2018-06-14 13:28:36 +02:00
|
|
|
|
#
|
2023-11-21 21:29:58 +01:00
|
|
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
|
|
|
#
|
2024-01-23 12:26:48 +01:00
|
|
|
|
# Copyright 2018-2022 The Matrix.org Foundation C.I.C.
|
2023-11-21 21:29:58 +01:00
|
|
|
|
# Copyright (C) 2023 New Vector, Ltd
|
|
|
|
|
#
|
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU Affero General Public License as
|
|
|
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
|
|
|
# License, or (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# See the GNU Affero General Public License for more details:
|
|
|
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
|
|
|
#
|
|
|
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
|
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
|
|
|
#
|
|
|
|
|
# [This file includes modifications made by New Vector Limited]
|
2018-06-14 13:28:36 +02:00
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
|
2018-07-09 08:09:20 +02:00
|
|
|
|
import unittest
|
2023-01-30 22:29:30 +01:00
|
|
|
|
from typing import Any, Collection, Dict, Iterable, List, Optional
|
2018-07-09 08:09:20 +02:00
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
from parameterized import parameterized
|
|
|
|
|
|
2018-06-14 13:28:36 +02:00
|
|
|
|
from synapse import event_auth
|
2021-09-30 17:13:59 +02:00
|
|
|
|
from synapse.api.constants import EventContentFields
|
2022-07-13 20:36:02 +02:00
|
|
|
|
from synapse.api.errors import AuthError, SynapseError
|
2022-06-10 11:44:19 +02:00
|
|
|
|
from synapse.api.room_versions import EventFormatVersions, RoomVersion, RoomVersions
|
2021-07-14 15:13:40 +02:00
|
|
|
|
from synapse.events import EventBase, make_event_from_dict
|
2022-06-15 20:48:22 +02:00
|
|
|
|
from synapse.storage.databases.main.events_worker import EventRedactBehaviour
|
2021-07-14 15:13:40 +02:00
|
|
|
|
from synapse.types import JsonDict, get_domain_from_id
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
2022-06-15 20:48:22 +02:00
|
|
|
|
from tests.test_utils import get_awaitable_result
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class _StubEventSourceStore:
|
|
|
|
|
"""A stub implementation of the EventSourceStore"""
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def __init__(self) -> None:
|
2022-06-15 20:48:22 +02:00
|
|
|
|
self._store: Dict[str, EventBase] = {}
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def add_event(self, event: EventBase) -> None:
|
2022-06-15 20:48:22 +02:00
|
|
|
|
self._store[event.event_id] = event
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def add_events(self, events: Iterable[EventBase]) -> None:
|
2022-06-15 20:48:22 +02:00
|
|
|
|
for event in events:
|
|
|
|
|
self._store[event.event_id] = event
|
|
|
|
|
|
|
|
|
|
async def get_events(
|
|
|
|
|
self,
|
|
|
|
|
event_ids: Collection[str],
|
|
|
|
|
redact_behaviour: EventRedactBehaviour,
|
|
|
|
|
get_prev_content: bool = False,
|
|
|
|
|
allow_rejected: bool = False,
|
|
|
|
|
) -> Dict[str, EventBase]:
|
|
|
|
|
assert allow_rejected
|
|
|
|
|
assert not get_prev_content
|
|
|
|
|
assert redact_behaviour == EventRedactBehaviour.as_is
|
|
|
|
|
results = {}
|
|
|
|
|
for e in event_ids:
|
|
|
|
|
if e in self._store:
|
|
|
|
|
results[e] = self._store[e]
|
|
|
|
|
return results
|
|
|
|
|
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
class EventAuthTestCase(unittest.TestCase):
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_rejected_auth_events(self) -> None:
|
2021-10-18 19:28:30 +02:00
|
|
|
|
"""
|
|
|
|
|
Events that refer to rejected events in their auth events are rejected
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(RoomVersions.V9, creator),
|
|
|
|
|
_join_event(RoomVersions.V9, creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
|
|
|
|
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_store = _StubEventSourceStore()
|
|
|
|
|
event_store.add_events(auth_events)
|
|
|
|
|
|
2021-10-18 19:28:30 +02:00
|
|
|
|
# creator should be able to send state
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event = _random_state_event(RoomVersions.V9, creator, auth_events)
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, event)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(event, auth_events)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
|
|
|
|
|
# ... but a rejected join_rules event should cause it to be rejected
|
2022-06-10 11:44:19 +02:00
|
|
|
|
rejected_join_rules = _join_rules_event(
|
|
|
|
|
RoomVersions.V9,
|
|
|
|
|
creator,
|
|
|
|
|
"public",
|
|
|
|
|
)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
rejected_join_rules.rejected_reason = "stinky"
