synapse/tests/rest/client/test_rooms.py

# Copyright 2014-2016 OpenMarket Ltd
# Copyright 2017 Vector Creations Ltd
# Copyright 2018-2019 New Vector Ltd
# Copyright 2019 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Tests REST events for /rooms paths."""

import json
from http import HTTPStatus
from typing import Any, Dict, Iterable, List, Optional, Tuple, Union
from unittest.mock import AsyncMock, Mock, call, patch
from urllib import parse as urlparse

from parameterized import param, parameterized
from typing_extensions import Literal

from twisted.test.proto_helpers import MemoryReactor

import synapse.rest.admin
from synapse.api.constants import (
    EduTypes,
    EventContentFields,
    EventTypes,
    Membership,
    PublicRoomsFilterFields,
    RoomTypes,
)
from synapse.api.errors import Codes, HttpResponseException
from synapse.appservice import ApplicationService
from synapse.events import EventBase
from synapse.events.snapshot import EventContext
from synapse.handlers.pagination import PurgeStatus
from synapse.rest import admin
from synapse.rest.client import account, directory, login, profile, register, room, sync
from synapse.server import HomeServer
from synapse.types import JsonDict, RoomAlias, UserID, create_requester
from synapse.util import Clock
from synapse.util.stringutils import random_string

from tests import unittest
from tests.http.server._base import make_request_with_cancellation_test
from tests.storage.test_stream import PaginationTestCase
from tests.test_utils.event_injection import create_event
from tests.unittest import override_config

PATH_PREFIX = b"/_matrix/client/api/v1"


class RoomBase(unittest.HomeserverTestCase):
    rmcreator_id: Optional[str] = None

    servlets = [room.register_servlets, room.register_deprecated_servlets]

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        self.hs = self.setup_test_homeserver(
            "red",
        )

        self.hs.get_federation_handler = Mock()  # type: ignore[method-assign]
        self.hs.get_federation_handler.return_value.maybe_backfill = AsyncMock(
            return_value=None
        )

        async def _insert_client_ip(*args: Any, **kwargs: Any) -> None:
            return None

        self.hs.get_datastores().main.insert_client_ip = _insert_client_ip  # type: ignore[method-assign]

        return self.hs


class RoomPermissionsTestCase(RoomBase):
    """Tests room permissions."""

    user_id = "@sid1:red"
    rmcreator_id = "@notme:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.helper.auth_user_id = self.rmcreator_id
        # create some rooms under the name rmcreator_id
        self.uncreated_rmid = "!aa:test"
        self.created_rmid = self.helper.create_room_as(
            self.rmcreator_id, is_public=False
        )
        self.created_public_rmid = self.helper.create_room_as(
            self.rmcreator_id, is_public=True
        )

        # send a message in one of the rooms
        self.created_rmid_msg_path = (
            "rooms/%s/send/m.room.message/a1" % (self.created_rmid)
        ).encode("ascii")
        channel = self.make_request(
            "PUT", self.created_rmid_msg_path, b'{"msgtype":"m.text","body":"test msg"}'
        )
        self.assertEqual(HTTPStatus.OK, channel.code, channel.result)

        # set topic for public room
        channel = self.make_request(
            "PUT",
            ("rooms/%s/state/m.room.topic" % self.created_public_rmid).encode("ascii"),
            b'{"topic":"Public Room Topic"}',
        )
        self.assertEqual(HTTPStatus.OK, channel.code, channel.result)

        # auth as user_id now
        self.helper.auth_user_id = self.user_id

    def test_can_do_action(self) -> None:
        msg_content = b'{"msgtype":"m.text","body":"hello"}'

        seq = iter(range(100))

        def send_msg_path() -> str:
            return "/rooms/%s/send/m.room.message/mid%s" % (
                self.created_rmid,
                str(next(seq)),
            )

        # send message in uncreated room, expect 403
        channel = self.make_request(
            "PUT",
            "/rooms/%s/send/m.room.message/mid2" % (self.uncreated_rmid,),
            msg_content,
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # send message in created room not joined (no state), expect 403
        channel = self.make_request("PUT", send_msg_path(), msg_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # send message in created room and invited, expect 403
        self.helper.invite(
            room=self.created_rmid, src=self.rmcreator_id, targ=self.user_id
        )
        channel = self.make_request("PUT", send_msg_path(), msg_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # send message in created room and joined, expect 200
        self.helper.join(room=self.created_rmid, user=self.user_id)
        channel = self.make_request("PUT", send_msg_path(), msg_content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # send message in created room and left, expect 403
        self.helper.leave(room=self.created_rmid, user=self.user_id)
        channel = self.make_request("PUT", send_msg_path(), msg_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_topic_perms(self) -> None:
        topic_content = b'{"topic":"My Topic Name"}'
        topic_path = "/rooms/%s/state/m.room.topic" % self.created_rmid

        # set/get topic in uncreated room, expect 403
        channel = self.make_request(
            "PUT", "/rooms/%s/state/m.room.topic" % self.uncreated_rmid, topic_content
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        channel = self.make_request(
            "GET", "/rooms/%s/state/m.room.topic" % self.uncreated_rmid
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # set/get topic in created PRIVATE room not joined, expect 403
        channel = self.make_request("PUT", topic_path, topic_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        channel = self.make_request("GET", topic_path)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # set topic in created PRIVATE room and invited, expect 403
        self.helper.invite(
            room=self.created_rmid, src=self.rmcreator_id, targ=self.user_id
        )
        channel = self.make_request("PUT", topic_path, topic_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # get topic in created PRIVATE room and invited, expect 403
        channel = self.make_request("GET", topic_path)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # set/get topic in created PRIVATE room and joined, expect 200
        self.helper.join(room=self.created_rmid, user=self.user_id)

        # Only room ops can set topic by default
        self.helper.auth_user_id = self.rmcreator_id
        channel = self.make_request("PUT", topic_path, topic_content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.helper.auth_user_id = self.user_id

        channel = self.make_request("GET", topic_path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assert_dict(json.loads(topic_content.decode("utf8")), channel.json_body)

        # set/get topic in created PRIVATE room and left, expect 403
        self.helper.leave(room=self.created_rmid, user=self.user_id)
        channel = self.make_request("PUT", topic_path, topic_content)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        channel = self.make_request("GET", topic_path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # get topic in PUBLIC room, not joined, expect 403
        channel = self.make_request(
            "GET", "/rooms/%s/state/m.room.topic" % self.created_public_rmid
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        # set topic in PUBLIC room, not joined, expect 403
        channel = self.make_request(
            "PUT",
            "/rooms/%s/state/m.room.topic" % self.created_public_rmid,
            topic_content,
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def _test_get_membership(
        self, room: str, members: Iterable = frozenset(), expect_code: int = 200
    ) -> None:
        for member in members:
            path = "/rooms/%s/state/m.room.member/%s" % (room, member)
            channel = self.make_request("GET", path)
            self.assertEqual(expect_code, channel.code)

    def test_membership_basic_room_perms(self) -> None:
        # === room does not exist ===
        room = self.uncreated_rmid
        # get membership of self, get membership of other, uncreated room
        # expect all 403s
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=403
        )

        # trying to invite people to this room should 403
        self.helper.invite(
            room=room, src=self.user_id, targ=self.rmcreator_id, expect_code=403
        )

        # set [invite/join/left] of self, set [invite/join/left] of other,
        # expect all 404s because room doesn't exist on any server
        for usr in [self.user_id, self.rmcreator_id]:
            self.helper.join(room=room, user=usr, expect_code=404)
            self.helper.leave(room=room, user=usr, expect_code=404)

    def test_membership_private_room_perms(self) -> None:
        room = self.created_rmid
        # get membership of self, get membership of other, private room + invite
        # expect all 403s
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=403
        )

        # get membership of self, get membership of other, private room + joined
        # expect all 200s
        self.helper.join(room=room, user=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=200
        )

        # get membership of self, get membership of other, private room + left
        # expect all 200s
        self.helper.leave(room=room, user=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=200
        )

    def test_membership_public_room_perms(self) -> None:
        room = self.created_public_rmid
        # get membership of self, get membership of other, public room + invite
        # expect 403
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=403
        )

        # get membership of self, get membership of other, public room + joined
        # expect all 200s
        self.helper.join(room=room, user=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=200
        )

        # get membership of self, get membership of other, public room + left
        # expect 200.
        self.helper.leave(room=room, user=self.user_id)
        self._test_get_membership(
            members=[self.user_id, self.rmcreator_id], room=room, expect_code=200
        )

    def test_invited_permissions(self) -> None:
        room = self.created_rmid
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)

        # set [invite/join/left] of other user, expect 403s
        self.helper.invite(
            room=room, src=self.user_id, targ=self.rmcreator_id, expect_code=403
        )
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=self.rmcreator_id,
            membership=Membership.JOIN,
            expect_code=HTTPStatus.FORBIDDEN,
        )
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=self.rmcreator_id,
            membership=Membership.LEAVE,
            expect_code=HTTPStatus.FORBIDDEN,
        )

    def test_joined_permissions(self) -> None:
        room = self.created_rmid
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
        self.helper.join(room=room, user=self.user_id)

        # set invited of self, expect 403
        self.helper.invite(
            room=room, src=self.user_id, targ=self.user_id, expect_code=403
        )

        # set joined of self, expect 200 (NOOP)
        self.helper.join(room=room, user=self.user_id)

        other = "@burgundy:red"
        # set invited of other, expect 200
        self.helper.invite(room=room, src=self.user_id, targ=other, expect_code=200)

        # set joined of other, expect 403
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=other,
            membership=Membership.JOIN,
            expect_code=HTTPStatus.FORBIDDEN,
        )

        # set left of other, expect 403
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=other,
            membership=Membership.LEAVE,
            expect_code=HTTPStatus.FORBIDDEN,
        )

        # set left of self, expect 200
        self.helper.leave(room=room, user=self.user_id)

    def test_leave_permissions(self) -> None:
        room = self.created_rmid
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
        self.helper.join(room=room, user=self.user_id)
        self.helper.leave(room=room, user=self.user_id)

        # set [invite/join/left] of self, set [invite/join/left] of other,
        # expect all 403s
        for usr in [self.user_id, self.rmcreator_id]:
            self.helper.change_membership(
                room=room,
                src=self.user_id,
                targ=usr,
                membership=Membership.INVITE,
                expect_code=HTTPStatus.FORBIDDEN,
            )

            self.helper.change_membership(
                room=room,
                src=self.user_id,
                targ=usr,
                membership=Membership.JOIN,
                expect_code=HTTPStatus.FORBIDDEN,
            )

        # It is always valid to LEAVE if you've already left (currently.)
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=self.rmcreator_id,
            membership=Membership.LEAVE,
            expect_code=HTTPStatus.FORBIDDEN,
        )

    # tests the "from banned" line from the table in https://spec.matrix.org/unstable/client-server-api/#mroommember
    def test_member_event_from_ban(self) -> None:
        room = self.created_rmid
        self.helper.invite(room=room, src=self.rmcreator_id, targ=self.user_id)
        self.helper.join(room=room, user=self.user_id)

        other = "@burgundy:red"

        # User cannot ban other since they do not have required power level
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=other,
            membership=Membership.BAN,
            expect_code=HTTPStatus.FORBIDDEN,  # expect failure
            expect_errcode=Codes.FORBIDDEN,
        )

        # Admin bans other
        self.helper.change_membership(
            room=room,
            src=self.rmcreator_id,
            targ=other,
            membership=Membership.BAN,
            expect_code=HTTPStatus.OK,
        )

        # from ban to invite: Must never happen.
        self.helper.change_membership(
            room=room,
            src=self.rmcreator_id,
            targ=other,
            membership=Membership.INVITE,
            expect_code=HTTPStatus.FORBIDDEN,  # expect failure
            expect_errcode=Codes.BAD_STATE,
        )

        # from ban to join: Must never happen.
        self.helper.change_membership(
            room=room,
            src=other,
            targ=other,
            membership=Membership.JOIN,
            expect_code=HTTPStatus.FORBIDDEN,  # expect failure
            expect_errcode=Codes.BAD_STATE,
        )

        # from ban to ban: No change.
        self.helper.change_membership(
            room=room,
            src=self.rmcreator_id,
            targ=other,
            membership=Membership.BAN,
            expect_code=HTTPStatus.OK,
        )

        # from ban to knock: Must never happen.
        self.helper.change_membership(
            room=room,
            src=self.rmcreator_id,
            targ=other,
            membership=Membership.KNOCK,
            expect_code=HTTPStatus.FORBIDDEN,  # expect failure
            expect_errcode=Codes.BAD_STATE,
        )

