synapse/tests/storage/test_registration.py

# -*- coding: utf-8 -*-
# Copyright 2014-2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


from twisted.internet import defer

from synapse.api.constants import UserTypes
from synapse.api.errors import ThreepidValidationError

from tests import unittest
from tests.utils import setup_test_homeserver


class RegistrationStoreTestCase(unittest.TestCase):
    @defer.inlineCallbacks
    def setUp(self):
        hs = yield setup_test_homeserver(self.addCleanup)

        self.store = hs.get_datastore()

        self.user_id = "@my-user:test"
        self.tokens = ["AbCdEfGhIjKlMnOpQrStUvWxYz", "BcDeFgHiJkLmNoPqRsTuVwXyZa"]
        self.pwhash = "{xx1}123456789"
        self.device_id = "akgjhdjklgshg"

    @defer.inlineCallbacks
    def test_register(self):
        yield self.store.register_user(self.user_id, self.pwhash)

        self.assertEquals(
            {
                # TODO(paul): Surely this field should be 'user_id', not 'name'
                "name": self.user_id,
                "password_hash": self.pwhash,
                "admin": 0,
                "is_guest": 0,
                "consent_version": None,
                "consent_server_notice_sent": None,
                "appservice_id": None,
                "creation_ts": 1000,
                "user_type": None,
                "deactivated": 0,
            },
            (yield defer.ensureDeferred(self.store.get_user_by_id(self.user_id))),
        )

    @defer.inlineCallbacks
    def test_add_tokens(self):
        yield self.store.register_user(self.user_id, self.pwhash)
        yield defer.ensureDeferred(
            self.store.add_access_token_to_user(
                self.user_id, self.tokens[1], self.device_id, valid_until_ms=None
            )
        )

        result = yield self.store.get_user_by_access_token(self.tokens[1])

        self.assertDictContainsSubset(
            {"name": self.user_id, "device_id": self.device_id}, result
        )

        self.assertTrue("token_id" in result)

    @defer.inlineCallbacks
    def test_user_delete_access_tokens(self):
        # add some tokens
        yield self.store.register_user(self.user_id, self.pwhash)
        yield defer.ensureDeferred(
            self.store.add_access_token_to_user(
                self.user_id, self.tokens[0], device_id=None, valid_until_ms=None
            )
        )
        yield defer.ensureDeferred(
            self.store.add_access_token_to_user(
                self.user_id, self.tokens[1], self.device_id, valid_until_ms=None
            )
        )

        # now delete some
        yield self.store.user_delete_access_tokens(
            self.user_id, device_id=self.device_id
        )

        # check they were deleted
        user = yield self.store.get_user_by_access_token(self.tokens[1])
        self.assertIsNone(user, "access token was not deleted by device_id")

        # check the one not associated with the device was not deleted
        user = yield self.store.get_user_by_access_token(self.tokens[0])
        self.assertEqual(self.user_id, user["name"])

        # now delete the rest
        yield self.store.user_delete_access_tokens(self.user_id)

        user = yield self.store.get_user_by_access_token(self.tokens[0])
        self.assertIsNone(user, "access token was not deleted without device_id")

    @defer.inlineCallbacks
    def test_is_support_user(self):
        TEST_USER = "@test:test"
        SUPPORT_USER = "@support:test"

        res = yield self.store.is_support_user(None)
        self.assertFalse(res)
        yield self.store.register_user(user_id=TEST_USER, password_hash=None)
        res = yield self.store.is_support_user(TEST_USER)
        self.assertFalse(res)

        yield self.store.register_user(
            user_id=SUPPORT_USER, password_hash=None, user_type=UserTypes.SUPPORT
        )
        res = yield self.store.is_support_user(SUPPORT_USER)
        self.assertTrue(res)

    @defer.inlineCallbacks
    def test_3pid_inhibit_invalid_validation_session_error(self):
        """Tests that enabling the configuration option to inhibit 3PID errors on
        /requestToken also inhibits validation errors caused by an unknown session ID.
        """

