| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463 |
- # Copyright 2019 The Matrix.org Foundation C.I.C.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- import logging
- from typing import List
- from unittest import TestCase
- from synapse.api.constants import EventTypes
- from synapse.api.errors import AuthError, Codes, LimitExceededError, SynapseError
- from synapse.api.room_versions import RoomVersions
- from synapse.events import EventBase
- from synapse.federation.federation_base import event_from_pdu_json
- from synapse.logging.context import LoggingContext, run_in_background
- from synapse.rest import admin
- from synapse.rest.client import login, room
- from synapse.util.stringutils import random_string
- from tests import unittest
- logger = logging.getLogger(__name__)
- class FederationTestCase(unittest.HomeserverTestCase):
- servlets = [
- admin.register_servlets,
- login.register_servlets,
- room.register_servlets,
- ]
- def make_homeserver(self, reactor, clock):
- hs = self.setup_test_homeserver(federation_http_client=None)
- self.handler = hs.get_federation_handler()
- self.store = hs.get_datastore()
- self.state_store = hs.get_storage().state
- self._event_auth_handler = hs.get_event_auth_handler()
- return hs
- def test_exchange_revoked_invite(self):
- user_id = self.register_user("kermit", "test")
- tok = self.login("kermit", "test")
- room_id = self.helper.create_room_as(room_creator=user_id, tok=tok)
- # Send a 3PID invite event with an empty body so it's considered as a revoked one.
- invite_token = "sometoken"
- self.helper.send_state(
- room_id=room_id,
- event_type=EventTypes.ThirdPartyInvite,
- state_key=invite_token,
- body={},
- tok=tok,
- )
- d = self.handler.on_exchange_third_party_invite_request(
- event_dict={
- "type": EventTypes.Member,
- "room_id": room_id,
- "sender": user_id,
- "state_key": "@someone:example.org",
- "content": {
- "membership": "invite",
- "third_party_invite": {
- "display_name": "alice",
- "signed": {
- "mxid": "@alice:localhost",
- "token": invite_token,
- "signatures": {
- "magic.forest": {
- "ed25519:3": "fQpGIW1Snz+pwLZu6sTy2aHy/DYWWTspTJRPyNp0PKkymfIsNffysMl6ObMMFdIJhk6g6pwlIqZ54rxo8SLmAg"
- }
- },
- },
- },
- },
- },
- )
- failure = self.get_failure(d, AuthError).value
- self.assertEqual(failure.code, 403, failure)
- self.assertEqual(failure.errcode, Codes.FORBIDDEN, failure)
- self.assertEqual(failure.msg, "You are not invited to this room.")
- def test_rejected_message_event_state(self):
- """
- Check that we store the state group correctly for rejected non-state events.
- Regression test for #6289.
- """
- OTHER_SERVER = "otherserver"
- OTHER_USER = "@otheruser:" + OTHER_SERVER
- # create the room
- user_id = self.register_user("kermit", "test")
- tok = self.login("kermit", "test")
- room_id = self.helper.create_room_as(room_creator=user_id, tok=tok)
- room_version = self.get_success(self.store.get_room_version(room_id))
- # pretend that another server has joined
- join_event = self._build_and_send_join_event(OTHER_SERVER, OTHER_USER, room_id)
- # check the state group
- sg = self.successResultOf(
- self.store._get_state_group_for_event(join_event.event_id)
- )
- # build and send an event which will be rejected
- ev = event_from_pdu_json(
- {
- "type": EventTypes.Message,
- "content": {},
- "room_id": room_id,
- "sender": "@yetanotheruser:" + OTHER_SERVER,
- "depth": join_event["depth"] + 1,
- "prev_events": [join_event.event_id],
- "auth_events": [],
- "origin_server_ts": self.clock.time_msec(),
- },
- room_version,
- )
- with LoggingContext("send_rejected"):
- d = run_in_background(
- self.hs.get_federation_event_handler().on_receive_pdu, OTHER_SERVER, ev
- )
- self.get_success(d)
- # that should have been rejected
- e = self.get_success(self.store.get_event(ev.event_id, allow_rejected=True))
- self.assertIsNotNone(e.rejected_reason)
- # ... and the state group should be the same as before
- sg2 = self.successResultOf(self.store._get_state_group_for_event(ev.event_id))
- self.assertEqual(sg, sg2)
- def test_rejected_state_event_state(self):
- """
- Check that we store the state group correctly for rejected state events.
- Regression test for #6289.