        # User cannot unban other since they do not have required power level
        self.helper.change_membership(
            room=room,
            src=self.user_id,
            targ=other,
            membership=Membership.LEAVE,
            expect_code=HTTPStatus.FORBIDDEN,  # expect failure
            expect_errcode=Codes.FORBIDDEN,
        )

        # from ban to leave: User was unbanned.
        self.helper.change_membership(
            room=room,
            src=self.rmcreator_id,
            targ=other,
            membership=Membership.LEAVE,
            expect_code=HTTPStatus.OK,
        )


class RoomStateTestCase(RoomBase):
    """Tests /rooms/$room_id/state."""

    user_id = "@sid1:red"

    def test_get_state_cancellation(self) -> None:
        """Test cancellation of a `/rooms/$room_id/state` request."""
        room_id = self.helper.create_room_as(self.user_id)
        channel = make_request_with_cancellation_test(
            "test_state_cancellation",
            self.reactor,
            self.site,
            "GET",
            "/rooms/%s/state" % room_id,
        )

        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertCountEqual(
            [state_event["type"] for state_event in channel.json_list],
            {
                "m.room.create",
                "m.room.power_levels",
                "m.room.join_rules",
                "m.room.member",
                "m.room.history_visibility",
            },
        )

    def test_get_state_event_cancellation(self) -> None:
        """Test cancellation of a `/rooms/$room_id/state/$event_type` request."""
        room_id = self.helper.create_room_as(self.user_id)
        channel = make_request_with_cancellation_test(
            "test_state_cancellation",
            self.reactor,
            self.site,
            "GET",
            "/rooms/%s/state/m.room.member/%s" % (room_id, self.user_id),
        )

        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertEqual(channel.json_body, {"membership": "join"})


class RoomsMemberListTestCase(RoomBase):
    """Tests /rooms/$room_id/members/list REST events."""

    servlets = RoomBase.servlets + [sync.register_servlets]

    user_id = "@sid1:red"

    def test_get_member_list(self) -> None:
        room_id = self.helper.create_room_as(self.user_id)
        channel = self.make_request("GET", "/rooms/%s/members" % room_id)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

    def test_get_member_list_no_room(self) -> None:
        channel = self.make_request("GET", "/rooms/roomdoesnotexist/members")
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_get_member_list_no_permission(self) -> None:
        room_id = self.helper.create_room_as("@some_other_guy:red")
        channel = self.make_request("GET", "/rooms/%s/members" % room_id)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_get_member_list_no_permission_with_at_token(self) -> None:
        """
        Tests that a stranger to the room cannot get the member list
        (in the case that they use an at token).
        """
        room_id = self.helper.create_room_as("@someone.else:red")

        # first sync to get an at token
        channel = self.make_request("GET", "/sync")
        self.assertEqual(HTTPStatus.OK, channel.code)
        sync_token = channel.json_body["next_batch"]

        # check that permission is denied for @sid1:red to get the
        # memberships of @someone.else:red's room.
        channel = self.make_request(
            "GET",
            f"/rooms/{room_id}/members?at={sync_token}",
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_get_member_list_no_permission_former_member(self) -> None:
        """
        Tests that a former member of the room can not get the member list.
        """
        # create a room, invite the user and the user joins
        room_id = self.helper.create_room_as("@alice:red")
        self.helper.invite(room_id, "@alice:red", self.user_id)
        self.helper.join(room_id, self.user_id)

        # check that the user can see the member list to start with
        channel = self.make_request("GET", "/rooms/%s/members" % room_id)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # ban the user
        self.helper.change_membership(room_id, "@alice:red", self.user_id, "ban")

        # check the user can no longer see the member list
        channel = self.make_request("GET", "/rooms/%s/members" % room_id)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_get_member_list_no_permission_former_member_with_at_token(self) -> None:
        """
        Tests that a former member of the room can not get the member list
        (in the case that they use an at token).
        """
        # create a room, invite the user and the user joins
        room_id = self.helper.create_room_as("@alice:red")
        self.helper.invite(room_id, "@alice:red", self.user_id)
        self.helper.join(room_id, self.user_id)

        # sync to get an at token
        channel = self.make_request("GET", "/sync")
        self.assertEqual(HTTPStatus.OK, channel.code)
        sync_token = channel.json_body["next_batch"]

        # check that the user can see the member list to start with
        channel = self.make_request(
            "GET", "/rooms/%s/members?at=%s" % (room_id, sync_token)
        )
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # ban the user (Note: the user is actually allowed to see this event and
        # state so that they know they're banned!)
        self.helper.change_membership(room_id, "@alice:red", self.user_id, "ban")

        # invite a third user and let them join
        self.helper.invite(room_id, "@alice:red", "@bob:red")
        self.helper.join(room_id, "@bob:red")

        # now, with the original user, sync again to get a new at token
        channel = self.make_request("GET", "/sync")
        self.assertEqual(HTTPStatus.OK, channel.code)
        sync_token = channel.json_body["next_batch"]

        # check the user can no longer see the updated member list
        channel = self.make_request(
            "GET", "/rooms/%s/members?at=%s" % (room_id, sync_token)
        )
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    def test_get_member_list_mixed_memberships(self) -> None:
        room_creator = "@some_other_guy:red"
        room_id = self.helper.create_room_as(room_creator)
        room_path = "/rooms/%s/members" % room_id
        self.helper.invite(room=room_id, src=room_creator, targ=self.user_id)
        # can't see list if you're just invited.
        channel = self.make_request("GET", room_path)
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

        self.helper.join(room=room_id, user=self.user_id)
        # can see list now joined
        channel = self.make_request("GET", room_path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        self.helper.leave(room=room_id, user=self.user_id)
        # can see old list once left
        channel = self.make_request("GET", room_path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

    def test_get_member_list_cancellation(self) -> None:
        """Test cancellation of a `/rooms/$room_id/members` request."""
        room_id = self.helper.create_room_as(self.user_id)
        channel = make_request_with_cancellation_test(
            "test_get_member_list_cancellation",
            self.reactor,
            self.site,
            "GET",
            "/rooms/%s/members" % room_id,
        )

        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertEqual(len(channel.json_body["chunk"]), 1)
        self.assertLessEqual(
            {
                "content": {"membership": "join"},
                "room_id": room_id,
                "sender": self.user_id,
                "state_key": self.user_id,
                "type": "m.room.member",
                "user_id": self.user_id,
            }.items(),
            channel.json_body["chunk"][0].items(),
        )

    def test_get_member_list_with_at_token_cancellation(self) -> None:
        """Test cancellation of a `/rooms/$room_id/members?at=<sync token>` request."""
        room_id = self.helper.create_room_as(self.user_id)

        # first sync to get an at token
        channel = self.make_request("GET", "/sync")
        self.assertEqual(HTTPStatus.OK, channel.code)
        sync_token = channel.json_body["next_batch"]

        channel = make_request_with_cancellation_test(
            "test_get_member_list_with_at_token_cancellation",
            self.reactor,
            self.site,
            "GET",
            "/rooms/%s/members?at=%s" % (room_id, sync_token),
        )

        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertEqual(len(channel.json_body["chunk"]), 1)
        self.assertLessEqual(
            {
                "content": {"membership": "join"},
                "room_id": room_id,
                "sender": self.user_id,
                "state_key": self.user_id,
                "type": "m.room.member",
                "user_id": self.user_id,
            }.items(),
            channel.json_body["chunk"][0].items(),
        )


class RoomsCreateTestCase(RoomBase):
    """Tests /rooms and /rooms/$room_id REST events."""

    user_id = "@sid1:red"

    def test_post_room_no_keys(self) -> None:
        # POST with no config keys, expect new room id
        channel = self.make_request("POST", "/createRoom", "{}")

        self.assertEqual(HTTPStatus.OK, channel.code, channel.result)
        self.assertTrue("room_id" in channel.json_body)
        assert channel.resource_usage is not None
        self.assertEqual(32, channel.resource_usage.db_txn_count)

    def test_post_room_initial_state(self) -> None:
        # POST with initial_state config key, expect new room id
        channel = self.make_request(
            "POST",
            "/createRoom",
            b'{"initial_state":[{"type": "m.bridge", "content": {}}]}',
        )

        self.assertEqual(HTTPStatus.OK, channel.code, channel.result)
        self.assertTrue("room_id" in channel.json_body)
        assert channel.resource_usage is not None
        self.assertEqual(34, channel.resource_usage.db_txn_count)

    def test_post_room_visibility_key(self) -> None:
        # POST with visibility config key, expect new room id
        channel = self.make_request("POST", "/createRoom", b'{"visibility":"private"}')
        self.assertEqual(HTTPStatus.OK, channel.code)
        self.assertTrue("room_id" in channel.json_body)

    def test_post_room_custom_key(self) -> None:
        # POST with custom config keys, expect new room id
        channel = self.make_request("POST", "/createRoom", b'{"custom":"stuff"}')
        self.assertEqual(HTTPStatus.OK, channel.code)
        self.assertTrue("room_id" in channel.json_body)

    def test_post_room_known_and_unknown_keys(self) -> None:
        # POST with custom + known config keys, expect new room id
        channel = self.make_request(
            "POST", "/createRoom", b'{"visibility":"private","custom":"things"}'
        )
        self.assertEqual(HTTPStatus.OK, channel.code)
        self.assertTrue("room_id" in channel.json_body)

    def test_post_room_invalid_content(self) -> None:
        # POST with invalid content / paths, expect 400
        channel = self.make_request("POST", "/createRoom", b'{"visibili')
        self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code)

        channel = self.make_request("POST", "/createRoom", b'["hello"]')
        self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code)

    def test_post_room_invitees_invalid_mxid(self) -> None:
        # POST with invalid invitee, see https://github.com/matrix-org/synapse/issues/4088
        # Note the trailing space in the MXID here!
        channel = self.make_request(
            "POST", "/createRoom", b'{"invite":["@alice:example.com "]}'
        )
        self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code)

    @unittest.override_config({"rc_invites": {"per_room": {"burst_count": 3}}})
    def test_post_room_invitees_ratelimit(self) -> None:
        """Test that invites sent when creating a room are ratelimited by a RateLimiter,
        which ratelimits them correctly, including by not limiting when the requester is
        exempt from ratelimiting.
        """

        # Build the request's content. We use local MXIDs because invites over federation
        # are more difficult to mock.
        content = {
            "invite": [
                "@alice1:red",
                "@alice2:red",
                "@alice3:red",
                "@alice4:red",
            ]
        }

        # Test that the invites are correctly ratelimited.
        channel = self.make_request("POST", "/createRoom", content)
        self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code)
        self.assertEqual(
            "Cannot invite so many users at once",
            channel.json_body["error"],
        )

        # Add the current user to the ratelimit overrides, allowing them no ratelimiting.
        self.get_success(
            self.hs.get_datastores().main.set_ratelimit_for_user(self.user_id, 0, 0)
        )

        # Test that the invites aren't ratelimited anymore.
        channel = self.make_request("POST", "/createRoom", content)
        self.assertEqual(HTTPStatus.OK, channel.code)

    def test_spam_checker_may_join_room_deprecated(self) -> None:
        """Tests that the user_may_join_room spam checker callback is correctly bypassed
        when creating a new room.

        In this test, we use the deprecated API in which callbacks return a bool.
        """

        async def user_may_join_room(
            mxid: str,
            room_id: str,
            is_invite: bool,
        ) -> bool:
            return False

        join_mock = Mock(side_effect=user_may_join_room)
        self.hs.get_module_api_callbacks().spam_checker._user_may_join_room_callbacks.append(
            join_mock
        )

        channel = self.make_request(
            "POST",
            "/createRoom",
            {},
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        self.assertEqual(join_mock.call_count, 0)

    def test_spam_checker_may_join_room(self) -> None:
        """Tests that the user_may_join_room spam checker callback is correctly bypassed
        when creating a new room.

