test_device.py 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484
  1. # Copyright 2016 OpenMarket Ltd
  2. # Copyright 2018 New Vector Ltd
  3. # Copyright 2020 The Matrix.org Foundation C.I.C.
  4. #
  5. # Licensed under the Apache License, Version 2.0 (the "License");
  6. # you may not use this file except in compliance with the License.
  7. # You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. from typing import Optional
  17. from unittest import mock
  18. from twisted.test.proto_helpers import MemoryReactor
  19. from synapse.api.constants import RoomEncryptionAlgorithms
  20. from synapse.api.errors import NotFoundError, SynapseError
  21. from synapse.appservice import ApplicationService
  22. from synapse.handlers.device import MAX_DEVICE_DISPLAY_NAME_LEN, DeviceHandler
  23. from synapse.server import HomeServer
  24. from synapse.storage.databases.main.appservice import _make_exclusive_regex
  25. from synapse.types import JsonDict
  26. from synapse.util import Clock
  27. from tests import unittest
  28. from tests.test_utils import make_awaitable
  29. from tests.unittest import override_config
  30. user1 = "@boris:aaa"
  31. user2 = "@theresa:bbb"
  32. class DeviceTestCase(unittest.HomeserverTestCase):
  33. def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
  34. self.appservice_api = mock.Mock()
  35. hs = self.setup_test_homeserver(
  36. "server",
  37. federation_http_client=None,
  38. application_service_api=self.appservice_api,
  39. )
  40. handler = hs.get_device_handler()
  41. assert isinstance(handler, DeviceHandler)
  42. self.handler = handler
  43. self.store = hs.get_datastores().main
  44. return hs
  45. def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
  46. # These tests assume that it starts 1000 seconds in.
  47. self.reactor.advance(1000)
  48. def test_device_is_created_with_invalid_name(self) -> None:
  49. self.get_failure(
  50. self.handler.check_device_registered(
  51. user_id="@boris:foo",
  52. device_id="foo",
  53. initial_device_display_name="a" * (MAX_DEVICE_DISPLAY_NAME_LEN + 1),
  54. ),
  55. SynapseError,
  56. )
  57. def test_device_is_created_if_doesnt_exist(self) -> None:
  58. res = self.get_success(
  59. self.handler.check_device_registered(
  60. user_id="@boris:foo",
  61. device_id="fco",
  62. initial_device_display_name="display name",
  63. )
  64. )
  65. self.assertEqual(res, "fco")
  66. dev = self.get_success(self.handler.store.get_device("@boris:foo", "fco"))
  67. assert dev is not None
  68. self.assertEqual(dev["display_name"], "display name")
  69. def test_device_is_preserved_if_exists(self) -> None:
  70. res1 = self.get_success(
  71. self.handler.check_device_registered(
  72. user_id="@boris:foo",
  73. device_id="fco",
  74. initial_device_display_name="display name",
  75. )
  76. )
  77. self.assertEqual(res1, "fco")
  78. res2 = self.get_success(
  79. self.handler.check_device_registered(
  80. user_id="@boris:foo",
  81. device_id="fco",
  82. initial_device_display_name="new display name",
  83. )
  84. )
  85. self.assertEqual(res2, "fco")
  86. dev = self.get_success(self.handler.store.get_device("@boris:foo", "fco"))
  87. assert dev is not None
  88. self.assertEqual(dev["display_name"], "display name")
  89. def test_device_id_is_made_up_if_unspecified(self) -> None:
  90. device_id = self.get_success(
  91. self.handler.check_device_registered(
  92. user_id="@theresa:foo",
  93. device_id=None,
  94. initial_device_display_name="display",
  95. )
  96. )
  97. dev = self.get_success(self.handler.store.get_device("@theresa:foo", device_id))
  98. assert dev is not None
  99. self.assertEqual(dev["display_name"], "display")
  100. def test_get_devices_by_user(self) -> None:
  101. self._record_users()
