test_auth.py 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2018 New Vector
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License");
  5. # you may not use this file except in compliance with the License.
  6. # You may obtain a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS,
  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License.
  15. from twisted.internet.defer import succeed
  16. import synapse.rest.admin
  17. from synapse.api.constants import LoginType
  18. from synapse.rest.client.v2_alpha import auth, register
  19. from tests import unittest
  20. class FallbackAuthTests(unittest.HomeserverTestCase):
  21. servlets = [
  22. auth.register_servlets,
  23. synapse.rest.admin.register_servlets_for_client_rest_resource,
  24. register.register_servlets,
  25. ]
  26. hijack_auth = False
  27. def make_homeserver(self, reactor, clock):
  28. config = self.default_config()
  29. config["enable_registration_captcha"] = True
  30. config["recaptcha_public_key"] = "brokencake"
  31. config["registrations_require_3pid"] = []
  32. hs = self.setup_test_homeserver(config=config)
  33. return hs
  34. def prepare(self, reactor, clock, hs):
  35. auth_handler = hs.get_auth_handler()
  36. self.recaptcha_attempts = []
  37. def _recaptcha(authdict, clientip):
  38. self.recaptcha_attempts.append((authdict, clientip))
  39. return succeed(True)
  40. auth_handler.checkers[LoginType.RECAPTCHA] = _recaptcha
  41. @unittest.INFO
  42. def test_fallback_captcha(self):
  43. request, channel = self.make_request(
  44. "POST",
  45. "register",
  46. {"username": "user", "type": "m.login.password", "password": "bar"},
  47. )
  48. self.render(request)
  49. # Returns a 401 as per the spec
  50. self.assertEqual(request.code, 401)
  51. # Grab the session
  52. session = channel.json_body["session"]
  53. # Assert our configured public key is being given
  54. self.assertEqual(
  55. channel.json_body["params"]["m.login.recaptcha"]["public_key"], "brokencake"
  56. )
  57. request, channel = self.make_request(
  58. "GET", "auth/m.login.recaptcha/fallback/web?session=" + session
  59. )
  60. self.render(request)
  61. self.assertEqual(request.code, 200)
  62. request, channel = self.make_request(
  63. "POST",
  64. "auth/m.login.recaptcha/fallback/web?session="
  65. + session
  66. + "&g-recaptcha-response=a",
  67. )
  68. self.render(request)
  69. self.assertEqual(request.code, 200)
  70. # The recaptcha handler is called with the response given
  71. self.assertEqual(len(self.recaptcha_attempts), 1)
  72. self.assertEqual(self.recaptcha_attempts[0][0]["response"], "a")
  73. # also complete the dummy auth
  74. request, channel = self.make_request(
  75. "POST", "register", {"auth": {"session": session, "type": "m.login.dummy"}}
  76. )
  77. self.render(request)
  78. # Now we should have fufilled a complete auth flow, including
  79. # the recaptcha fallback step, we can then send a
  80. # request to the register API with the session in the authdict.
  81. request, channel = self.make_request(
  82. "POST", "register", {"auth": {"session": session}}
  83. )
  84. self.render(request)
  85. self.assertEqual(channel.code, 200)
  86. # We're given a registered user.
  87. self.assertEqual(channel.json_body["user_id"], "@user:test")