        In this test, we use the more recent API in which callbacks return a `Union[Codes, Literal["NOT_SPAM"]]`.
        """

        async def user_may_join_room_codes(
            mxid: str,
            room_id: str,
            is_invite: bool,
        ) -> Codes:
            return Codes.CONSENT_NOT_GIVEN

        join_mock = Mock(side_effect=user_may_join_room_codes)
        self.hs.get_module_api_callbacks().spam_checker._user_may_join_room_callbacks.append(
            join_mock
        )

        channel = self.make_request(
            "POST",
            "/createRoom",
            {},
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        self.assertEqual(join_mock.call_count, 0)

        # Now change the return value of the callback to deny any join. Since we're
        # creating the room, despite the return value, we should be able to join.
        async def user_may_join_room_tuple(
            mxid: str,
            room_id: str,
            is_invite: bool,
        ) -> Tuple[Codes, dict]:
            return Codes.INCOMPATIBLE_ROOM_VERSION, {}

        join_mock.side_effect = user_may_join_room_tuple

        channel = self.make_request(
            "POST",
            "/createRoom",
            {},
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
        self.assertEqual(join_mock.call_count, 0)

    def _create_basic_room(self) -> Tuple[int, object]:
        """
        Tries to create a basic room and returns the response code.
        """
        channel = self.make_request(
            "POST",
            "/createRoom",
            {},
        )
        return channel.code, channel.json_body

    @override_config(
        {
            "rc_message": {"per_second": 0.2, "burst_count": 10},
        }
    )
    def test_room_creation_ratelimiting(self) -> None:
        """
        Regression test for #14312, where ratelimiting was made too strict.
        Clients should be able to create 10 rooms in a row
        without hitting rate limits, using default rate limit config.
        (We override rate limiting config back to its default value.)

        To ensure we don't make ratelimiting too generous accidentally,
        also check that we can't create an 11th room.
        """

        for _ in range(10):
            code, json_body = self._create_basic_room()
            self.assertEqual(code, HTTPStatus.OK, json_body)

        # The 6th room hits the rate limit.
        code, json_body = self._create_basic_room()
        self.assertEqual(code, HTTPStatus.TOO_MANY_REQUESTS, json_body)


class RoomTopicTestCase(RoomBase):
    """Tests /rooms/$room_id/topic REST events."""

    user_id = "@sid1:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        # create the room
        self.room_id = self.helper.create_room_as(self.user_id)
        self.path = "/rooms/%s/state/m.room.topic" % (self.room_id,)

    def test_invalid_puts(self) -> None:
        # missing keys or invalid json
        channel = self.make_request("PUT", self.path, "{}")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", self.path, '{"_name":"bo"}')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", self.path, '{"nao')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request(
            "PUT", self.path, '[{"_name":"bo"},{"_name":"jill"}]'
        )
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", self.path, "text only")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", self.path, "")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        # valid key, wrong type
        content = '{"topic":["Topic name"]}'
        channel = self.make_request("PUT", self.path, content)
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

    def test_rooms_topic(self) -> None:
        # nothing should be there
        channel = self.make_request("GET", self.path)
        self.assertEqual(HTTPStatus.NOT_FOUND, channel.code, msg=channel.result["body"])

        # valid put
        content = '{"topic":"Topic name"}'
        channel = self.make_request("PUT", self.path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # valid get
        channel = self.make_request("GET", self.path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assert_dict(json.loads(content), channel.json_body)

    def test_rooms_topic_with_extra_keys(self) -> None:
        # valid put with extra keys
        content = '{"topic":"Seasons","subtopic":"Summer"}'
        channel = self.make_request("PUT", self.path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # valid get
        channel = self.make_request("GET", self.path)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assert_dict(json.loads(content), channel.json_body)


class RoomMemberStateTestCase(RoomBase):
    """Tests /rooms/$room_id/members/$user_id/state REST events."""

    user_id = "@sid1:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.room_id = self.helper.create_room_as(self.user_id)

    def test_invalid_puts(self) -> None:
        path = "/rooms/%s/state/m.room.member/%s" % (self.room_id, self.user_id)
        # missing keys or invalid json
        channel = self.make_request("PUT", path, "{}")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, '{"_name":"bo"}')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, '{"nao')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b'[{"_name":"bo"},{"_name":"jill"}]')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, "text only")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, "")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        # valid keys, wrong types
        content = '{"membership":["%s","%s","%s"]}' % (
            Membership.INVITE,
            Membership.JOIN,
            Membership.LEAVE,
        )
        channel = self.make_request("PUT", path, content.encode("ascii"))
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

    def test_rooms_members_self(self) -> None:
        path = "/rooms/%s/state/m.room.member/%s" % (
            urlparse.quote(self.room_id),
            self.user_id,
        )

        # valid join message (NOOP since we made the room)
        content = '{"membership":"%s"}' % Membership.JOIN
        channel = self.make_request("PUT", path, content.encode("ascii"))
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        channel = self.make_request("GET", path, content=b"")
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        expected_response = {"membership": Membership.JOIN}
        self.assertEqual(expected_response, channel.json_body)

    def test_rooms_members_other(self) -> None:
        self.other_id = "@zzsid1:red"
        path = "/rooms/%s/state/m.room.member/%s" % (
            urlparse.quote(self.room_id),
            self.other_id,
        )

        # valid invite message
        content = '{"membership":"%s"}' % Membership.INVITE
        channel = self.make_request("PUT", path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        channel = self.make_request("GET", path, content=b"")
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertEqual(json.loads(content), channel.json_body)

    def test_rooms_members_other_custom_keys(self) -> None:
        self.other_id = "@zzsid1:red"
        path = "/rooms/%s/state/m.room.member/%s" % (
            urlparse.quote(self.room_id),
            self.other_id,
        )

        # valid invite message with custom key
        content = '{"membership":"%s","invite_text":"%s"}' % (
            Membership.INVITE,
            "Join us!",
        )
        channel = self.make_request("PUT", path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        channel = self.make_request("GET", path, content=b"")
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
        self.assertEqual(json.loads(content), channel.json_body)


class RoomInviteRatelimitTestCase(RoomBase):
    user_id = "@sid1:red"

    servlets = [
        admin.register_servlets,
        profile.register_servlets,
        room.register_servlets,
    ]

    @unittest.override_config(
        {"rc_invites": {"per_room": {"per_second": 0.5, "burst_count": 3}}}
    )
    def test_invites_by_rooms_ratelimit(self) -> None:
        """Tests that invites in a room are actually rate-limited."""
        room_id = self.helper.create_room_as(self.user_id)

        for i in range(3):
            self.helper.invite(room_id, self.user_id, "@user-%s:red" % (i,))

        self.helper.invite(room_id, self.user_id, "@user-4:red", expect_code=429)

    @unittest.override_config(
        {"rc_invites": {"per_user": {"per_second": 0.5, "burst_count": 3}}}
    )
    def test_invites_by_users_ratelimit(self) -> None:
        """Tests that invites to a specific user are actually rate-limited."""

        for _ in range(3):
            room_id = self.helper.create_room_as(self.user_id)
            self.helper.invite(room_id, self.user_id, "@other-users:red")

        room_id = self.helper.create_room_as(self.user_id)
        self.helper.invite(room_id, self.user_id, "@other-users:red", expect_code=429)


class RoomJoinTestCase(RoomBase):
    servlets = [
        admin.register_servlets,
        login.register_servlets,
        room.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.user1 = self.register_user("thomas", "hackme")
        self.tok1 = self.login("thomas", "hackme")

        self.user2 = self.register_user("teresa", "hackme")
        self.tok2 = self.login("teresa", "hackme")

        self.room1 = self.helper.create_room_as(room_creator=self.user1, tok=self.tok1)
        self.room2 = self.helper.create_room_as(room_creator=self.user1, tok=self.tok1)
        self.room3 = self.helper.create_room_as(room_creator=self.user1, tok=self.tok1)

    def test_spam_checker_may_join_room_deprecated(self) -> None:
        """Tests that the user_may_join_room spam checker callback is correctly called
        and blocks room joins when needed.

        This test uses the deprecated API, in which callbacks return booleans.
        """

        # Register a dummy callback. Make it allow all room joins for now.
        return_value = True

        async def user_may_join_room(
            userid: str,
            room_id: str,
            is_invited: bool,
        ) -> bool:
            return return_value

        # `spec` argument is needed for this function mock to have `__qualname__`, which
        # is needed for `Measure` metrics buried in SpamChecker.
        callback_mock = Mock(side_effect=user_may_join_room, spec=lambda *x: None)
        self.hs.get_module_api_callbacks().spam_checker._user_may_join_room_callbacks.append(
            callback_mock
        )

        # Join a first room, without being invited to it.
        self.helper.join(self.room1, self.user2, tok=self.tok2)

        # Check that the callback was called with the right arguments.
        expected_call_args = (
            (
                self.user2,
                self.room1,
                False,
            ),
        )
        self.assertEqual(
            callback_mock.call_args,
            expected_call_args,
            callback_mock.call_args,
        )

        # Join a second room, this time with an invite for it.
        self.helper.invite(self.room2, self.user1, self.user2, tok=self.tok1)
        self.helper.join(self.room2, self.user2, tok=self.tok2)

        # Check that the callback was called with the right arguments.
        expected_call_args = (
            (
                self.user2,
                self.room2,
                True,
            ),
        )
        self.assertEqual(
            callback_mock.call_args,
            expected_call_args,
            callback_mock.call_args,
        )

        # Now make the callback deny all room joins, and check that a join actually fails.
        return_value = False
        self.helper.join(
            self.room3, self.user2, expect_code=HTTPStatus.FORBIDDEN, tok=self.tok2
        )

    def test_spam_checker_may_join_room(self) -> None:
        """Tests that the user_may_join_room spam checker callback is correctly called
        and blocks room joins when needed.

        This test uses the latest API to this day, in which callbacks return `NOT_SPAM` or `Codes`.
        """

        # Register a dummy callback. Make it allow all room joins for now.
        return_value: Union[
            Literal["NOT_SPAM"], Tuple[Codes, dict], Codes
        ] = synapse.module_api.NOT_SPAM

        async def user_may_join_room(
            userid: str,
            room_id: str,
            is_invited: bool,
        ) -> Union[Literal["NOT_SPAM"], Tuple[Codes, dict], Codes]:
            return return_value

        # `spec` argument is needed for this function mock to have `__qualname__`, which
        # is needed for `Measure` metrics buried in SpamChecker.
        callback_mock = Mock(side_effect=user_may_join_room, spec=lambda *x: None)
        self.hs.get_module_api_callbacks().spam_checker._user_may_join_room_callbacks.append(
            callback_mock
        )

        # Join a first room, without being invited to it.
        self.helper.join(self.room1, self.user2, tok=self.tok2)

        # Check that the callback was called with the right arguments.
        expected_call_args = (
            (
                self.user2,
                self.room1,
                False,
            ),
        )
        self.assertEqual(
            callback_mock.call_args,
            expected_call_args,
            callback_mock.call_args,
        )

        # Join a second room, this time with an invite for it.
        self.helper.invite(self.room2, self.user1, self.user2, tok=self.tok1)
        self.helper.join(self.room2, self.user2, tok=self.tok2)

        # Check that the callback was called with the right arguments.
        expected_call_args = (
            (
                self.user2,
                self.room2,
                True,
            ),
        )
        self.assertEqual(
            callback_mock.call_args,
            expected_call_args,
            callback_mock.call_args,
        )

        # Now make the callback deny all room joins, and check that a join actually fails.
        # We pick an arbitrary Codes rather than the default `Codes.FORBIDDEN`.
        return_value = Codes.CONSENT_NOT_GIVEN
        self.helper.invite(self.room3, self.user1, self.user2, tok=self.tok1)
        self.helper.join(
            self.room3,
            self.user2,
            expect_code=HTTPStatus.FORBIDDEN,
            expect_errcode=return_value,
            tok=self.tok2,
        )

        # Now make the callback deny all room joins, and check that a join actually fails.
        # As above, with the experimental extension that lets us return dictionaries.
        return_value = (Codes.BAD_ALIAS, {"another_field": "12345"})
        self.helper.join(
            self.room3,
            self.user2,
            expect_code=HTTPStatus.FORBIDDEN,
            expect_errcode=return_value[0],
            tok=self.tok2,
            expect_additional_fields=return_value[1],
        )


class RoomAppserviceTsParamTestCase(unittest.HomeserverTestCase):
    servlets = [
        room.register_servlets,
        synapse.rest.admin.register_servlets,
        register.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.appservice_user, _ = self.register_appservice_user(
            "as_user_potato", self.appservice.token
        )

        # Create a room as the appservice user.
        args = {
            "access_token": self.appservice.token,
            "user_id": self.appservice_user,
        }
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/createRoom?{urlparse.urlencode(args)}",
            content={"visibility": "public"},
        )

        assert channel.code == 200
        self.room = channel.json_body["room_id"]

        self.main_store = self.hs.get_datastores().main

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        config = self.default_config()

        self.appservice = ApplicationService(
            token="i_am_an_app_service",
            id="1234",
            namespaces={"users": [{"regex": r"@as_user.*", "exclusive": True}]},
            # Note: this user does not have to match the regex above
            sender="@as_main:test",
        )

        mock_load_appservices = Mock(return_value=[self.appservice])
        with patch(
            "synapse.storage.databases.main.appservice.load_appservices",
            mock_load_appservices,
        ):
            hs = self.setup_test_homeserver(config=config)
        return hs

    def test_send_event_ts(self) -> None:
        """Test sending a non-state event with a custom timestamp."""
        ts = 1

        url_params = {
            "user_id": self.appservice_user,
            "ts": ts,
        }
        channel = self.make_request(
            "PUT",
            path=f"/_matrix/client/r0/rooms/{self.room}/send/m.room.message/1234?"
            + urlparse.urlencode(url_params),
            content={"body": "test", "msgtype": "m.text"},
            access_token=self.appservice.token,
        )
        self.assertEqual(channel.code, 200, channel.json_body)
        event_id = channel.json_body["event_id"]