  102. res = self.get_success(self.handler.get_devices_by_user(user1))
  103. self.assertEqual(3, len(res))
  104. device_map = {d["device_id"]: d for d in res}
  105. self.assertDictContainsSubset(
  106. {
  107. "user_id": user1,
  108. "device_id": "xyz",
  109. "display_name": "display 0",
  110. "last_seen_ip": None,
  111. "last_seen_ts": None,
  112. },
  113. device_map["xyz"],
  114. )
  115. self.assertDictContainsSubset(
  116. {
  117. "user_id": user1,
  118. "device_id": "fco",
  119. "display_name": "display 1",
  120. "last_seen_ip": "ip1",
  121. "last_seen_ts": 1000000,
  122. },
  123. device_map["fco"],
  124. )
  125. self.assertDictContainsSubset(
  126. {
  127. "user_id": user1,
  128. "device_id": "abc",
  129. "display_name": "display 2",
  130. "last_seen_ip": "ip3",
  131. "last_seen_ts": 3000000,
  132. },
  133. device_map["abc"],
  134. )
  135. def test_get_device(self) -> None:
  136. self._record_users()
  137. res = self.get_success(self.handler.get_device(user1, "abc"))
  138. self.assertDictContainsSubset(
  139. {
  140. "user_id": user1,
  141. "device_id": "abc",
  142. "display_name": "display 2",
  143. "last_seen_ip": "ip3",
  144. "last_seen_ts": 3000000,
  145. },
  146. res,
  147. )
  148. def test_delete_device(self) -> None:
  149. self._record_users()
  150. # delete the device
  151. self.get_success(self.handler.delete_devices(user1, ["abc"]))
  152. # check the device was deleted
  153. self.get_failure(self.handler.get_device(user1, "abc"), NotFoundError)
  154. # we'd like to check the access token was invalidated, but that's a
  155. # bit of a PITA.
  156. def test_delete_device_and_device_inbox(self) -> None:
  157. self._record_users()
  158. # add an device_inbox
  159. self.get_success(
  160. self.store.db_pool.simple_insert(
  161. "device_inbox",
  162. {
  163. "user_id": user1,
  164. "device_id": "abc",
  165. "stream_id": 1,
  166. "message_json": "{}",
  167. },
  168. )
  169. )
  170. # delete the device
  171. self.get_success(self.handler.delete_devices(user1, ["abc"]))
  172. # check that the device_inbox was deleted
  173. res = self.get_success(
  174. self.store.db_pool.simple_select_one(
  175. table="device_inbox",
  176. keyvalues={"user_id": user1, "device_id": "abc"},
  177. retcols=("user_id", "device_id"),
  178. allow_none=True,
  179. desc="get_device_id_from_device_inbox",
  180. )
  181. )
  182. self.assertIsNone(res)
  183. def test_update_device(self) -> None:
  184. self._record_users()
  185. update = {"display_name": "new display"}
  186. self.get_success(self.handler.update_device(user1, "abc", update))
  187. res = self.get_success(self.handler.get_device(user1, "abc"))
  188. self.assertEqual(res["display_name"], "new display")
  189. def test_update_device_too_long_display_name(self) -> None:
  190. """Update a device with a display name that is invalid (too long)."""
  191. self._record_users()
  192. # Request to update a device display name with a new value that is longer than allowed.
  193. update = {"display_name": "a" * (MAX_DEVICE_DISPLAY_NAME_LEN + 1)}
  194. self.get_failure(
  195. self.handler.update_device(user1, "abc", update),
  196. SynapseError,
  197. )
  198. # Ensure the display name was not updated.
  199. res = self.get_success(self.handler.get_device(user1, "abc"))
  200. self.assertEqual(res["display_name"], "display 2")
  201. def test_update_unknown_device(self) -> None:
  202. update = {"display_name": "new_display"}
  203. self.get_failure(
  204. self.handler.update_device("user_id", "unknown_device_id", update),
  205. NotFoundError,
  206. )
  207. def _record_users(self) -> None:
  208. # check this works for both devices which have a recorded client_ip,
  209. # and those which don't.