- """
- OTHER_SERVER = "otherserver"
- OTHER_USER = "@otheruser:" + OTHER_SERVER
- # create the room
- user_id = self.register_user("kermit", "test")
- tok = self.login("kermit", "test")
- room_id = self.helper.create_room_as(room_creator=user_id, tok=tok)
- room_version = self.get_success(self.store.get_room_version(room_id))
- # pretend that another server has joined
- join_event = self._build_and_send_join_event(OTHER_SERVER, OTHER_USER, room_id)
- # check the state group
- sg = self.successResultOf(
- self.store._get_state_group_for_event(join_event.event_id)
- )
- # build and send an event which will be rejected
- ev = event_from_pdu_json(
- {
- "type": "org.matrix.test",
- "state_key": "test_key",
- "content": {},
- "room_id": room_id,
- "sender": "@yetanotheruser:" + OTHER_SERVER,
- "depth": join_event["depth"] + 1,
- "prev_events": [join_event.event_id],
- "auth_events": [],
- "origin_server_ts": self.clock.time_msec(),
- },
- room_version,
- )
- with LoggingContext("send_rejected"):
- d = run_in_background(
- self.hs.get_federation_event_handler().on_receive_pdu, OTHER_SERVER, ev
- )
- self.get_success(d)
- # that should have been rejected
- e = self.get_success(self.store.get_event(ev.event_id, allow_rejected=True))
- self.assertIsNotNone(e.rejected_reason)
- # ... and the state group should be the same as before
- sg2 = self.successResultOf(self.store._get_state_group_for_event(ev.event_id))
- self.assertEqual(sg, sg2)
- def test_backfill_floating_outlier_membership_auth(self):
- """
- As the local homeserver, check that we can properly process a federated
- event from the OTHER_SERVER with auth_events that include a floating
- membership event from the OTHER_SERVER.
- Regression test, see #10439.
- """
- OTHER_SERVER = "otherserver"
- OTHER_USER = "@otheruser:" + OTHER_SERVER
- # create the room
- user_id = self.register_user("kermit", "test")
- tok = self.login("kermit", "test")
- room_id = self.helper.create_room_as(
- room_creator=user_id,
- is_public=True,
- tok=tok,
- extra_content={
- "preset": "public_chat",
- },
- )
- room_version = self.get_success(self.store.get_room_version(room_id))
- prev_event_ids = self.get_success(self.store.get_prev_events_for_room(room_id))
- (
- most_recent_prev_event_id,
- most_recent_prev_event_depth,
- ) = self.get_success(self.store.get_max_depth_of(prev_event_ids))
- # mapping from (type, state_key) -> state_event_id
- prev_state_map = self.get_success(
- self.state_store.get_state_ids_for_event(most_recent_prev_event_id)
- )
- # List of state event ID's
- prev_state_ids = list(prev_state_map.values())
- auth_event_ids = prev_state_ids
- auth_events = list(
- self.get_success(self.store.get_events(auth_event_ids)).values()
- )
- # build a floating outlier member state event
- fake_prev_event_id = "$" + random_string(43)
- member_event_dict = {
- "type": EventTypes.Member,
- "content": {
- "membership": "join",
- },
- "state_key": OTHER_USER,
- "room_id": room_id,
- "sender": OTHER_USER,
- "depth": most_recent_prev_event_depth,
- "prev_events": [fake_prev_event_id],
- "origin_server_ts": self.clock.time_msec(),
- "signatures": {OTHER_SERVER: {"ed25519:key_version": "SomeSignatureHere"}},
- }
- builder = self.hs.get_event_builder_factory().for_room_version(
- room_version, member_event_dict
- )
- member_event = self.get_success(
- builder.build(
- prev_event_ids=member_event_dict["prev_events"],
- auth_event_ids=self._event_auth_handler.compute_auth_events(
- builder,
- prev_state_map,
- for_verification=False,
- ),
- depth=member_event_dict["depth"],
- )
- )
- # Override the signature added from "test" homeserver that we created the event with
- member_event.signatures = member_event_dict["signatures"]
- # Add the new member_event to the StateMap
- prev_state_map[
- (member_event.type, member_event.state_key)
- ] = member_event.event_id
- auth_events.append(member_event)
- # build and send an event authed based on the member event
- message_event_dict = {
- "type": EventTypes.Message,
- "content": {},
- "room_id": room_id,
- "sender": OTHER_USER,
- "depth": most_recent_prev_event_depth,
- "prev_events": prev_event_ids.copy(),
- "origin_server_ts": self.clock.time_msec(),
- "signatures": {OTHER_SERVER: {"ed25519:key_version": "SomeSignatureHere"}},
- }
- builder = self.hs.get_event_builder_factory().for_room_version(
- room_version, message_event_dict
- )
- message_event = self.get_success(
- builder.build(
- prev_event_ids=message_event_dict["prev_events"],
- auth_event_ids=self._event_auth_handler.compute_auth_events(
- builder,
- prev_state_map,
- for_verification=False,
- ),
- depth=message_event_dict["depth"],
- )
- )
- # Override the signature added from "test" homeserver that we created the event with
- message_event.signatures = message_event_dict["signatures"]
- # Stub the /event_auth response from the OTHER_SERVER
- async def get_event_auth(
- destination: str, room_id: str, event_id: str
- ) -> List[EventBase]:
- return auth_events
- self.handler.federation_client.get_event_auth = get_event_auth
- with LoggingContext("receive_pdu"):
- # Fake the OTHER_SERVER federating the message event over to our local homeserver
- d = run_in_background(
- self.hs.get_federation_event_handler().on_receive_pdu,
- OTHER_SERVER,
- message_event,
- )
- self.get_success(d)
- # Now try and get the events on our local homeserver
- stored_event = self.get_success(
- self.store.get_event(message_event.event_id, allow_none=True)
- )
- self.assertTrue(stored_event is not None)
- @unittest.override_config(
- {"rc_invites": {"per_user": {"per_second": 0.5, "burst_count": 3}}}
- )
- def test_invite_by_user_ratelimit(self):
- """Tests that invites from federation to a particular user are
- actually rate-limited.