|
|
|
|
|
auth_events.append(rejected_join_rules)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_store.add_event(rejected_join_rules)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
|
2022-06-15 20:48:22 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(
|
|
|
|
|
event_store,
|
|
|
|
|
_random_state_event(RoomVersions.V9, creator),
|
|
|
|
|
)
|
|
|
|
|
)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
|
|
|
|
|
# ... even if there is *also* a good join rules
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events.append(_join_rules_event(RoomVersions.V9, creator, "public"))
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_store.add_event(rejected_join_rules)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
|
2022-06-15 20:48:22 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(
|
|
|
|
|
event_store,
|
|
|
|
|
_random_state_event(RoomVersions.V9, creator),
|
|
|
|
|
)
|
|
|
|
|
)
|
2021-10-18 19:28:30 +02:00
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_create_event_with_prev_events(self) -> None:
|
2022-06-17 15:56:46 +02:00
|
|
|
|
"""A create event with prev_events should be rejected
|
|
|
|
|
|
|
|
|
|
https://spec.matrix.org/v1.3/rooms/v9/#authorization-rules
|
|
|
|
|
1: If type is m.room.create:
|
|
|
|
|
1. If it has any previous events, reject.
|
|
|
|
|
"""
|
|
|
|
|
creator = f"@creator:{TEST_DOMAIN}"
|
|
|
|
|
|
|
|
|
|
# we make both a good event and a bad event, to check that we are rejecting
|
|
|
|
|
# the bad event for the reason we think we are.
|
|
|
|
|
good_event = make_event_from_dict(
|
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
|
|
|
|
"type": "m.room.create",
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"sender": creator,
|
|
|
|
|
"content": {
|
|
|
|
|
"creator": creator,
|
|
|
|
|
"room_version": RoomVersions.V9.identifier,
|
|
|
|
|
},
|
|
|
|
|
"auth_events": [],
|
|
|
|
|
"prev_events": [],
|
|
|
|
|
},
|
|
|
|
|
room_version=RoomVersions.V9,
|
|
|
|
|
)
|
|
|
|
|
bad_event = make_event_from_dict(
|
|
|
|
|
{**good_event.get_dict(), "prev_events": ["$fakeevent"]},
|
|
|
|
|
room_version=RoomVersions.V9,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
event_store = _StubEventSourceStore()
|
|
|
|
|
|
2022-06-17 17:30:59 +02:00
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, good_event)
|
|
|
|
|
)
|
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, bad_event)
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_duplicate_auth_events(self) -> None:
|
2022-06-17 17:30:59 +02:00
|
|
|
|
"""Events with duplicate auth_events should be rejected
|
|
|
|
|
|
|
|
|
|
https://spec.matrix.org/v1.3/rooms/v9/#authorization-rules
|
|
|
|
|
2. Reject if event has auth_events that:
|
|
|
|
|
1. have duplicate entries for a given type and state_key pair
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
|
|
|
|
|
create_event = _create_event(RoomVersions.V9, creator)
|
|
|
|
|
join_event1 = _join_event(RoomVersions.V9, creator)
|
|
|
|
|
pl_event = _power_levels_event(
|
|
|
|
|
RoomVersions.V9,
|
|
|
|
|
creator,
|
|
|
|
|
{"state_default": 30, "users": {"creator": 100}},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# create a second join event, so that we can make a duplicate
|
|
|
|
|
join_event2 = _join_event(RoomVersions.V9, creator)
|
|
|
|
|
|
|
|
|
|
event_store = _StubEventSourceStore()
|
|
|
|
|
event_store.add_events([create_event, join_event1, join_event2, pl_event])
|
|
|
|
|
|
|
|
|
|
good_event = _random_state_event(
|
|
|
|
|
RoomVersions.V9, creator, [create_event, join_event2, pl_event]
|
|
|
|
|
)
|
|
|
|
|
bad_event = _random_state_event(
|
|
|
|
|
RoomVersions.V9, creator, [create_event, join_event1, join_event2, pl_event]
|
|
|
|
|
)
|
|
|
|
|
# a variation: two instances of the *same* event
|
|
|
|
|
bad_event2 = _random_state_event(
|
|
|
|
|
RoomVersions.V9, creator, [create_event, join_event2, join_event2, pl_event]
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, good_event)
|
|
|
|
|
)
|
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, bad_event)
|
|
|
|
|
)
|
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, bad_event2)
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_unexpected_auth_events(self) -> None:
|
2022-06-17 17:30:59 +02:00
|
|
|
|
"""Events with excess auth_events should be rejected
|
|
|
|
|
|
|
|
|
|
https://spec.matrix.org/v1.3/rooms/v9/#authorization-rules
|
|
|
|
|
2. Reject if event has auth_events that:
|
|
|
|
|
2. have entries whose type and state_key don’t match those specified by the
|
|
|
|
|
auth events selection algorithm described in the server specification.