        # Ensure the event was persisted with the correct timestamp.
        res = self.get_success(self.main_store.get_event(event_id))
        self.assertEqual(ts, res.origin_server_ts)

    def test_send_state_event_ts(self) -> None:
        """Test sending a state event with a custom timestamp."""
        ts = 1

        url_params = {
            "user_id": self.appservice_user,
            "ts": ts,
        }
        channel = self.make_request(
            "PUT",
            path=f"/_matrix/client/r0/rooms/{self.room}/state/m.room.name?"
            + urlparse.urlencode(url_params),
            content={"name": "test"},
            access_token=self.appservice.token,
        )
        self.assertEqual(channel.code, 200, channel.json_body)
        event_id = channel.json_body["event_id"]

        # Ensure the event was persisted with the correct timestamp.
        res = self.get_success(self.main_store.get_event(event_id))
        self.assertEqual(ts, res.origin_server_ts)

    def test_send_membership_event_ts(self) -> None:
        """Test sending a membership event with a custom timestamp."""
        ts = 1

        url_params = {
            "user_id": self.appservice_user,
            "ts": ts,
        }
        channel = self.make_request(
            "PUT",
            path=f"/_matrix/client/r0/rooms/{self.room}/state/m.room.member/{self.appservice_user}?"
            + urlparse.urlencode(url_params),
            content={"membership": "join", "display_name": "test"},
            access_token=self.appservice.token,
        )
        self.assertEqual(channel.code, 200, channel.json_body)
        event_id = channel.json_body["event_id"]

        # Ensure the event was persisted with the correct timestamp.
        res = self.get_success(self.main_store.get_event(event_id))
        self.assertEqual(ts, res.origin_server_ts)


class RoomJoinRatelimitTestCase(RoomBase):
    user_id = "@sid1:red"

    servlets = [
        admin.register_servlets,
        profile.register_servlets,
        room.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        super().prepare(reactor, clock, hs)
        # profile changes expect that the user is actually registered
        user = UserID.from_string(self.user_id)
        self.register_user(user.localpart, "supersecretpassword")

    @unittest.override_config(
        {"rc_joins": {"local": {"per_second": 0.5, "burst_count": 3}}}
    )
    def test_join_local_ratelimit(self) -> None:
        """Tests that local joins are actually rate-limited."""
        # Create 4 rooms
        room_ids = [
            self.helper.create_room_as(self.user_id, is_public=True) for _ in range(4)
        ]

        joiner_user_id = self.register_user("joiner", "secret")
        # Now make a new user try to join some of them.

        # The user can join 3 rooms
        for room_id in room_ids[0:3]:
            self.helper.join(room_id, joiner_user_id)

        # But the user cannot join a 4th room
        self.helper.join(
            room_ids[3], joiner_user_id, expect_code=HTTPStatus.TOO_MANY_REQUESTS
        )

    @unittest.override_config(
        {"rc_joins": {"local": {"per_second": 0.5, "burst_count": 3}}}
    )
    def test_join_local_ratelimit_profile_change(self) -> None:
        """Tests that sending a profile update into all of the user's joined rooms isn't
        rate-limited by the rate-limiter on joins."""

        # Create and join as many rooms as the rate-limiting config allows in a second.
        room_ids = [
            self.helper.create_room_as(self.user_id),
            self.helper.create_room_as(self.user_id),
            self.helper.create_room_as(self.user_id),
        ]
        # Let some time for the rate-limiter to forget about our multi-join.
        self.reactor.advance(2)
        # Add one to make sure we're joined to more rooms than the config allows us to
        # join in a second.
        room_ids.append(self.helper.create_room_as(self.user_id))

        # Update the display name for the user.
        path = "/_matrix/client/r0/profile/%s/displayname" % self.user_id
        channel = self.make_request("PUT", path, {"displayname": "John Doe"})
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        # Check that all the rooms have been sent a profile update into.
        for room_id in room_ids:
            path = "/_matrix/client/r0/rooms/%s/state/m.room.member/%s" % (
                room_id,
                self.user_id,
            )

            channel = self.make_request("GET", path)
            self.assertEqual(channel.code, 200)

            self.assertIn("displayname", channel.json_body)
            self.assertEqual(channel.json_body["displayname"], "John Doe")

    @unittest.override_config(
        {"rc_joins": {"local": {"per_second": 0.5, "burst_count": 3}}}
    )
    def test_join_local_ratelimit_idempotent(self) -> None:
        """Tests that the room join endpoints remain idempotent despite rate-limiting
        on room joins."""
        room_id = self.helper.create_room_as(self.user_id)

        # Let's test both paths to be sure.
        paths_to_test = [
            "/_matrix/client/r0/rooms/%s/join",
            "/_matrix/client/r0/join/%s",
        ]

        for path in paths_to_test:
            # Make sure we send more requests than the rate-limiting config would allow
            # if all of these requests ended up joining the user to a room.
            for _ in range(4):
                channel = self.make_request("POST", path % room_id, {})
                self.assertEqual(channel.code, 200)

    @unittest.override_config(
        {
            "rc_joins": {"local": {"per_second": 0.5, "burst_count": 3}},
            "auto_join_rooms": ["#room:red", "#room2:red", "#room3:red", "#room4:red"],
            "autocreate_auto_join_rooms": True,
        },
    )
    def test_autojoin_rooms(self) -> None:
        user_id = self.register_user("testuser", "password")

        # Check that the new user successfully joined the four rooms
        rooms = self.get_success(
            self.hs.get_datastores().main.get_rooms_for_user(user_id)
        )
        self.assertEqual(len(rooms), 4)


class RoomMessagesTestCase(RoomBase):
    """Tests /rooms/$room_id/messages/$user_id/$msg_id REST events."""

    user_id = "@sid1:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.room_id = self.helper.create_room_as(self.user_id)

    def test_invalid_puts(self) -> None:
        path = "/rooms/%s/send/m.room.message/mid1" % (urlparse.quote(self.room_id))
        # missing keys or invalid json
        channel = self.make_request("PUT", path, b"{}")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b'{"_name":"bo"}')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b'{"nao')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b'[{"_name":"bo"},{"_name":"jill"}]')
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b"text only")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        channel = self.make_request("PUT", path, b"")
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

    def test_rooms_messages_sent(self) -> None:
        path = "/rooms/%s/send/m.room.message/mid1" % (urlparse.quote(self.room_id))

        content = b'{"body":"test","msgtype":{"type":"a"}}'
        channel = self.make_request("PUT", path, content)
        self.assertEqual(
            HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
        )

        # custom message types
        content = b'{"body":"test","msgtype":"test.custom.text"}'
        channel = self.make_request("PUT", path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

        # m.text message type
        path = "/rooms/%s/send/m.room.message/mid2" % (urlparse.quote(self.room_id))
        content = b'{"body":"test2","msgtype":"m.text"}'
        channel = self.make_request("PUT", path, content)
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

    @parameterized.expand(
        [
            # Allow
            param(
                name="NOT_SPAM",
                value="NOT_SPAM",
                expected_code=HTTPStatus.OK,
                expected_fields={},
            ),
            param(
                name="False",
                value=False,
                expected_code=HTTPStatus.OK,
                expected_fields={},
            ),
            # Block
            param(
                name="scalene string",
                value="ANY OTHER STRING",
                expected_code=HTTPStatus.FORBIDDEN,
                expected_fields={"errcode": "M_FORBIDDEN"},
            ),
            param(
                name="True",
                value=True,
                expected_code=HTTPStatus.FORBIDDEN,
                expected_fields={"errcode": "M_FORBIDDEN"},
            ),
            param(
                name="Code",
                value=Codes.LIMIT_EXCEEDED,
                expected_code=HTTPStatus.FORBIDDEN,
                expected_fields={"errcode": "M_LIMIT_EXCEEDED"},
            ),
            param(
                name="Tuple",
                value=(Codes.SERVER_NOT_TRUSTED, {"additional_field": "12345"}),
                expected_code=HTTPStatus.FORBIDDEN,
                expected_fields={
                    "errcode": "M_SERVER_NOT_TRUSTED",
                    "additional_field": "12345",
                },
            ),
        ]
    )
    def test_spam_checker_check_event_for_spam(
        self,
        name: str,
        value: Union[str, bool, Codes, Tuple[Codes, JsonDict]],
        expected_code: int,
        expected_fields: dict,
    ) -> None:
        class SpamCheck:
            mock_return_value: Union[
                str, bool, Codes, Tuple[Codes, JsonDict], bool
            ] = "NOT_SPAM"
            mock_content: Optional[JsonDict] = None

            async def check_event_for_spam(
                self,
                event: synapse.events.EventBase,
            ) -> Union[str, Codes, Tuple[Codes, JsonDict], bool]:
                self.mock_content = event.content
                return self.mock_return_value

        spam_checker = SpamCheck()

        self.hs.get_module_api_callbacks().spam_checker._check_event_for_spam_callbacks.append(
            spam_checker.check_event_for_spam
        )

        # Inject `value` as mock_return_value
        spam_checker.mock_return_value = value
        path = "/rooms/%s/send/m.room.message/check_event_for_spam_%s" % (
            urlparse.quote(self.room_id),
            urlparse.quote(name),
        )
        body = "test-%s" % name
        content = '{"body":"%s","msgtype":"m.text"}' % body
        channel = self.make_request("PUT", path, content)

        # Check that the callback has witnessed the correct event.
        self.assertIsNotNone(spam_checker.mock_content)
        if (
            spam_checker.mock_content is not None
        ):  # Checked just above, but mypy doesn't know about that.
            self.assertEqual(
                spam_checker.mock_content["body"], body, spam_checker.mock_content
            )

        # Check that we have the correct result.
        self.assertEqual(expected_code, channel.code, msg=channel.result["body"])
        for expected_key, expected_value in expected_fields.items():
            self.assertEqual(
                channel.json_body.get(expected_key, None),
                expected_value,
                "Field %s absent or invalid " % expected_key,
            )


class RoomPowerLevelOverridesTestCase(RoomBase):
    """Tests that the power levels can be overridden with server config."""

    user_id = "@sid1:red"

    servlets = [
        admin.register_servlets,
        room.register_servlets,
        login.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.admin_user_id = self.register_user("admin", "pass")
        self.admin_access_token = self.login("admin", "pass")

    def power_levels(self, room_id: str) -> Dict[str, Any]:
        return self.helper.get_state(
            room_id, "m.room.power_levels", self.admin_access_token
        )

    def test_default_power_levels_with_room_override(self) -> None:
        """
        Create a room, providing power level overrides.
        Confirm that the room's power levels reflect the overrides.

        See https://github.com/matrix-org/matrix-spec/issues/492
        - currently we overwrite each key of power_level_content_override
        completely.
        """

        room_id = self.helper.create_room_as(
            self.user_id,
            extra_content={
                "power_level_content_override": {"events": {"custom.event": 0}}
            },
        )
        self.assertEqual(
            {
                "custom.event": 0,
            },
            self.power_levels(room_id)["events"],
        )

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {"events": {"custom.event": 0}},
            }
        },
    )
    def test_power_levels_with_server_override(self) -> None:
        """
        With a server configured to modify the room-level defaults,
        Create a room, without providing any extra power level overrides.
        Confirm that the room's power levels reflect the server-level overrides.

