> None:
  688. """
  689. Tests that protect and unprotect a media is successfully
  690. """
  691. media_info = self.get_success(self.store.get_local_media(self.media_id))
  692. assert media_info is not None
  693. self.assertFalse(media_info["safe_from_quarantine"])
  694. # protect
  695. channel = self.make_request(
  696. "POST",
  697. self.url % ("protect", self.media_id),
  698. access_token=self.admin_user_tok,
  699. )
  700. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  701. self.assertFalse(channel.json_body)
  702. media_info = self.get_success(self.store.get_local_media(self.media_id))
  703. assert media_info is not None
  704. self.assertTrue(media_info["safe_from_quarantine"])
  705. # unprotect
  706. channel = self.make_request(
  707. "POST",
  708. self.url % ("unprotect", self.media_id),
  709. access_token=self.admin_user_tok,
  710. )
  711. self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
  712. self.assertFalse(channel.json_body)
  713. media_info = self.get_success(self.store.get_local_media(self.media_id))
  714. assert media_info is not None
  715. self.assertFalse(media_info["safe_from_quarantine"])
  716. class PurgeMediaCacheTestCase(unittest.HomeserverTestCase):
  717. servlets = [
  718. synapse.rest.admin.register_servlets,
  719. synapse.rest.admin.register_servlets_for_media_repo,
  720. login.register_servlets,
  721. profile.register_servlets,
  722. room.register_servlets,
  723. ]
  724. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  725. self.media_repo = hs.get_media_repository_resource()
  726. self.server_name = hs.hostname
  727. self.admin_user = self.register_user("admin", "pass", admin=True)
  728. self.admin_user_tok = self.login("admin", "pass")
  729. self.filepaths = MediaFilePaths(hs.config.media.media_store_path)
  730. self.url = "/_synapse/admin/v1/purge_media_cache"
  731. def test_no_auth(self) -> None:
  732. """
  733. Try to delete media without authentication.
  734. """
  735. channel = self.make_request("POST", self.url, b"{}")
  736. self.assertEqual(
  737. HTTPStatus.UNAUTHORIZED,
  738. channel.code,
  739. msg=channel.json_body,
  740. )
  741. self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
  742. def test_requester_is_not_admin(self) -> None:
  743. """
  744. If the user is not a server admin, an error is returned.
  745. """
  746. self.other_user = self.register_user("user", "pass")
  747. self.other_user_token = self.login("user", "pass")
  748. channel = self.make_request(
  749. "POST",
  750. self.url,
  751. access_token=self.other_user_token,
  752. )
  753. self.assertEqual(
  754. HTTPStatus.FORBIDDEN,
  755. channel.code,
  756. msg=channel.json_body,
  757. )
  758. self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
  759. def test_invalid_parameter(self) -> None:
  760. """
  761. If parameters are invalid, an error is returned.
  762. """
  763. channel = self.make_request(
  764. "POST",
  765. self.url + "?before_ts=-1234",
  766. access_token=self.admin_user_tok,
  767. )
  768. self.assertEqual(
  769. HTTPStatus.BAD_REQUEST,
  770. channel.code,
  771. msg=channel.json_body,
  772. )
  773. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  774. self.assertEqual(
  775. "Query parameter before_ts must be a positive integer.",
  776. channel.json_body["error"],
  777. )
  778. channel = self.make_request(
  779. "POST",
  780. self.url + f"?before_ts={INVALID_TIMESTAMP_IN_S}",
  781. access_token=self.admin_user_tok,
  782. )
  783. self.assertEqual(
  784. HTTPStatus.BAD_REQUEST,
  785. channel.code,
  786. msg=channel.json_body,
  787. )
  788. self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
  789. self.assertEqual(
  790. "Query parameter before_ts you provided is from the year 1970. "
  791. + "Double check that you are providing a timestamp in milliseconds.",
  792. channel.json_body["error"],
  793. )