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
|
|
|
|
|
create_event = _create_event(RoomVersions.V9, creator)
|
|
|
|
|
join_event = _join_event(RoomVersions.V9, creator)
|
|
|
|
|
pl_event = _power_levels_event(
|
|
|
|
|
RoomVersions.V9,
|
|
|
|
|
creator,
|
|
|
|
|
{"state_default": 30, "users": {"creator": 100}},
|
|
|
|
|
)
|
|
|
|
|
join_rules_event = _join_rules_event(RoomVersions.V9, creator, "public")
|
|
|
|
|
|
|
|
|
|
event_store = _StubEventSourceStore()
|
|
|
|
|
event_store.add_events([create_event, join_event, pl_event, join_rules_event])
|
|
|
|
|
|
|
|
|
|
good_event = _random_state_event(
|
|
|
|
|
RoomVersions.V9, creator, [create_event, join_event, pl_event]
|
|
|
|
|
)
|
|
|
|
|
# join rules should *not* be included in the auth events.
|
|
|
|
|
bad_event = _random_state_event(
|
|
|
|
|
RoomVersions.V9,
|
|
|
|
|
creator,
|
|
|
|
|
[create_event, join_event, pl_event, join_rules_event],
|
|
|
|
|
)
|
|
|
|
|
|
2022-06-17 15:56:46 +02:00
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, good_event)
|
|
|
|
|
)
|
|
|
|
|
with self.assertRaises(AuthError):
|
|
|
|
|
get_awaitable_result(
|
|
|
|
|
event_auth.check_state_independent_auth_rules(event_store, bad_event)
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_random_users_cannot_send_state_before_first_pl(self) -> None:
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"""
|
|
|
|
|
Check that, before the first PL lands, the creator is the only user
|
|
|
|
|
that can send a state event.
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
joiner = "@joiner:example.com"
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(RoomVersions.V1, creator),
|
|
|
|
|
_join_event(RoomVersions.V1, creator),
|
|
|
|
|
_join_event(RoomVersions.V1, joiner),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
# creator should be able to send state
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_random_state_event(RoomVersions.V1, creator),
|
2019-05-10 07:12:11 +02:00
|
|
|
|
auth_events,
|
2019-01-25 19:31:41 +01:00
|
|
|
|
)
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
# joiner should not be able to send state
|
|
|
|
|
self.assertRaises(
|
|
|
|
|
AuthError,
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_random_state_event(RoomVersions.V1, joiner),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
auth_events,
|
2020-03-09 13:58:25 +01:00
|
|
|
|
)
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_state_default_level(self) -> None:
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"""
|
|
|
|
|
Check that users above the state_default level can send state and
|
|
|
|
|
those below cannot
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
king = "@joiner2:example.com"
|
|
|
|
|
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(RoomVersions.V1, creator),
|
|
|
|
|
_join_event(RoomVersions.V1, creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
_power_levels_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V1,
|
|
|
|
|
creator,
|
|
|
|
|
{"state_default": "30", "users": {pleb: "29", king: "30"}},
|
2018-06-14 13:28:36 +02:00
|
|
|
|
),
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V1, pleb),
|
|
|
|
|
_join_event(RoomVersions.V1, king),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
# pleb should not be able to send state
|
|
|
|
|
self.assertRaises(
|
|
|
|
|
AuthError,
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_random_state_event(RoomVersions.V1, pleb),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
auth_events,
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
# king should be able to send state
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_random_state_event(RoomVersions.V1, king),
|
2020-01-28 15:18:29 +01:00
|
|
|
|
auth_events,
|
2019-01-25 19:31:41 +01:00
|
|
|
|
)
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_alias_event(self) -> None:
|
2020-03-09 13:58:25 +01:00
|
|
|
|
"""Alias events have special behavior up through room version 6."""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
other = "@other:example.com"
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(RoomVersions.V1, creator),
|
|
|
|
|
_join_event(RoomVersions.V1, creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
2020-03-09 13:58:25 +01:00
|
|
|
|
|
|
|
|
|
# creator should be able to send aliases
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V1, creator),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Reject an event with no state key.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V1, creator, state_key=""),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# If the domain of the sender does not match the state key, reject.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V1, creator, state_key="test.com"),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Note that the member does *not* need to be in the room.