- """
- other_server = "otherserver"
- other_user = "@otheruser:" + other_server
- # create the room
- user_id = self.register_user("kermit", "test")
- tok = self.login("kermit", "test")
- def create_invite():
- room_id = self.helper.create_room_as(room_creator=user_id, tok=tok)
- room_version = self.get_success(self.store.get_room_version(room_id))
- return event_from_pdu_json(
- {
- "type": EventTypes.Member,
- "content": {"membership": "invite"},
- "room_id": room_id,
- "sender": other_user,
- "state_key": "@user:test",
- "depth": 32,
- "prev_events": [],
- "auth_events": [],
- "origin_server_ts": self.clock.time_msec(),
- },
- room_version,
- )
- for _ in range(3):
- event = create_invite()
- self.get_success(
- self.handler.on_invite_request(
- other_server,
- event,
- event.room_version,
- )
- )
- event = create_invite()
- self.get_failure(
- self.handler.on_invite_request(
- other_server,
- event,
- event.room_version,
- ),
- exc=LimitExceededError,
- )
- def _build_and_send_join_event(self, other_server, other_user, room_id):
- join_event = self.get_success(
- self.handler.on_make_join_request(other_server, room_id, other_user)
- )
- # the auth code requires that a signature exists, but doesn't check that
- # signature... go figure.
- join_event.signatures[other_server] = {"x": "y"}
- with LoggingContext("send_join"):
- d = run_in_background(
- self.hs.get_federation_event_handler().on_send_membership_event,
- other_server,
- join_event,
- )
- self.get_success(d)
- # sanity-check: the room should show that the new user is a member
- r = self.get_success(self.store.get_current_state_ids(room_id))
- self.assertEqual(r[(EventTypes.Member, other_user)], join_event.event_id)
- return join_event
- class EventFromPduTestCase(TestCase):
- def test_valid_json(self):
- """Valid JSON should be turned into an event."""
- ev = event_from_pdu_json(
- {
- "type": EventTypes.Message,
- "content": {"bool": True, "null": None, "int": 1, "str": "foobar"},
- "room_id": "!room:test",
- "sender": "@user:test",
- "depth": 1,
- "prev_events": [],
- "auth_events": [],
- "origin_server_ts": 1234,
- },
- RoomVersions.V6,
- )
- self.assertIsInstance(ev, EventBase)
- def test_invalid_numbers(self):
- """Invalid values for an integer should be rejected, all floats should be rejected."""
- for value in [
- -(2 ** 53),
- 2 ** 53,
- 1.0,
- float("inf"),
- float("-inf"),
- float("nan"),
- ]:
- with self.assertRaises(SynapseError):
- event_from_pdu_json(
- {
- "type": EventTypes.Message,
- "content": {"foo": value},
- "room_id": "!room:test",
- "sender": "@user:test",
- "depth": 1,
- "prev_events": [],
- "auth_events": [],
- "origin_server_ts": 1234,
- },
- RoomVersions.V6,
- )
- def test_invalid_nested(self):
- """List and dictionaries are recursively searched."""
- with self.assertRaises(SynapseError):
- event_from_pdu_json(
- {
- "type": EventTypes.Message,
- "content": {"foo": [{"bar": 2 ** 56}]},
- "room_id": "!room:test",
- "sender": "@user:test",
- "depth": 1,
- "prev_events": [],
- "auth_events": [],
- "origin_server_ts": 1234,
- },
- RoomVersions.V6,
- )
|