        Similar to https://github.com/matrix-org/matrix-spec/issues/492,
        we overwrite each key of power_level_content_override completely.
        """

        room_id = self.helper.create_room_as(self.user_id)
        self.assertEqual(
            {
                "custom.event": 0,
            },
            self.power_levels(room_id)["events"],
        )

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {
                    "events": {"server.event": 0},
                    "ban": 13,
                },
            }
        },
    )
    def test_power_levels_with_server_and_room_overrides(self) -> None:
        """
        With a server configured to modify the room-level defaults,
        create a room, providing different overrides.
        Confirm that the room's power levels reflect both overrides, and
        choose the room overrides where they clash.
        """

        room_id = self.helper.create_room_as(
            self.user_id,
            extra_content={
                "power_level_content_override": {"events": {"room.event": 0}}
            },
        )

        # Room override wins over server config
        self.assertEqual(
            {"room.event": 0},
            self.power_levels(room_id)["events"],
        )

        # But where there is no room override, server config wins
        self.assertEqual(13, self.power_levels(room_id)["ban"])


class RoomPowerLevelOverridesInPracticeTestCase(RoomBase):
    """
    Tests that we can really do various otherwise-prohibited actions
    based on overriding the power levels in config.
    """

    user_id = "@sid1:red"

    def test_creator_can_post_state_event(self) -> None:
        # Given I am the creator of a room
        room_id = self.helper.create_room_as(self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am allowed
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

    def test_normal_user_can_not_post_state_event(self) -> None:
        # Given I am a normal member of a room
        room_id = self.helper.create_room_as("@some_other_guy:red")
        self.helper.join(room=room_id, user=self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am not allowed because state events require PL>=50
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        self.assertEqual(
            "You don't have permission to post that to the room. "
            "user_level (0) < send_level (50)",
            channel.json_body["error"],
        )

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {"events": {"custom.event": 0}},
            }
        },
    )
    def test_with_config_override_normal_user_can_post_state_event(self) -> None:
        # Given the server has config allowing normal users to post my event type,
        # and I am a normal member of a room
        room_id = self.helper.create_room_as("@some_other_guy:red")
        self.helper.join(room=room_id, user=self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am allowed
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {"events": {"custom.event": 0}},
            }
        },
    )
    def test_any_room_override_defeats_config_override(self) -> None:
        # Given the server has config allowing normal users to post my event type
        # And I am a normal member of a room
        # But the room was created with special permissions
        extra_content: Dict[str, Any] = {
            "power_level_content_override": {"events": {}},
        }
        room_id = self.helper.create_room_as(
            "@some_other_guy:red", extra_content=extra_content
        )
        self.helper.join(room=room_id, user=self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am not allowed
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {"events": {"custom.event": 0}},
            }
        },
    )
    def test_specific_room_override_defeats_config_override(self) -> None:
        # Given the server has config allowing normal users to post my event type,
        # and I am a normal member of a room,
        # but the room was created with special permissions for this event type
        extra_content = {
            "power_level_content_override": {"events": {"custom.event": 1}},
        }
        room_id = self.helper.create_room_as(
            "@some_other_guy:red", extra_content=extra_content
        )
        self.helper.join(room=room_id, user=self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am not allowed
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        self.assertEqual(
            "You don't have permission to post that to the room. "
            + "user_level (0) < send_level (1)",
            channel.json_body["error"],
        )

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "public_chat": {"events": {"custom.event": 0}},
                "private_chat": None,
                "trusted_private_chat": None,
            }
        },
    )
    def test_config_override_applies_only_to_specific_preset(self) -> None:
        # Given the server has config for public_chats,
        # and I am a normal member of a private_chat room
        room_id = self.helper.create_room_as("@some_other_guy:red", is_public=False)
        self.helper.invite(room=room_id, src="@some_other_guy:red", targ=self.user_id)
        self.helper.join(room=room_id, user=self.user_id)

        # When I send a state event
        path = "/rooms/{room_id}/state/custom.event/my_state_key".format(
            room_id=urlparse.quote(room_id),
        )
        channel = self.make_request("PUT", path, "{}")

        # Then I am not allowed because the public_chat config does not
        # affect this room, because this room is a private_chat
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        self.assertEqual(
            "You don't have permission to post that to the room. "
            + "user_level (0) < send_level (50)",
            channel.json_body["error"],
        )

    @unittest.override_config(
        {
            "default_power_level_content_override": {
                "private_chat": {
                    "events": {
                        "m.room.avatar": 50,
                        "m.room.canonical_alias": 50,
                        "m.room.encryption": 999,
                        "m.room.history_visibility": 100,
                        "m.room.name": 50,
                        "m.room.power_levels": 100,
                        "m.room.server_acl": 100,
                        "m.room.tombstone": 100,
                    },
                    "events_default": 0,
                },
            }
        },
    )
    def test_config_override_blocks_encrypted_room(self) -> None:
        # Given the server has config for private_chats,

        # When I attempt to create an encrypted private_chat room
        channel = self.make_request(
            "POST",
            "/createRoom",
            '{"creation_content": {"m.federate": false},"name": "Secret Private Room","preset": "private_chat","initial_state": [{"type": "m.room.encryption","state_key": "","content": {"algorithm": "m.megolm.v1.aes-sha2"}}]}',
        )

        # Then I am not allowed because the required power level is unattainable
        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.result["body"])
        self.assertEqual(
            "You cannot create an encrypted room. "
            + "user_level (100) < send_level (999)",
            channel.json_body["error"],
        )


class RoomInitialSyncTestCase(RoomBase):
    """Tests /rooms/$room_id/initialSync."""

    user_id = "@sid1:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        # create the room
        self.room_id = self.helper.create_room_as(self.user_id)

    def test_initial_sync(self) -> None:
        channel = self.make_request("GET", "/rooms/%s/initialSync" % self.room_id)
        self.assertEqual(HTTPStatus.OK, channel.code)

        self.assertEqual(self.room_id, channel.json_body["room_id"])
        self.assertEqual("join", channel.json_body["membership"])

        # Room state is easier to assert on if we unpack it into a dict
        state: JsonDict = {}
        for event in channel.json_body["state"]:
            if "state_key" not in event:
                continue
            t = event["type"]
            if t not in state:
                state[t] = []
            state[t].append(event)

        self.assertTrue("m.room.create" in state)

        self.assertTrue("messages" in channel.json_body)
        self.assertTrue("chunk" in channel.json_body["messages"])
        self.assertTrue("end" in channel.json_body["messages"])

        self.assertTrue("presence" in channel.json_body)

        presence_by_user = {
            e["content"]["user_id"]: e for e in channel.json_body["presence"]
        }
        self.assertTrue(self.user_id in presence_by_user)
        self.assertEqual(EduTypes.PRESENCE, presence_by_user[self.user_id]["type"])


class RoomMessageListTestCase(RoomBase):
    """Tests /rooms/$room_id/messages REST events."""

    user_id = "@sid1:red"

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.room_id = self.helper.create_room_as(self.user_id)

    def test_topo_token_is_accepted(self) -> None:
        token = "t1-0_0_0_0_0_0_0_0_0_0"
        channel = self.make_request(
            "GET", "/rooms/%s/messages?access_token=x&from=%s" % (self.room_id, token)
        )
        self.assertEqual(HTTPStatus.OK, channel.code)
        self.assertTrue("start" in channel.json_body)
        self.assertEqual(token, channel.json_body["start"])
        self.assertTrue("chunk" in channel.json_body)
        self.assertTrue("end" in channel.json_body)

    def test_stream_token_is_accepted_for_fwd_pagianation(self) -> None:
        token = "s0_0_0_0_0_0_0_0_0_0"
        channel = self.make_request(
            "GET", "/rooms/%s/messages?access_token=x&from=%s" % (self.room_id, token)
        )
        self.assertEqual(HTTPStatus.OK, channel.code)
        self.assertTrue("start" in channel.json_body)
        self.assertEqual(token, channel.json_body["start"])
        self.assertTrue("chunk" in channel.json_body)
        self.assertTrue("end" in channel.json_body)

    def test_room_messages_purge(self) -> None:
        store = self.hs.get_datastores().main
        pagination_handler = self.hs.get_pagination_handler()

        # Send a first message in the room, which will be removed by the purge.
        first_event_id = self.helper.send(self.room_id, "message 1")["event_id"]
        first_token = self.get_success(
            store.get_topological_token_for_event(first_event_id)
        )
        first_token_str = self.get_success(first_token.to_string(store))

        # Send a second message in the room, which won't be removed, and which we'll
        # use as the marker to purge events before.
        second_event_id = self.helper.send(self.room_id, "message 2")["event_id"]
        second_token = self.get_success(
            store.get_topological_token_for_event(second_event_id)
        )
        second_token_str = self.get_success(second_token.to_string(store))

        # Send a third event in the room to ensure we don't fall under any edge case
        # due to our marker being the latest forward extremity in the room.
        self.helper.send(self.room_id, "message 3")

        # Check that we get the first and second message when querying /messages.
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=x&from=%s&dir=b&filter=%s"
            % (
                self.room_id,
                second_token_str,
                json.dumps({"types": [EventTypes.Message]}),
            ),
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        chunk = channel.json_body["chunk"]
        self.assertEqual(len(chunk), 2, [event["content"] for event in chunk])

        # Purge every event before the second event.
        purge_id = random_string(16)
        pagination_handler._purges_by_id[purge_id] = PurgeStatus()
        self.get_success(
            pagination_handler._purge_history(
                purge_id=purge_id,
                room_id=self.room_id,
                token=second_token_str,
                delete_local_events=True,
            )
        )

        # Check that we only get the second message through /message now that the first
        # has been purged.
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=x&from=%s&dir=b&filter=%s"
            % (
                self.room_id,
                second_token_str,
                json.dumps({"types": [EventTypes.Message]}),
            ),
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        chunk = channel.json_body["chunk"]
        self.assertEqual(len(chunk), 1, [event["content"] for event in chunk])

        # Check that we get no event, but also no error, when querying /messages with
        # the token that was pointing at the first event, because we don't have it
        # anymore.
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=x&from=%s&dir=b&filter=%s"
            % (
                self.room_id,
                first_token_str,
                json.dumps({"types": [EventTypes.Message]}),
            ),
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)

        chunk = channel.json_body["chunk"]
        self.assertEqual(len(chunk), 0, [event["content"] for event in chunk])


class RoomSearchTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
    ]
    user_id = True
    hijack_auth = False

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        # Register the user who does the searching
        self.user_id2 = self.register_user("user", "pass")
        self.access_token = self.login("user", "pass")

        # Register the user who sends the message
        self.other_user_id = self.register_user("otheruser", "pass")
        self.other_access_token = self.login("otheruser", "pass")

        # Create a room
        self.room = self.helper.create_room_as(self.user_id2, tok=self.access_token)

        # Invite the other person
        self.helper.invite(
            room=self.room,
            src=self.user_id2,
            tok=self.access_token,
            targ=self.other_user_id,
        )

        # The other user joins
        self.helper.join(
            room=self.room, user=self.other_user_id, tok=self.other_access_token
        )

    def test_finds_message(self) -> None:
        """
        The search functionality will search for content in messages if asked to
        do so.
        """
        # The other user sends some messages
        self.helper.send(self.room, body="Hi!", tok=self.other_access_token)
        self.helper.send(self.room, body="There!", tok=self.other_access_token)

        channel = self.make_request(
            "POST",
            "/search?access_token=%s" % (self.access_token,),
            {
                "search_categories": {
                    "room_events": {"keys": ["content.body"], "search_term": "Hi"}
                }
            },
        )

        # Check we get the results we expect -- one search result, of the sent
        # messages
        self.assertEqual(channel.code, 200)
        results = channel.json_body["search_categories"]["room_events"]
        self.assertEqual(results["count"], 1)
        self.assertEqual(results["results"][0]["result"]["content"]["body"], "Hi!")

        # No context was requested, so we should get none.
        self.assertEqual(results["results"][0]["context"], {})

    def test_include_context(self) -> None:
        """
        When event_context includes include_profile, profile information will be
        included in the search response.
        """
        # The other user sends some messages
        self.helper.send(self.room, body="Hi!", tok=self.other_access_token)
        self.helper.send(self.room, body="There!", tok=self.other_access_token)

        channel = self.make_request(
            "POST",
            "/search?access_token=%s" % (self.access_token,),
            {
                "search_categories": {
                    "room_events": {
                        "keys": ["content.body"],
                        "search_term": "Hi",
                        "event_context": {"include_profile": True},
                    }
                }
            },
        )

        # Check we get the results we expect -- one search result, of the sent
        # messages
        self.assertEqual(channel.code, 200)
        results = channel.json_body["search_categories"]["room_events"]
        self.assertEqual(results["count"], 1)
        self.assertEqual(results["results"][0]["result"]["content"]["body"], "Hi!")