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V1, other),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_msc2432_alias_event(self) -> None:
|
2020-03-09 13:58:25 +01:00
|
|
|
|
"""After MSC2432, alias events have no special behavior."""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
other = "@other:example.com"
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(RoomVersions.V6, creator),
|
|
|
|
|
_join_event(RoomVersions.V6, creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
2020-03-09 13:58:25 +01:00
|
|
|
|
|
|
|
|
|
# creator should be able to send aliases
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V6, creator),
|
2020-05-15 15:30:10 +02:00
|
|
|
|
auth_events,
|
2020-03-09 13:58:25 +01:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# No particular checks are done on the state key.
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V6, creator, state_key=""),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V6, creator, state_key="test.com"),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
auth_events,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Per standard auth rules, the member must be in the room.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_alias_event(RoomVersions.V6, other),
|
2020-05-15 15:30:10 +02:00
|
|
|
|
auth_events,
|
2020-03-09 13:58:25 +01:00
|
|
|
|
)
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
@parameterized.expand([(RoomVersions.V1, True), (RoomVersions.V6, False)])
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_notifications(
|
|
|
|
|
self, room_version: RoomVersion, allow_modification: bool
|
|
|
|
|
) -> None:
|
2020-05-14 18:38:17 +02:00
|
|
|
|
"""
|
|
|
|
|
Notifications power levels get checked due to MSC2209.
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events = [
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_create_event(room_version, creator),
|
|
|
|
|
_join_event(room_version, creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
_power_levels_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
room_version, creator, {"state_default": "30", "users": {pleb: "30"}}
|
2020-05-14 18:38:17 +02:00
|
|
|
|
),
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(room_version, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
]
|
2020-05-14 18:38:17 +02:00
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
pl_event = _power_levels_event(
|
|
|
|
|
room_version, pleb, {"notifications": {"room": 100}}
|
2020-05-14 18:38:17 +02:00
|
|
|
|
)
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
# on room V1, pleb should be able to modify the notifications power level.
|
|
|
|
|
if allow_modification:
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(pl_event, auth_events)
|
2022-06-10 11:44:19 +02:00
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
# But an MSC2209 room rejects this change.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(pl_event, auth_events)
|
2020-05-14 18:38:17 +02:00
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_join_rules_public(self) -> None:
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"""
|
|
|
|
|
Test joining a public room.
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
|
|
|
|
|
auth_events = {
|
2022-06-10 11:44:19 +02:00
|
|
|
|
("m.room.create", ""): _create_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.member", creator): _join_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.join_rules", ""): _join_rules_event(
|
|
|
|
|
RoomVersions.V6, creator, "public"
|
|
|
|
|
),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check join.
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user cannot be force-joined to a room.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_member_event(RoomVersions.V6, pleb, "join", sender=creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Banned should be rejected.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "ban"
|
|
|
|
|
)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user who left can re-join.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "leave"
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user can send a join if they're in the room.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "join"
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user can accept an invite.
|
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V6, pleb, "invite", sender=creator
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def test_join_rules_invite(self) -> None:
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"""
|
|
|
|
|
Test joining an invite only room.
|
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
|
|
|
|
|
auth_events = {
|
2022-06-10 11:44:19 +02:00
|
|
|
|
("m.room.create", ""): _create_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.member", creator): _join_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.join_rules", ""): _join_rules_event(
|
|
|
|
|
RoomVersions.V6, creator, "invite"
|
|
|
|
|
),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# A join without an invite is rejected.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user cannot be force-joined to a room.
