test_consent.py 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. # Copyright 2018 New Vector
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. import os
  15. from http import HTTPStatus
  16. from twisted.test.proto_helpers import MemoryReactor
  17. import synapse.rest.admin
  18. from synapse.api.urls import ConsentURIBuilder
  19. from synapse.rest.client import login, room
  20. from synapse.rest.consent import consent_resource
  21. from synapse.server import HomeServer
  22. from synapse.util import Clock
  23. from tests import unittest
  24. from tests.server import FakeSite, make_request
  25. class ConsentResourceTestCase(unittest.HomeserverTestCase):
  26. servlets = [
  27. synapse.rest.admin.register_servlets_for_client_rest_resource,
  28. room.register_servlets,
  29. login.register_servlets,
  30. ]
  31. user_id = True
  32. hijack_auth = False
  33. def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
  34. config = self.default_config()
  35. config["form_secret"] = "123abc"
  36. # Make some temporary templates...
  37. temp_consent_path = self.mktemp()
  38. os.mkdir(temp_consent_path)
  39. os.mkdir(os.path.join(temp_consent_path, "en"))
  40. config["user_consent"] = {
  41. "version": "1",
  42. "template_dir": os.path.abspath(temp_consent_path),
  43. }
  44. with open(os.path.join(temp_consent_path, "en/1.html"), "w") as f:
  45. f.write("{{version}},{{has_consented}}")
  46. with open(os.path.join(temp_consent_path, "en/success.html"), "w") as f:
  47. f.write("yay!")
  48. hs = self.setup_test_homeserver(config=config)
  49. return hs
  50. def test_render_public_consent(self) -> None:
  51. """You can observe the terms form without specifying a user"""
  52. resource = consent_resource.ConsentResource(self.hs)
  53. channel = make_request(
  54. self.reactor,
  55. FakeSite(resource, self.reactor),
  56. "GET",
  57. "/consent?v=1",
  58. shorthand=False,
  59. )
  60. self.assertEqual(channel.code, HTTPStatus.OK)
  61. def test_accept_consent(self) -> None:
  62. """
  63. A user can use the consent form to accept the terms.
  64. """
  65. uri_builder = ConsentURIBuilder(self.hs.config)
  66. resource = consent_resource.ConsentResource(self.hs)
  67. # Register a user
  68. user_id = self.register_user("user", "pass")
  69. access_token = self.login("user", "pass")
  70. # Fetch the consent page, to get the consent version
  71. consent_uri = (
  72. uri_builder.build_user_consent_uri(user_id).replace("_matrix/", "")
  73. + "&u=user"
  74. )
  75. channel = make_request(
  76. self.reactor,
  77. FakeSite(resource, self.reactor),
  78. "GET",
  79. consent_uri,
  80. access_token=access_token,
  81. shorthand=False,
  82. )
  83. self.assertEqual(channel.code, HTTPStatus.OK)
  84. # Get the version from the body, and whether we've consented
  85. version, consented = channel.result["body"].decode("ascii").split(",")
  86. self.assertEqual(consented, "False")
  87. # POST to the consent page, saying we've agreed
  88. channel = make_request(
  89. self.reactor,
  90. FakeSite(resource, self.reactor),
  91. "POST",
  92. consent_uri + "&v=" + version,
  93. access_token=access_token,
  94. shorthand=False,
  95. )
  96. self.assertEqual(channel.code, HTTPStatus.OK)
  97. # Fetch the consent page, to get the consent version -- it should have
  98. # changed
  99. channel = make_request(
  100. self.reactor,
  101. FakeSite(resource, self.reactor),
  102. "GET",
  103. consent_uri,
  104. access_token=access_token,
  105. shorthand=False,
  106. )
  107. self.assertEqual(channel.code, HTTPStatus.OK)
  108. # Get the version from the body, and check that it's the version we
  109. # agreed to, and that we've consented to it.
  110. version, consented = channel.result["body"].decode("ascii").split(",")
  111. self.assertEqual(consented, "True")
  112. self.assertEqual(version, "1")