        # We should get context info, like the two users, and the display names.
        context = results["results"][0]["context"]
        self.assertEqual(len(context["profile_info"].keys()), 2)
        self.assertEqual(
            context["profile_info"][self.other_user_id]["displayname"], "otheruser"
        )


class PublicRoomsRestrictedTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
    ]

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        self.url = b"/_matrix/client/r0/publicRooms"

        config = self.default_config()
        config["allow_public_rooms_without_auth"] = False
        self.hs = self.setup_test_homeserver(config=config)

        return self.hs

    def test_restricted_no_auth(self) -> None:
        channel = self.make_request("GET", self.url)
        self.assertEqual(channel.code, HTTPStatus.UNAUTHORIZED, channel.result)

    def test_restricted_auth(self) -> None:
        self.register_user("user", "pass")
        tok = self.login("user", "pass")

        channel = self.make_request("GET", self.url, access_token=tok)
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)


class PublicRoomsRoomTypeFilterTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
    ]

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        config = self.default_config()
        config["allow_public_rooms_without_auth"] = True
        self.hs = self.setup_test_homeserver(config=config)
        self.url = b"/_matrix/client/r0/publicRooms"

        return self.hs

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        user = self.register_user("alice", "pass")
        self.token = self.login(user, "pass")

        # Create a room
        self.helper.create_room_as(
            user,
            is_public=True,
            extra_content={"visibility": "public"},
            tok=self.token,
        )
        # Create a space
        self.helper.create_room_as(
            user,
            is_public=True,
            extra_content={
                "visibility": "public",
                "creation_content": {EventContentFields.ROOM_TYPE: RoomTypes.SPACE},
            },
            tok=self.token,
        )

    def make_public_rooms_request(
        self,
        room_types: Optional[List[Union[str, None]]],
        instance_id: Optional[str] = None,
    ) -> Tuple[List[Dict[str, Any]], int]:
        body: JsonDict = {"filter": {PublicRoomsFilterFields.ROOM_TYPES: room_types}}
        if instance_id:
            body["third_party_instance_id"] = "test|test"

        channel = self.make_request("POST", self.url, body, self.token)
        self.assertEqual(channel.code, 200)

        chunk = channel.json_body["chunk"]
        count = channel.json_body["total_room_count_estimate"]

        self.assertEqual(len(chunk), count)

        return chunk, count

    def test_returns_both_rooms_and_spaces_if_no_filter(self) -> None:
        chunk, count = self.make_public_rooms_request(None)
        self.assertEqual(count, 2)

        # Also check if there's no filter property at all in the body.
        channel = self.make_request("POST", self.url, {}, self.token)
        self.assertEqual(channel.code, 200)
        self.assertEqual(len(channel.json_body["chunk"]), 2)
        self.assertEqual(channel.json_body["total_room_count_estimate"], 2)

        chunk, count = self.make_public_rooms_request(None, "test|test")
        self.assertEqual(count, 0)

    def test_returns_only_rooms_based_on_filter(self) -> None:
        chunk, count = self.make_public_rooms_request([None])

        self.assertEqual(count, 1)
        self.assertEqual(chunk[0].get("room_type", None), None)

        chunk, count = self.make_public_rooms_request([None], "test|test")
        self.assertEqual(count, 0)

    def test_returns_only_space_based_on_filter(self) -> None:
        chunk, count = self.make_public_rooms_request(["m.space"])

        self.assertEqual(count, 1)
        self.assertEqual(chunk[0].get("room_type", None), "m.space")

        chunk, count = self.make_public_rooms_request(["m.space"], "test|test")
        self.assertEqual(count, 0)

    def test_returns_both_rooms_and_space_based_on_filter(self) -> None:
        chunk, count = self.make_public_rooms_request(["m.space", None])
        self.assertEqual(count, 2)

        chunk, count = self.make_public_rooms_request(["m.space", None], "test|test")
        self.assertEqual(count, 0)

    def test_returns_both_rooms_and_spaces_if_array_is_empty(self) -> None:
        chunk, count = self.make_public_rooms_request([])
        self.assertEqual(count, 2)

        chunk, count = self.make_public_rooms_request([], "test|test")
        self.assertEqual(count, 0)


class PublicRoomsTestRemoteSearchFallbackTestCase(unittest.HomeserverTestCase):
    """Test that we correctly fallback to local filtering if a remote server
    doesn't support search.
    """

    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
    ]

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        return self.setup_test_homeserver(federation_client=AsyncMock())

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.register_user("user", "pass")
        self.token = self.login("user", "pass")

        self.federation_client = hs.get_federation_client()

    def test_simple(self) -> None:
        "Simple test for searching rooms over federation"
        self.federation_client.get_public_rooms.return_value = {}  # type: ignore[attr-defined]

        search_filter = {PublicRoomsFilterFields.GENERIC_SEARCH_TERM: "foobar"}

        channel = self.make_request(
            "POST",
            b"/_matrix/client/r0/publicRooms?server=testserv",
            content={"filter": search_filter},
            access_token=self.token,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self.federation_client.get_public_rooms.assert_called_once_with(  # type: ignore[attr-defined]
            "testserv",
            limit=100,
            since_token=None,
            search_filter=search_filter,
            include_all_networks=False,
            third_party_instance_id=None,
        )

    def test_fallback(self) -> None:
        "Test that searching public rooms over federation falls back if it gets a 404"

        # The `get_public_rooms` should be called again if the first call fails
        # with a 404, when using search filters.
        self.federation_client.get_public_rooms.side_effect = (  # type: ignore[attr-defined]
            HttpResponseException(HTTPStatus.NOT_FOUND, "Not Found", b""),
            {},
        )

        search_filter = {PublicRoomsFilterFields.GENERIC_SEARCH_TERM: "foobar"}

        channel = self.make_request(
            "POST",
            b"/_matrix/client/r0/publicRooms?server=testserv",
            content={"filter": search_filter},
            access_token=self.token,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self.federation_client.get_public_rooms.assert_has_calls(  # type: ignore[attr-defined]
            [
                call(
                    "testserv",
                    limit=100,
                    since_token=None,
                    search_filter=search_filter,
                    include_all_networks=False,
                    third_party_instance_id=None,
                ),
                call(
                    "testserv",
                    limit=None,
                    since_token=None,
                    search_filter=None,
                    include_all_networks=False,
                    third_party_instance_id=None,
                ),
            ]
        )


class PerRoomProfilesForbiddenTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
        profile.register_servlets,
    ]

    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
        config = self.default_config()
        config["allow_per_room_profiles"] = False
        self.hs = self.setup_test_homeserver(config=config)

        return self.hs

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.user_id = self.register_user("test", "test")
        self.tok = self.login("test", "test")

        # Set a profile for the test user
        self.displayname = "test user"
        request_data = {"displayname": self.displayname}
        channel = self.make_request(
            "PUT",
            "/_matrix/client/r0/profile/%s/displayname" % (self.user_id,),
            request_data,
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self.room_id = self.helper.create_room_as(self.user_id, tok=self.tok)

    def test_per_room_profile_forbidden(self) -> None:
        request_data = {"membership": "join", "displayname": "other test user"}
        channel = self.make_request(
            "PUT",
            "/_matrix/client/r0/rooms/%s/state/m.room.member/%s"
            % (self.room_id, self.user_id),
            request_data,
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)
        event_id = channel.json_body["event_id"]

        channel = self.make_request(
            "GET",
            "/_matrix/client/r0/rooms/%s/event/%s" % (self.room_id, event_id),
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        res_displayname = channel.json_body["content"]["displayname"]
        self.assertEqual(res_displayname, self.displayname, channel.result)


class RoomMembershipReasonTestCase(unittest.HomeserverTestCase):
    """Tests that clients can add a "reason" field to membership events and
    that they get correctly added to the generated events and propagated.
    """

    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.creator = self.register_user("creator", "test")
        self.creator_tok = self.login("creator", "test")

        self.second_user_id = self.register_user("second", "test")
        self.second_tok = self.login("second", "test")

        self.room_id = self.helper.create_room_as(self.creator, tok=self.creator_tok)

    def test_join_reason(self) -> None:
        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/join",
            content={"reason": reason},
            access_token=self.second_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_leave_reason(self) -> None:
        self.helper.join(self.room_id, user=self.second_user_id, tok=self.second_tok)

        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/leave",
            content={"reason": reason},
            access_token=self.second_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_kick_reason(self) -> None:
        self.helper.join(self.room_id, user=self.second_user_id, tok=self.second_tok)

        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/kick",
            content={"reason": reason, "user_id": self.second_user_id},
            access_token=self.second_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_ban_reason(self) -> None:
        self.helper.join(self.room_id, user=self.second_user_id, tok=self.second_tok)

        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/ban",
            content={"reason": reason, "user_id": self.second_user_id},
            access_token=self.creator_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_unban_reason(self) -> None:
        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/unban",
            content={"reason": reason, "user_id": self.second_user_id},
            access_token=self.creator_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_invite_reason(self) -> None:
        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/invite",
            content={"reason": reason, "user_id": self.second_user_id},
            access_token=self.creator_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def test_reject_invite_reason(self) -> None:
        self.helper.invite(
            self.room_id,
            src=self.creator,
            targ=self.second_user_id,
            tok=self.creator_tok,
        )

        reason = "hello"
        channel = self.make_request(
            "POST",
            f"/_matrix/client/r0/rooms/{self.room_id}/leave",
            content={"reason": reason},
            access_token=self.second_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        self._check_for_reason(reason)

    def _check_for_reason(self, reason: str) -> None:
        channel = self.make_request(
            "GET",
            "/_matrix/client/r0/rooms/{}/state/m.room.member/{}".format(
                self.room_id, self.second_user_id
            ),
            access_token=self.creator_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        event_content = channel.json_body

        self.assertEqual(event_content.get("reason"), reason, channel.result)


class LabelsTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
        profile.register_servlets,
    ]

    # Filter that should only catch messages with the label "#fun".
    FILTER_LABELS = {
        "types": [EventTypes.Message],
        "org.matrix.labels": ["#fun"],
    }
    # Filter that should only catch messages without the label "#fun".
    FILTER_NOT_LABELS = {
        "types": [EventTypes.Message],
        "org.matrix.not_labels": ["#fun"],
    }
    # Filter that should only catch messages with the label "#work" but without the label
    # "#notfun".
    FILTER_LABELS_NOT_LABELS = {
        "types": [EventTypes.Message],
        "org.matrix.labels": ["#work"],
        "org.matrix.not_labels": ["#notfun"],
    }

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.user_id = self.register_user("test", "test")
        self.tok = self.login("test", "test")
        self.room_id = self.helper.create_room_as(self.user_id, tok=self.tok)

    def test_context_filter_labels(self) -> None:
        """Test that we can filter by a label on a /context request."""
        event_id = self._send_labelled_messages_in_room()

        channel = self.make_request(
            "GET",
            "/rooms/%s/context/%s?filter=%s"
            % (self.room_id, event_id, json.dumps(self.FILTER_LABELS)),
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        events_before = channel.json_body["events_before"]

        self.assertEqual(
            len(events_before), 1, [event["content"] for event in events_before]
        )
        self.assertEqual(
            events_before[0]["content"]["body"], "with right label", events_before[0]
        )

        events_after = channel.json_body["events_before"]

        self.assertEqual(
            len(events_after), 1, [event["content"] for event in events_after]
        )
        self.assertEqual(
            events_after[0]["content"]["body"], "with right label", events_after[0]
        )

    def test_context_filter_not_labels(self) -> None:
        """Test that we can filter by the absence of a label on a /context request."""
        event_id = self._send_labelled_messages_in_room()

        channel = self.make_request(
            "GET",
            "/rooms/%s/context/%s?filter=%s"
            % (self.room_id, event_id, json.dumps(self.FILTER_NOT_LABELS)),
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        events_before = channel.json_body["events_before"]

        self.assertEqual(
            len(events_before), 1, [event["content"] for event in events_before]
        )
        self.assertEqual(
            events_before[0]["content"]["body"], "without label", events_before[0]
        )

        events_after = channel.json_body["events_after"]

        self.assertEqual(
            len(events_after), 2, [event["content"] for event in events_after]
        )
        self.assertEqual(
            events_after[0]["content"]["body"], "with wrong label", events_after[0]
        )
        self.assertEqual(
            events_after[1]["content"]["body"], "with two wrong labels", events_after[1]
        )

    def test_context_filter_labels_not_labels(self) -> None:
        """Test that we can filter by both a label and the absence of another label on a
        /context request.
        """
        event_id = self._send_labelled_messages_in_room()

        channel = self.make_request(
            "GET",
            "/rooms/%s/context/%s?filter=%s"
            % (self.room_id, event_id, json.dumps(self.FILTER_LABELS_NOT_LABELS)),
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        events_before = channel.json_body["events_before"]

        self.assertEqual(
            len(events_before), 0, [event["content"] for event in events_before]
        )

        events_after = channel.json_body["events_after"]

        self.assertEqual(
            len(events_after), 1, [event["content"] for event in events_after]
        )
        self.assertEqual(
            events_after[0]["content"]["body"], "with wrong label", events_after[0]
        )

    def test_messages_filter_labels(self) -> None:
        """Test that we can filter by a label on a /messages request."""
        self._send_labelled_messages_in_room()