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_member_event(RoomVersions.V6, pleb, "join", sender=creator),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Banned should be rejected.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "ban"
|
|
|
|
|
)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user who left cannot re-join.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "leave"
|
|
|
|
|
)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user can send a join if they're in the room.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V6, pleb, "join"
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user can accept an invite.
|
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V6, pleb, "invite", sender=creator
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def test_join_rules_restricted_old_room(self) -> None:
|
|
|
|
|
"""Old room versions should reject joins to restricted rooms"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
|
|
|
|
|
auth_events = {
|
|
|
|
|
("m.room.create", ""): _create_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.member", creator): _join_event(RoomVersions.V6, creator),
|
|
|
|
|
("m.room.power_levels", ""): _power_levels_event(
|
|
|
|
|
RoomVersions.V6, creator, {"invite": 0}
|
|
|
|
|
),
|
|
|
|
|
("m.room.join_rules", ""): _join_rules_event(
|
|
|
|
|
RoomVersions.V6, creator, "restricted"
|
|
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V6, pleb),
|
|
|
|
|
auth_events.values(),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def test_join_rules_msc3083_restricted(self) -> None:
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"""
|
|
|
|
|
Test joining a restricted room from MSC3083.
|
|
|
|
|
|
2021-07-26 18:17:00 +02:00
|
|
|
|
This is similar to the public test, but has some additional checks on
|
|
|
|
|
signatures.
|
|
|
|
|
|
|
|
|
|
The checks which care about signatures fake them by simply adding an
|
|
|
|
|
object of the proper form, not generating valid signatures.
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"""
|
|
|
|
|
creator = "@creator:example.com"
|
|
|
|
|
pleb = "@joiner:example.com"
|
|
|
|
|
|
|
|
|
|
auth_events = {
|
2022-06-10 11:44:19 +02:00
|
|
|
|
("m.room.create", ""): _create_event(RoomVersions.V8, creator),
|
|
|
|
|
("m.room.member", creator): _join_event(RoomVersions.V8, creator),
|
|
|
|
|
("m.room.power_levels", ""): _power_levels_event(
|
|
|
|
|
RoomVersions.V8, creator, {"invite": 0}
|
|
|
|
|
),
|
|
|
|
|
("m.room.join_rules", ""): _join_rules_event(
|
|
|
|
|
RoomVersions.V8, creator, "restricted"
|
|
|
|
|
),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
2021-07-26 18:17:00 +02:00
|
|
|
|
# A properly formatted join event should work.
|
|
|
|
|
authorised_join_event = _join_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
pleb,
|
|
|
|
|
additional_content={
|
2021-09-30 17:13:59 +02:00
|
|
|
|
EventContentFields.AUTHORISING_USER: "@creator:example.com"
|
2021-07-26 18:17:00 +02:00
|
|
|
|
},
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
authorised_join_event,
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2021-07-26 18:17:00 +02:00
|
|
|
|
# A join issued by a specific user works (i.e. the power level checks
|
|
|
|
|
# are done properly).
|
|
|
|
|
pl_auth_events = auth_events.copy()
|
|
|
|
|
pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
|
|
|
|
creator,
|
|
|
|
|
{"invite": 100, "users": {"@inviter:foo.test": 150}},
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
|
|
|
|
pl_auth_events[("m.room.member", "@inviter:foo.test")] = _join_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8, "@inviter:foo.test"
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
_join_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
pleb,
|
|
|
|
|
additional_content={
|
2021-09-30 17:13:59 +02:00
|
|
|
|
EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
|
2021-07-26 18:17:00 +02:00
|
|
|
|
},
|
|
|
|
|
),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
pl_auth_events.values(),
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A join which is missing an authorised server is rejected.
|
2021-03-31 22:39:08 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V8, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# An join authorised by a user who is not in the room is rejected.