  210. self._record_user(user1, "xyz", "display 0")
  211. self._record_user(user1, "fco", "display 1", "token1", "ip1")
  212. self._record_user(user1, "abc", "display 2", "token2", "ip2")
  213. self._record_user(user1, "abc", "display 2", "token3", "ip3")
  214. self._record_user(user2, "def", "dispkay", "token4", "ip4")
  215. self.reactor.advance(10000)
  216. def _record_user(
  217. self,
  218. user_id: str,
  219. device_id: str,
  220. display_name: str,
  221. access_token: Optional[str] = None,
  222. ip: Optional[str] = None,
  223. ) -> None:
  224. device_id = self.get_success(
  225. self.handler.check_device_registered(
  226. user_id=user_id,
  227. device_id=device_id,
  228. initial_device_display_name=display_name,
  229. )
  230. )
  231. if access_token is not None and ip is not None:
  232. self.get_success(
  233. self.store.insert_client_ip(
  234. user_id, access_token, ip, "user_agent", device_id
  235. )
  236. )
  237. self.reactor.advance(1000)
  238. @override_config({"experimental_features": {"msc3984_appservice_key_query": True}})
  239. def test_on_federation_query_user_devices_appservice(self) -> None:
  240. """Test that querying of appservices for keys overrides responses from the database."""
  241. local_user = "@boris:" + self.hs.hostname
  242. device_1 = "abc"
  243. device_2 = "def"
  244. device_3 = "ghi"
  245. # There are 3 devices:
  246. #
  247. # 1. One which is uploaded to the homeserver.
  248. # 2. One which is uploaded to the homeserver, but a newer copy is returned
  249. # by the appservice.
  250. # 3. One which is only returned by the appservice.
  251. device_key_1: JsonDict = {
  252. "user_id": local_user,
  253. "device_id": device_1,
  254. "algorithms": [
  255. "m.olm.curve25519-aes-sha2",
  256. RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
  257. ],
  258. "keys": {
  259. "ed25519:abc": "base64+ed25519+key",
  260. "curve25519:abc": "base64+curve25519+key",
  261. },
  262. "signatures": {local_user: {"ed25519:abc": "base64+signature"}},
  263. }
  264. device_key_2a: JsonDict = {
  265. "user_id": local_user,
  266. "device_id": device_2,
  267. "algorithms": [
  268. "m.olm.curve25519-aes-sha2",
  269. RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
  270. ],
  271. "keys": {
  272. "ed25519:def": "base64+ed25519+key",
  273. "curve25519:def": "base64+curve25519+key",
  274. },
  275. "signatures": {local_user: {"ed25519:def": "base64+signature"}},
  276. }
  277. device_key_2b: JsonDict = {
  278. "user_id": local_user,
  279. "device_id": device_2,
  280. "algorithms": [
  281. "m.olm.curve25519-aes-sha2",
  282. RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
  283. ],
  284. # The device ID is the same (above), but the keys are different.
  285. "keys": {
  286. "ed25519:xyz": "base64+ed25519+key",
  287. "curve25519:xyz": "base64+curve25519+key",
  288. },
  289. "signatures": {local_user: {"ed25519:xyz": "base64+signature"}},
  290. }
  291. device_key_3: JsonDict = {
  292. "user_id": local_user,
  293. "device_id": device_3,
  294. "algorithms": [
  295. "m.olm.curve25519-aes-sha2",
  296. RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
  297. ],
  298. "keys": {
  299. "ed25519:jkl": "base64+ed25519+key",
  300. "curve25519:jkl": "base64+curve25519+key",
  301. },
  302. "signatures": {local_user: {"ed25519:jkl": "base64+signature"}},
  303. }
  304. # Upload keys for devices 1 & 2a.
  305. e2e_keys_handler = self.hs.get_e2e_keys_handler()
  306. self.get_success(
  307. e2e_keys_handler.upload_keys_for_user(
  308. local_user, device_1, {"device_keys": device_key_1}
  309. )
  310. )
  311. self.get_success(
  312. e2e_keys_handler.upload_keys_for_user(
  313. local_user, device_2, {"device_keys": device_key_2a}
  314. )
  315. )
  316. # Inject an appservice interested in this user.