        token = "s0_0_0_0_0_0_0_0_0_0"
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=%s&from=%s&filter=%s"
            % (self.room_id, self.tok, token, json.dumps(self.FILTER_LABELS)),
        )

        events = channel.json_body["chunk"]

        self.assertEqual(len(events), 2, [event["content"] for event in events])
        self.assertEqual(events[0]["content"]["body"], "with right label", events[0])
        self.assertEqual(events[1]["content"]["body"], "with right label", events[1])

    def test_messages_filter_not_labels(self) -> None:
        """Test that we can filter by the absence of a label on a /messages request."""
        self._send_labelled_messages_in_room()

        token = "s0_0_0_0_0_0_0_0_0_0"
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=%s&from=%s&filter=%s"
            % (self.room_id, self.tok, token, json.dumps(self.FILTER_NOT_LABELS)),
        )

        events = channel.json_body["chunk"]

        self.assertEqual(len(events), 4, [event["content"] for event in events])
        self.assertEqual(events[0]["content"]["body"], "without label", events[0])
        self.assertEqual(events[1]["content"]["body"], "without label", events[1])
        self.assertEqual(events[2]["content"]["body"], "with wrong label", events[2])
        self.assertEqual(
            events[3]["content"]["body"], "with two wrong labels", events[3]
        )

    def test_messages_filter_labels_not_labels(self) -> None:
        """Test that we can filter by both a label and the absence of another label on a
        /messages request.
        """
        self._send_labelled_messages_in_room()

        token = "s0_0_0_0_0_0_0_0_0_0"
        channel = self.make_request(
            "GET",
            "/rooms/%s/messages?access_token=%s&from=%s&filter=%s"
            % (
                self.room_id,
                self.tok,
                token,
                json.dumps(self.FILTER_LABELS_NOT_LABELS),
            ),
        )

        events = channel.json_body["chunk"]

        self.assertEqual(len(events), 1, [event["content"] for event in events])
        self.assertEqual(events[0]["content"]["body"], "with wrong label", events[0])

    def test_search_filter_labels(self) -> None:
        """Test that we can filter by a label on a /search request."""
        request_data = {
            "search_categories": {
                "room_events": {
                    "search_term": "label",
                    "filter": self.FILTER_LABELS,
                }
            }
        }

        self._send_labelled_messages_in_room()

        channel = self.make_request(
            "POST", "/search?access_token=%s" % self.tok, request_data
        )

        results = channel.json_body["search_categories"]["room_events"]["results"]

        self.assertEqual(
            len(results),
            2,
            [result["result"]["content"] for result in results],
        )
        self.assertEqual(
            results[0]["result"]["content"]["body"],
            "with right label",
            results[0]["result"]["content"]["body"],
        )
        self.assertEqual(
            results[1]["result"]["content"]["body"],
            "with right label",
            results[1]["result"]["content"]["body"],
        )

    def test_search_filter_not_labels(self) -> None:
        """Test that we can filter by the absence of a label on a /search request."""
        request_data = {
            "search_categories": {
                "room_events": {
                    "search_term": "label",
                    "filter": self.FILTER_NOT_LABELS,
                }
            }
        }

        self._send_labelled_messages_in_room()

        channel = self.make_request(
            "POST", "/search?access_token=%s" % self.tok, request_data
        )

        results = channel.json_body["search_categories"]["room_events"]["results"]

        self.assertEqual(
            len(results),
            4,
            [result["result"]["content"] for result in results],
        )
        self.assertEqual(
            results[0]["result"]["content"]["body"],
            "without label",
            results[0]["result"]["content"]["body"],
        )
        self.assertEqual(
            results[1]["result"]["content"]["body"],
            "without label",
            results[1]["result"]["content"]["body"],
        )
        self.assertEqual(
            results[2]["result"]["content"]["body"],
            "with wrong label",
            results[2]["result"]["content"]["body"],
        )
        self.assertEqual(
            results[3]["result"]["content"]["body"],
            "with two wrong labels",
            results[3]["result"]["content"]["body"],
        )

    def test_search_filter_labels_not_labels(self) -> None:
        """Test that we can filter by both a label and the absence of another label on a
        /search request.
        """
        request_data = {
            "search_categories": {
                "room_events": {
                    "search_term": "label",
                    "filter": self.FILTER_LABELS_NOT_LABELS,
                }
            }
        }

        self._send_labelled_messages_in_room()

        channel = self.make_request(
            "POST", "/search?access_token=%s" % self.tok, request_data
        )

        results = channel.json_body["search_categories"]["room_events"]["results"]

        self.assertEqual(
            len(results),
            1,
            [result["result"]["content"] for result in results],
        )
        self.assertEqual(
            results[0]["result"]["content"]["body"],
            "with wrong label",
            results[0]["result"]["content"]["body"],
        )

    def _send_labelled_messages_in_room(self) -> str:
        """Sends several messages to a room with different labels (or without any) to test
        filtering by label.
        Returns:
            The ID of the event to use if we're testing filtering on /context.
        """
        self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={
                "msgtype": "m.text",
                "body": "with right label",
                EventContentFields.LABELS: ["#fun"],
            },
            tok=self.tok,
        )

        self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={"msgtype": "m.text", "body": "without label"},
            tok=self.tok,
        )

        res = self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={"msgtype": "m.text", "body": "without label"},
            tok=self.tok,
        )
        # Return this event's ID when we test filtering in /context requests.
        event_id = res["event_id"]

        self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={
                "msgtype": "m.text",
                "body": "with wrong label",
                EventContentFields.LABELS: ["#work"],
            },
            tok=self.tok,
        )

        self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={
                "msgtype": "m.text",
                "body": "with two wrong labels",
                EventContentFields.LABELS: ["#work", "#notfun"],
            },
            tok=self.tok,
        )

        self.helper.send_event(
            room_id=self.room_id,
            type=EventTypes.Message,
            content={
                "msgtype": "m.text",
                "body": "with right label",
                EventContentFields.LABELS: ["#fun"],
            },
            tok=self.tok,
        )

        return event_id


class RelationsTestCase(PaginationTestCase):
    def _filter_messages(self, filter: JsonDict) -> List[str]:
        """Make a request to /messages with a filter, returns the chunk of events."""
        from_token = self.get_success(
            self.from_token.to_string(self.hs.get_datastores().main)
        )
        channel = self.make_request(
            "GET",
            f"/rooms/{self.room_id}/messages?filter={json.dumps(filter)}&dir=f&from={from_token}",
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        return [ev["event_id"] for ev in channel.json_body["chunk"]]


class ContextTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        room.register_servlets,
        login.register_servlets,
        account.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.user_id = self.register_user("user", "password")
        self.tok = self.login("user", "password")
        self.room_id = self.helper.create_room_as(
            self.user_id, tok=self.tok, is_public=False
        )

        self.other_user_id = self.register_user("user2", "password")
        self.other_tok = self.login("user2", "password")

        self.helper.invite(self.room_id, self.user_id, self.other_user_id, tok=self.tok)
        self.helper.join(self.room_id, self.other_user_id, tok=self.other_tok)

    def test_erased_sender(self) -> None:
        """Test that an erasure request results in the requester's events being hidden
        from any new member of the room.
        """

        # Send a bunch of events in the room.

        self.helper.send(self.room_id, "message 1", tok=self.tok)
        self.helper.send(self.room_id, "message 2", tok=self.tok)
        event_id = self.helper.send(self.room_id, "message 3", tok=self.tok)["event_id"]
        self.helper.send(self.room_id, "message 4", tok=self.tok)
        self.helper.send(self.room_id, "message 5", tok=self.tok)

        # Check that we can still see the messages before the erasure request.

        channel = self.make_request(
            "GET",
            '/rooms/%s/context/%s?filter={"types":["m.room.message"]}'
            % (self.room_id, event_id),
            access_token=self.tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        events_before = channel.json_body["events_before"]

        self.assertEqual(len(events_before), 2, events_before)
        self.assertEqual(
            events_before[0].get("content", {}).get("body"),
            "message 2",
            events_before[0],
        )
        self.assertEqual(
            events_before[1].get("content", {}).get("body"),
            "message 1",
            events_before[1],
        )

        self.assertEqual(
            channel.json_body["event"].get("content", {}).get("body"),
            "message 3",
            channel.json_body["event"],
        )

        events_after = channel.json_body["events_after"]

        self.assertEqual(len(events_after), 2, events_after)
        self.assertEqual(
            events_after[0].get("content", {}).get("body"),
            "message 4",
            events_after[0],
        )
        self.assertEqual(
            events_after[1].get("content", {}).get("body"),
            "message 5",
            events_after[1],
        )

        # Deactivate the first account and erase the user's data.

        deactivate_account_handler = self.hs.get_deactivate_account_handler()
        self.get_success(
            deactivate_account_handler.deactivate_account(
                self.user_id, True, create_requester(self.user_id)
            )
        )

        # Invite another user in the room. This is needed because messages will be
        # pruned only if the user wasn't a member of the room when the messages were
        # sent.

        invited_user_id = self.register_user("user3", "password")
        invited_tok = self.login("user3", "password")

        self.helper.invite(
            self.room_id, self.other_user_id, invited_user_id, tok=self.other_tok
        )
        self.helper.join(self.room_id, invited_user_id, tok=invited_tok)

        # Check that a user that joined the room after the erasure request can't see
        # the messages anymore.

        channel = self.make_request(
            "GET",
            '/rooms/%s/context/%s?filter={"types":["m.room.message"]}'
            % (self.room_id, event_id),
            access_token=invited_tok,
        )
        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)

        events_before = channel.json_body["events_before"]

        self.assertEqual(len(events_before), 2, events_before)
        self.assertDictEqual(events_before[0].get("content"), {}, events_before[0])
        self.assertDictEqual(events_before[1].get("content"), {}, events_before[1])

        self.assertDictEqual(
            channel.json_body["event"].get("content"), {}, channel.json_body["event"]
        )

        events_after = channel.json_body["events_after"]

        self.assertEqual(len(events_after), 2, events_after)
        self.assertDictEqual(events_after[0].get("content"), {}, events_after[0])
        self.assertEqual(events_after[1].get("content"), {}, events_after[1])


class RoomAliasListTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        directory.register_servlets,
        login.register_servlets,
        room.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.room_owner = self.register_user("room_owner", "test")
        self.room_owner_tok = self.login("room_owner", "test")

        self.room_id = self.helper.create_room_as(
            self.room_owner, tok=self.room_owner_tok
        )

    def test_no_aliases(self) -> None:
        res = self._get_aliases(self.room_owner_tok)
        self.assertEqual(res["aliases"], [])

    def test_not_in_room(self) -> None:
        self.register_user("user", "test")
        user_tok = self.login("user", "test")
        res = self._get_aliases(user_tok, expected_code=403)
        self.assertEqual(res["errcode"], "M_FORBIDDEN")

    def test_admin_user(self) -> None:
        alias1 = self._random_alias()
        self._set_alias_via_directory(alias1)

        self.register_user("user", "test", admin=True)
        user_tok = self.login("user", "test")

        res = self._get_aliases(user_tok)
        self.assertEqual(res["aliases"], [alias1])

    def test_with_aliases(self) -> None:
        alias1 = self._random_alias()
        alias2 = self._random_alias()

        self._set_alias_via_directory(alias1)
        self._set_alias_via_directory(alias2)

        res = self._get_aliases(self.room_owner_tok)
        self.assertEqual(set(res["aliases"]), {alias1, alias2})

    def test_peekable_room(self) -> None:
        alias1 = self._random_alias()
        self._set_alias_via_directory(alias1)

        self.helper.send_state(
            self.room_id,
            EventTypes.RoomHistoryVisibility,
            body={"history_visibility": "world_readable"},
            tok=self.room_owner_tok,
        )

        self.register_user("user", "test")
        user_tok = self.login("user", "test")

        res = self._get_aliases(user_tok)
        self.assertEqual(res["aliases"], [alias1])

    def _get_aliases(self, access_token: str, expected_code: int = 200) -> JsonDict:
        """Calls the endpoint under test. returns the json response object."""
        channel = self.make_request(
            "GET",
            "/_matrix/client/r0/rooms/%s/aliases" % (self.room_id,),
            access_token=access_token,
        )
        self.assertEqual(channel.code, expected_code, channel.result)
        res = channel.json_body
        self.assertIsInstance(res, dict)
        if expected_code == 200:
            self.assertIsInstance(res["aliases"], list)
        return res

    def _random_alias(self) -> str:
        return RoomAlias(random_string(5), self.hs.hostname).to_string()

    def _set_alias_via_directory(self, alias: str, expected_code: int = 200) -> None:
        url = "/_matrix/client/r0/directory/room/" + alias
        request_data = {"room_id": self.room_id}