|
|
|
|
|
pl_auth_events = auth_events.copy()
|
|
|
|
|
pl_auth_events[("m.room.power_levels", "")] = _power_levels_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
|
|
|
|
creator,
|
|
|
|
|
{"invite": 100, "users": {"@other:example.com": 150}},
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
_join_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
pleb,
|
|
|
|
|
additional_content={
|
2021-09-30 17:13:59 +02:00
|
|
|
|
EventContentFields.AUTHORISING_USER: "@other:example.com"
|
2021-07-26 18:17:00 +02:00
|
|
|
|
},
|
|
|
|
|
),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-07-26 18:17:00 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user cannot be force-joined to a room. (This uses an event which
|
|
|
|
|
# *would* be valid, but is sent be a different user.)
|
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
_member_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
pleb,
|
|
|
|
|
"join",
|
|
|
|
|
sender=creator,
|
|
|
|
|
additional_content={
|
2021-09-30 17:13:59 +02:00
|
|
|
|
EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
|
2021-07-26 18:17:00 +02:00
|
|
|
|
},
|
|
|
|
|
),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Banned should be rejected.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V8, pleb, "ban"
|
|
|
|
|
)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
with self.assertRaises(AuthError):
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
authorised_join_event,
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# A user who left can re-join.
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V8, pleb, "leave"
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2021-07-26 18:17:00 +02:00
|
|
|
|
authorised_join_event,
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2021-07-26 18:17:00 +02:00
|
|
|
|
# A user can send a join if they're in the room. (This doesn't need to
|
|
|
|
|
# be authorised since the user is already joined.)
|
2022-06-10 11:44:19 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
|
|
|
|
RoomVersions.V8, pleb, "join"
|
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V8, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2021-07-26 18:17:00 +02:00
|
|
|
|
# A user can accept an invite. (This doesn't need to be authorised since
|
|
|
|
|
# the user was invited.)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
auth_events[("m.room.member", pleb)] = _member_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
RoomVersions.V8, pleb, "invite", sender=creator
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
2022-06-15 20:48:22 +02:00
|
|
|
|
event_auth.check_state_dependent_auth_rules(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
_join_event(RoomVersions.V8, pleb),
|
2021-10-18 19:28:30 +02:00
|
|
|
|
auth_events.values(),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
2022-07-13 20:36:02 +02:00
|
|
|
|
def test_room_v10_rejects_string_power_levels(self) -> None:
|
|
|
|
|
pl_event_content = {"users_default": "42"}
|
|
|
|
|
pl_event = make_event_from_dict(
|
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(RoomVersions.V10),
|
|
|
|
|
"type": "m.room.power_levels",
|
|
|
|
|
"sender": "@test:test.com",
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": pl_event_content,
|
|
|
|
|
"signatures": {"test.com": {"ed25519:0": "some9signature"}},
|
|
|
|
|
},
|
|
|
|
|
room_version=RoomVersions.V10,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
pl_event2_content = {"events": {"m.room.name": "42", "m.room.power_levels": 42}}
|
|
|
|
|
pl_event2 = make_event_from_dict(
|
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(RoomVersions.V10),
|
|
|
|
|
"type": "m.room.power_levels",
|
|
|
|
|
"sender": "@test:test.com",
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": pl_event2_content,
|
|
|
|
|
"signatures": {"test.com": {"ed25519:0": "some9signature"}},
|
|
|
|
|
},
|
|
|
|
|
room_version=RoomVersions.V10,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(SynapseError):
|
|
|
|
|
event_auth._check_power_levels(
|
|
|
|
|
pl_event.room_version, pl_event, {("fake_type", "fake_key"): pl_event2}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(SynapseError):
|
|
|
|
|
event_auth._check_power_levels(
|
|
|
|
|
pl_event.room_version, pl_event2, {("fake_type", "fake_key"): pl_event}
|
|
|
|
|
)
|
|
|
|
|
|
2023-01-30 22:29:30 +01:00
|
|
|
|
def test_room_v10_rejects_other_non_integer_power_levels(self) -> None:
|
|
|
|
|
"""We should reject PLs that are non-integer, non-string JSON values.