  317. appservice = ApplicationService(
  318. token="i_am_an_app_service",
  319. id="1234",
  320. namespaces={"users": [{"regex": r"@boris:.+", "exclusive": True}]},
  321. # Note: this user does not have to match the regex above
  322. sender="@as_main:test",
  323. )
  324. self.hs.get_datastores().main.services_cache = [appservice]
  325. self.hs.get_datastores().main.exclusive_user_regex = _make_exclusive_regex(
  326. [appservice]
  327. )
  328. # Setup a response.
  329. self.appservice_api.query_keys.return_value = make_awaitable(
  330. {
  331. "device_keys": {
  332. local_user: {device_2: device_key_2b, device_3: device_key_3}
  333. }
  334. }
  335. )
  336. # Request all devices.
  337. res = self.get_success(
  338. self.handler.on_federation_query_user_devices(local_user)
  339. )
  340. self.assertIn("devices", res)
  341. res_devices = res["devices"]
  342. for device in res_devices:
  343. device["keys"].pop("unsigned", None)
  344. self.assertEqual(
  345. res_devices,
  346. [
  347. {"device_id": device_1, "keys": device_key_1},
  348. {"device_id": device_2, "keys": device_key_2b},
  349. {"device_id": device_3, "keys": device_key_3},
  350. ],
  351. )
  352. class DehydrationTestCase(unittest.HomeserverTestCase):
  353. def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
  354. hs = self.setup_test_homeserver("server", federation_http_client=None)
  355. handler = hs.get_device_handler()
  356. assert isinstance(handler, DeviceHandler)
  357. self.handler = handler
  358. self.registration = hs.get_registration_handler()
  359. self.auth = hs.get_auth()
  360. self.store = hs.get_datastores().main
  361. return hs
  362. def test_dehydrate_and_rehydrate_device(self) -> None:
  363. user_id = "@boris:dehydration"
  364. self.get_success(self.store.register_user(user_id, "foobar"))
  365. # First check if we can store and fetch a dehydrated device
  366. stored_dehydrated_device_id = self.get_success(
  367. self.handler.store_dehydrated_device(
  368. user_id=user_id,
  369. device_data={"device_data": {"foo": "bar"}},
  370. initial_device_display_name="dehydrated device",
  371. )
  372. )
  373. result = self.get_success(self.handler.get_dehydrated_device(user_id=user_id))
  374. assert result is not None
  375. retrieved_device_id, device_data = result
  376. self.assertEqual(retrieved_device_id, stored_dehydrated_device_id)
  377. self.assertEqual(device_data, {"device_data": {"foo": "bar"}})
  378. # Create a new login for the user and dehydrated the device
  379. device_id, access_token, _expiration_time, _refresh_token = self.get_success(
  380. self.registration.register_device(
  381. user_id=user_id,
  382. device_id=None,
  383. initial_display_name="new device",
  384. )
  385. )
  386. # Trying to claim a nonexistent device should throw an error
  387. self.get_failure(
  388. self.handler.rehydrate_device(
  389. user_id=user_id,
  390. access_token=access_token,
  391. device_id="not the right device ID",
  392. ),
  393. NotFoundError,
  394. )
  395. # dehydrating the right devices should succeed and change our device ID
  396. # to the dehydrated device's ID
  397. res = self.get_success(
  398. self.handler.rehydrate_device(
  399. user_id=user_id,
  400. access_token=access_token,
  401. device_id=retrieved_device_id,
  402. )
  403. )
  404. self.assertEqual(res, {"success": True})
  405. # make sure that our device ID has changed
  406. user_info = self.get_success(self.auth.get_user_by_access_token(access_token))
  407. self.assertEqual(user_info.device_id, retrieved_device_id)
  408. # make sure the device has the display name that was set from the login
  409. res = self.get_success(self.handler.get_device(user_id, retrieved_device_id))
  410. self.assertEqual(res["display_name"], "new device")
  411. # make sure that the device ID that we were initially assigned no longer exists
  412. self.get_failure(
  413. self.handler.get_device(user_id, device_id),
  414. NotFoundError,
  415. )
  416. # make sure that there's no device available for dehydrating now
  417. ret = self.get_success(self.handler.get_dehydrated_device(user_id=user_id))
  418. self.assertIsNone(ret)