        channel = self.make_request(
            "PUT", url, request_data, access_token=self.room_owner_tok
        )
        self.assertEqual(channel.code, expected_code, channel.result)


class RoomCanonicalAliasTestCase(unittest.HomeserverTestCase):
    servlets = [
        synapse.rest.admin.register_servlets_for_client_rest_resource,
        directory.register_servlets,
        login.register_servlets,
        room.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.room_owner = self.register_user("room_owner", "test")
        self.room_owner_tok = self.login("room_owner", "test")

        self.room_id = self.helper.create_room_as(
            self.room_owner, tok=self.room_owner_tok
        )

        self.alias = "#alias:test"
        self._set_alias_via_directory(self.alias)

    def _set_alias_via_directory(self, alias: str, expected_code: int = 200) -> None:
        url = "/_matrix/client/r0/directory/room/" + alias
        request_data = {"room_id": self.room_id}

        channel = self.make_request(
            "PUT", url, request_data, access_token=self.room_owner_tok
        )
        self.assertEqual(channel.code, expected_code, channel.result)

    def _get_canonical_alias(self, expected_code: int = 200) -> JsonDict:
        """Calls the endpoint under test. returns the json response object."""
        channel = self.make_request(
            "GET",
            "rooms/%s/state/m.room.canonical_alias" % (self.room_id,),
            access_token=self.room_owner_tok,
        )
        self.assertEqual(channel.code, expected_code, channel.result)
        res = channel.json_body
        self.assertIsInstance(res, dict)
        return res

    def _set_canonical_alias(
        self, content: JsonDict, expected_code: int = 200
    ) -> JsonDict:
        """Calls the endpoint under test. returns the json response object."""
        channel = self.make_request(
            "PUT",
            "rooms/%s/state/m.room.canonical_alias" % (self.room_id,),
            content,
            access_token=self.room_owner_tok,
        )
        self.assertEqual(channel.code, expected_code, channel.result)
        res = channel.json_body
        self.assertIsInstance(res, dict)
        return res

    def test_canonical_alias(self) -> None:
        """Test a basic alias message."""
        # There is no canonical alias to start with.
        self._get_canonical_alias(expected_code=404)

        # Create an alias.
        self._set_canonical_alias({"alias": self.alias})

        # Canonical alias now exists!
        res = self._get_canonical_alias()
        self.assertEqual(res, {"alias": self.alias})

        # Now remove the alias.
        self._set_canonical_alias({})

        # There is an alias event, but it is empty.
        res = self._get_canonical_alias()
        self.assertEqual(res, {})

    def test_alt_aliases(self) -> None:
        """Test a canonical alias message with alt_aliases."""
        # Create an alias.
        self._set_canonical_alias({"alt_aliases": [self.alias]})

        # Canonical alias now exists!
        res = self._get_canonical_alias()
        self.assertEqual(res, {"alt_aliases": [self.alias]})

        # Now remove the alt_aliases.
        self._set_canonical_alias({})

        # There is an alias event, but it is empty.
        res = self._get_canonical_alias()
        self.assertEqual(res, {})

    def test_alias_alt_aliases(self) -> None:
        """Test a canonical alias message with an alias and alt_aliases."""
        # Create an alias.
        self._set_canonical_alias({"alias": self.alias, "alt_aliases": [self.alias]})

        # Canonical alias now exists!
        res = self._get_canonical_alias()
        self.assertEqual(res, {"alias": self.alias, "alt_aliases": [self.alias]})

        # Now remove the alias and alt_aliases.
        self._set_canonical_alias({})

        # There is an alias event, but it is empty.
        res = self._get_canonical_alias()
        self.assertEqual(res, {})

    def test_partial_modify(self) -> None:
        """Test removing only the alt_aliases."""
        # Create an alias.
        self._set_canonical_alias({"alias": self.alias, "alt_aliases": [self.alias]})

        # Canonical alias now exists!
        res = self._get_canonical_alias()
        self.assertEqual(res, {"alias": self.alias, "alt_aliases": [self.alias]})

        # Now remove the alt_aliases.
        self._set_canonical_alias({"alias": self.alias})

        # There is an alias event, but it is empty.
        res = self._get_canonical_alias()
        self.assertEqual(res, {"alias": self.alias})

    def test_add_alias(self) -> None:
        """Test removing only the alt_aliases."""
        # Create an additional alias.
        second_alias = "#second:test"
        self._set_alias_via_directory(second_alias)

        # Add the canonical alias.
        self._set_canonical_alias({"alias": self.alias, "alt_aliases": [self.alias]})

        # Then add the second alias.
        self._set_canonical_alias(
            {"alias": self.alias, "alt_aliases": [self.alias, second_alias]}
        )

        # Canonical alias now exists!
        res = self._get_canonical_alias()
        self.assertEqual(
            res, {"alias": self.alias, "alt_aliases": [self.alias, second_alias]}
        )

    def test_bad_data(self) -> None:
        """Invalid data for alt_aliases should cause errors."""
        self._set_canonical_alias({"alt_aliases": "@bad:test"}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": None}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": 0}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": 1}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": False}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": True}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": {}}, expected_code=400)

    def test_bad_alias(self) -> None:
        """An alias which does not point to the room raises a SynapseError."""
        self._set_canonical_alias({"alias": "@unknown:test"}, expected_code=400)
        self._set_canonical_alias({"alt_aliases": ["@unknown:test"]}, expected_code=400)


class ThreepidInviteTestCase(unittest.HomeserverTestCase):
    servlets = [
        admin.register_servlets,
        login.register_servlets,
        room.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self.user_id = self.register_user("thomas", "hackme")
        self.tok = self.login("thomas", "hackme")

        self.room_id = self.helper.create_room_as(self.user_id, tok=self.tok)

    def test_threepid_invite_spamcheck_deprecated(self) -> None:
        """
        Test allowing/blocking threepid invites with a spam-check module.

        In this test, we use the deprecated API in which callbacks return a bool.
        """
        # Mock a few functions to prevent the test from failing due to failing to talk to
        # a remote IS. We keep the mock for make_and_store_3pid_invite around so we
        # can check its call_count later on during the test.
        make_invite_mock = AsyncMock(return_value=(Mock(event_id="abc"), 0))
        self.hs.get_room_member_handler()._make_and_store_3pid_invite = make_invite_mock  # type: ignore[method-assign]
        self.hs.get_identity_handler().lookup_3pid = AsyncMock(  # type: ignore[method-assign]
            return_value=None,
        )

        # Add a mock to the spamchecker callbacks for user_may_send_3pid_invite. Make it
        # allow everything for now.
        # `spec` argument is needed for this function mock to have `__qualname__`, which
        # is needed for `Measure` metrics buried in SpamChecker.
        mock = AsyncMock(return_value=True, spec=lambda *x: None)
        self.hs.get_module_api_callbacks().spam_checker._user_may_send_3pid_invite_callbacks.append(
            mock
        )

        # Send a 3PID invite into the room and check that it succeeded.
        email_to_invite = "teresa@example.com"
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "id_access_token": "sometoken",
                "medium": "email",
                "address": email_to_invite,
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 200)

        # Check that the callback was called with the right params.
        mock.assert_called_with(self.user_id, "email", email_to_invite, self.room_id)

        # Check that the call to send the invite was made.
        make_invite_mock.assert_called_once()

        # Now change the return value of the callback to deny any invite and test that
        # we can't send the invite.
        mock.return_value = False
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "id_access_token": "sometoken",
                "medium": "email",
                "address": email_to_invite,
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 403)

        # Also check that it stopped before calling _make_and_store_3pid_invite.
        make_invite_mock.assert_called_once()

    def test_threepid_invite_spamcheck(self) -> None:
        """
        Test allowing/blocking threepid invites with a spam-check module.

        In this test, we use the more recent API in which callbacks return a `Union[Codes, Literal["NOT_SPAM"]]`.
        """
        # Mock a few functions to prevent the test from failing due to failing to talk to
        # a remote IS. We keep the mock for make_and_store_3pid_invite around so we
        # can check its call_count later on during the test.
        make_invite_mock = AsyncMock(return_value=(Mock(event_id="abc"), 0))
        self.hs.get_room_member_handler()._make_and_store_3pid_invite = make_invite_mock  # type: ignore[method-assign]
        self.hs.get_identity_handler().lookup_3pid = AsyncMock(  # type: ignore[method-assign]
            return_value=None,
        )

        # Add a mock to the spamchecker callbacks for user_may_send_3pid_invite. Make it
        # allow everything for now.
        # `spec` argument is needed for this function mock to have `__qualname__`, which
        # is needed for `Measure` metrics buried in SpamChecker.
        mock = AsyncMock(
            return_value=synapse.module_api.NOT_SPAM,
            spec=lambda *x: None,
        )
        self.hs.get_module_api_callbacks().spam_checker._user_may_send_3pid_invite_callbacks.append(
            mock
        )

        # Send a 3PID invite into the room and check that it succeeded.
        email_to_invite = "teresa@example.com"
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "id_access_token": "sometoken",
                "medium": "email",
                "address": email_to_invite,
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 200)

        # Check that the callback was called with the right params.
        mock.assert_called_with(self.user_id, "email", email_to_invite, self.room_id)

        # Check that the call to send the invite was made.
        make_invite_mock.assert_called_once()

        # Now change the return value of the callback to deny any invite and test that
        # we can't send the invite. We pick an arbitrary error code to be able to check
        # that the same code has been returned
        mock.return_value = Codes.CONSENT_NOT_GIVEN
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "id_access_token": "sometoken",
                "medium": "email",
                "address": email_to_invite,
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 403)
        self.assertEqual(channel.json_body["errcode"], Codes.CONSENT_NOT_GIVEN)

        # Also check that it stopped before calling _make_and_store_3pid_invite.
        make_invite_mock.assert_called_once()

        # Run variant with `Tuple[Codes, dict]`.
        mock.return_value = (Codes.EXPIRED_ACCOUNT, {"field": "value"})
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "id_access_token": "sometoken",
                "medium": "email",
                "address": email_to_invite,
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 403)
        self.assertEqual(channel.json_body["errcode"], Codes.EXPIRED_ACCOUNT)
        self.assertEqual(channel.json_body["field"], "value")

        # Also check that it stopped before calling _make_and_store_3pid_invite.
        make_invite_mock.assert_called_once()

    def test_400_missing_param_without_id_access_token(self) -> None:
        """
        Test that a 3pid invite request returns 400 M_MISSING_PARAM
        if we do not include id_access_token.
        """
        channel = self.make_request(
            method="POST",
            path="/rooms/" + self.room_id + "/invite",
            content={
                "id_server": "example.com",
                "medium": "email",
                "address": "teresa@example.com",
            },
            access_token=self.tok,
        )
        self.assertEqual(channel.code, 400)
        self.assertEqual(channel.json_body["errcode"], "M_MISSING_PARAM")


class TimestampLookupTestCase(unittest.HomeserverTestCase):
    servlets = [
        admin.register_servlets,
        room.register_servlets,
        login.register_servlets,
    ]

    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
        self._storage_controllers = self.hs.get_storage_controllers()

        self.room_owner = self.register_user("room_owner", "test")
        self.room_owner_tok = self.login("room_owner", "test")

    def _inject_outlier(self, room_id: str) -> EventBase:
        event, _context = self.get_success(
            create_event(
                self.hs,
                room_id=room_id,
                type="m.test",
                sender="@test_remote_user:remote",
            )
        )

        event.internal_metadata.outlier = True
        persistence = self._storage_controllers.persistence
        assert persistence is not None
        self.get_success(
            persistence.persist_event(
                event, EventContext.for_outlier(self._storage_controllers)
            )
        )
        return event

    def test_no_outliers(self) -> None:
        """
        Test to make sure `/timestamp_to_event` does not return `outlier` events.
        We're unable to determine whether an `outlier` is next to a gap so we
        don't know whether it's actually the closest event. Instead, let's just
        ignore `outliers` with this endpoint.

        This test is really seeing that we choose the non-`outlier` event behind the
        `outlier`. Since the gap checking logic considers the latest message in the room
        as *not* next to a gap, asking over federation does not come into play here.
        """
        room_id = self.helper.create_room_as(self.room_owner, tok=self.room_owner_tok)

        outlier_event = self._inject_outlier(room_id)

        channel = self.make_request(
            "GET",
            f"/_matrix/client/v1/rooms/{room_id}/timestamp_to_event?dir=b&ts={outlier_event.origin_server_ts}",
            access_token=self.room_owner_tok,
        )
        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)

        # Make sure the outlier event is not returned
        self.assertNotEqual(channel.json_body["event_id"], outlier_event.event_id)