|
|
|
|
|
|
|
|
|
|
test_room_v10_rejects_string_power_levels above handles the string case.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def create_event(pl_event_content: Dict[str, Any]) -> EventBase:
|
|
|
|
|
return make_event_from_dict(
|
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(RoomVersions.V10),
|
|
|
|
|
"type": "m.room.power_levels",
|
|
|
|
|
"sender": "@test:test.com",
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": pl_event_content,
|
|
|
|
|
"signatures": {"test.com": {"ed25519:0": "some9signature"}},
|
|
|
|
|
},
|
|
|
|
|
room_version=RoomVersions.V10,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
contents: Iterable[Dict[str, Any]] = [
|
|
|
|
|
{"notifications": {"room": None}},
|
|
|
|
|
{"users": {"@alice:wonderland": []}},
|
|
|
|
|
{"users_default": {}},
|
|
|
|
|
]
|
|
|
|
|
for content in contents:
|
|
|
|
|
event = create_event(content)
|
|
|
|
|
with self.assertRaises(SynapseError):
|
|
|
|
|
event_auth._check_power_levels(event.room_version, event, {})
|
|
|
|
|
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
# helpers for making events
|
2022-06-17 15:56:46 +02:00
|
|
|
|
TEST_DOMAIN = "example.com"
|
|
|
|
|
TEST_ROOM_ID = f"!test_room:{TEST_DOMAIN}"
|
2018-06-14 13:28:36 +02:00
|
|
|
|
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def _create_event(
|
|
|
|
|
room_version: RoomVersion,
|
|
|
|
|
user_id: str,
|
|
|
|
|
) -> EventBase:
|
2020-02-07 16:30:04 +01:00
|
|
|
|
return make_event_from_dict(
|
2018-06-14 13:28:36 +02:00
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"type": "m.room.create",
|
2021-10-18 19:28:30 +02:00
|
|
|
|
"state_key": "",
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"sender": user_id,
|
|
|
|
|
"content": {"creator": user_id},
|
2022-06-15 20:48:22 +02:00
|
|
|
|
"auth_events": [],
|
2022-06-10 11:44:19 +02:00
|
|
|
|
},
|
|
|
|
|
room_version=room_version,
|
2018-06-14 13:28:36 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2021-07-14 15:13:40 +02:00
|
|
|
|
def _member_event(
|
2022-06-10 11:44:19 +02:00
|
|
|
|
room_version: RoomVersion,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
user_id: str,
|
|
|
|
|
membership: str,
|
|
|
|
|
sender: Optional[str] = None,
|
|
|
|
|
additional_content: Optional[dict] = None,
|
2021-07-14 15:13:40 +02:00
|
|
|
|
) -> EventBase:
|
2020-02-07 16:30:04 +01:00
|
|
|
|
return make_event_from_dict(
|
2018-06-14 13:28:36 +02:00
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"type": "m.room.member",
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"sender": sender or user_id,
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"state_key": user_id,
|
2021-07-26 18:17:00 +02:00
|
|
|
|
"content": {"membership": membership, **(additional_content or {})},
|
2022-06-15 20:48:22 +02:00
|
|
|
|
"auth_events": [],
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"prev_events": [],
|
2022-06-10 11:44:19 +02:00
|
|
|
|
},
|
|
|
|
|
room_version=room_version,
|
2018-06-14 13:28:36 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def _join_event(
|
|
|
|
|
room_version: RoomVersion,
|
|
|
|
|
user_id: str,
|
|
|
|
|
additional_content: Optional[dict] = None,
|
|
|
|
|
) -> EventBase:
|
|
|
|
|
return _member_event(
|
|
|
|
|
room_version,
|
|
|
|
|
user_id,
|
|
|
|
|
"join",
|
|
|
|
|
additional_content=additional_content,
|
|
|
|
|
)
|
2021-03-31 22:39:08 +02:00
|
|
|
|
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def _power_levels_event(
|
|
|
|
|
room_version: RoomVersion,
|
|
|
|
|
sender: str,
|
|
|
|
|
content: JsonDict,
|
|
|
|
|
) -> EventBase:
|
2020-02-07 16:30:04 +01:00
|
|
|
|
return make_event_from_dict(
|
2018-06-14 13:28:36 +02:00
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"type": "m.room.power_levels",
|
|
|
|
|
"sender": sender,
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": content,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
},
|
|
|
|
|
room_version=room_version,
|
2018-06-14 13:28:36 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2023-02-08 20:52:37 +01:00
|
|
|
|
def _alias_event(room_version: RoomVersion, sender: str, **kwargs: Any) -> EventBase:
|
2020-03-09 13:58:25 +01:00
|
|
|
|
data = {
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2020-03-09 13:58:25 +01:00
|
|
|
|
"type": "m.room.aliases",
|
|
|
|
|
"sender": sender,
|
|
|
|
|
"state_key": get_domain_from_id(sender),
|
|
|
|
|
"content": {"aliases": []},
|
|
|
|
|
}
|
|
|
|
|
data.update(**kwargs)
|
2022-06-10 11:44:19 +02:00
|
|
|
|
return make_event_from_dict(data, room_version=room_version)
|
2020-03-09 13:58:25 +01:00
|
|
|
|
|
|
|
|
|
|
2022-06-15 20:48:22 +02:00
|
|
|
|
def _build_auth_dict_for_room_version(
|
|
|
|
|
room_version: RoomVersion, auth_events: Iterable[EventBase]
|
|
|
|
|
) -> List:
|
2022-09-07 12:08:20 +02:00
|
|
|
|
if room_version.event_format == EventFormatVersions.ROOM_V1_V2:
|
2022-06-15 20:48:22 +02:00
|
|
|
|
return [(e.event_id, "not_used") for e in auth_events]
|
|
|
|
|
else:
|
|
|
|
|
return [e.event_id for e in auth_events]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _random_state_event(
|
|
|
|
|
room_version: RoomVersion,
|
|
|
|
|
sender: str,
|
|
|
|
|
auth_events: Optional[Iterable[EventBase]] = None,
|
|
|
|
|
) -> EventBase:
|
|
|
|
|
if auth_events is None:
|
|
|
|
|
auth_events = []
|
2020-02-07 16:30:04 +01:00
|
|
|
|
return make_event_from_dict(
|
2018-06-14 13:28:36 +02:00
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2018-06-14 13:28:36 +02:00
|
|
|
|
"type": "test.state",
|
|
|
|
|
"sender": sender,
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": {"membership": "join"},
|
2022-06-15 20:48:22 +02:00
|
|
|
|
"auth_events": _build_auth_dict_for_room_version(room_version, auth_events),
|
2022-06-10 11:44:19 +02:00
|
|
|
|
},
|
|
|
|
|
room_version=room_version,
|
2018-06-14 13:28:36 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def _join_rules_event(
|
|
|
|
|
room_version: RoomVersion, sender: str, join_rule: str
|
|
|
|
|
) -> EventBase:
|
2021-03-31 22:39:08 +02:00
|
|
|
|
return make_event_from_dict(
|
|
|
|
|
{
|
|
|
|
|
"room_id": TEST_ROOM_ID,
|
2022-06-10 11:44:19 +02:00
|
|
|
|
**_maybe_get_event_id_dict_for_room_version(room_version),
|
2021-03-31 22:39:08 +02:00
|
|
|
|
"type": "m.room.join_rules",
|
|
|
|
|
"sender": sender,
|
|
|
|
|
"state_key": "",
|
|
|
|
|
"content": {
|
|
|
|
|
"join_rule": join_rule,
|
|
|
|
|
},
|
2022-06-10 11:44:19 +02:00
|
|
|
|
},
|
|
|
|
|
room_version=room_version,
|
2021-03-31 22:39:08 +02:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2018-06-14 13:28:36 +02:00
|
|
|
|
event_count = 0
|
|
|
|
|
|
|
|
|
|
|
2022-06-10 11:44:19 +02:00
|
|
|
|
def _maybe_get_event_id_dict_for_room_version(room_version: RoomVersion) -> dict:
|
|
|
|
|
"""If this room version needs it, generate an event id"""
|
2022-09-07 12:08:20 +02:00
|
|
|
|
if room_version.event_format != EventFormatVersions.ROOM_V1_V2:
|
2022-06-10 11:44:19 +02:00
|
|
|
|
return {}
|
|
|
|
|
|
2018-06-14 13:28:36 +02:00
|
|
|
|
global event_count
|
|
|
|
|
c = event_count
|
|
|
|
|
event_count += 1
|
2022-06-10 11:44:19 +02:00
|
|
|
|
return {"event_id": "!%i:example.com" % (c,)}
|