        # Check that, with the config setting set to false (the default value), a
        # validation error is caused by the unknown session ID.
        try:
            yield defer.ensureDeferred(
                self.store.validate_threepid_session(
                    "fake_sid", "fake_client_secret", "fake_token", 0,
                )
            )
        except ThreepidValidationError as e:
            self.assertEquals(e.msg, "Unknown session_id", e)

        # Set the config setting to true.
        self.store._ignore_unknown_session_error = True

        # Check that now the validation error is caused by the token not matching.
        try:
            yield defer.ensureDeferred(
                self.store.validate_threepid_session(
                    "fake_sid", "fake_client_secret", "fake_token", 0,
                )
            )
        except ThreepidValidationError as e:
            self.assertEquals(e.msg, "Validation token not found or has expired", e)
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00			`# -- coding: utf-8 --`
copyrights 2016-01-07 05:26:29 +01:00			`# Copyright 2014-2016 OpenMarket Ltd`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`


			`from twisted.internet import defer`

create support user (#4141) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. 2018-12-14 19:20:59 +01:00			`from synapse.api.constants import UserTypes`
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991) * Don't raise session_id errors on submit_token if request_token_inhibit_3pid_errors is set * Changelog * Also wait some time before responding to /requestToken * Incorporate review * Update synapse/storage/databases/main/registration.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Incorporate review Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> 2020-08-24 12:33:55 +02:00			`from synapse.api.errors import ThreepidValidationError`
create support user (#4141) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. 2018-12-14 19:20:59 +01:00
run isort 2018-07-09 08:09:20 +02:00			`from tests import unittest`
Factor out some of the common homeserver setup code into a setup_test_homeserver function in utils. 2015-02-11 12:37:30 +01:00			`from tests.utils import setup_test_homeserver`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00

			`class RegistrationStoreTestCase(unittest.TestCase):`
			`@defer.inlineCallbacks`
			`def setUp(self):`
Run tests under PostgreSQL (#3423) 2018-08-13 08:47:46 +02:00			`hs = yield setup_test_homeserver(self.addCleanup)`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00
Fix tests 2016-01-27 18:25:07 +01:00			`self.store = hs.get_datastore()`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00
			`self.user_id = "@my-user:test"`
Run black. 2018-08-10 15:54:09 +02:00			`self.tokens = ["AbCdEfGhIjKlMnOpQrStUvWxYz", "BcDeFgHiJkLmNoPqRsTuVwXyZa"]`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00			`self.pwhash = "{xx1}123456789"`
Add device_id support to /login Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed. 2016-07-15 14:19:07 +02:00			`self.device_id = "akgjhdjklgshg"`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00
			`@defer.inlineCallbacks`
			`def test_register(self):`
Remove access-token support from RegistrationStore.register (#5642) The 'token' param is no longer used anywhere except the tests, so let's kill that off too. 2019-07-10 17:26:49 +02:00			`yield self.store.register_user(self.user_id, self.pwhash)`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00
			`self.assertEquals(`
Send users a server notice about consent When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so. 2018-05-17 18:35:31 +02:00			`{`
			`# TODO(paul): Surely this field should be 'user_id', not 'name'`
			`"name": self.user_id,`
			`"password_hash": self.pwhash,`
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de> 2020-01-09 14:31:00 +01:00			`"admin": 0,`
Send users a server notice about consent When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so. 2018-05-17 18:35:31 +02:00			`"is_guest": 0,`
			`"consent_version": None,`
			`"consent_server_notice_sent": None,`
fix tests 2018-05-29 21:19:29 +02:00			`"appservice_id": None,`
Implement trail users 2018-08-23 20:17:08 +02:00			`"creation_ts": 1000,`
Fix registration test 2019-08-23 10:25:35 +02:00			`"user_type": None,`
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de> 2020-01-09 14:31:00 +01:00			`"deactivated": 0,`
Send users a server notice about consent When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so. 2018-05-17 18:35:31 +02:00			`},`
Convert simple_select_one and simple_select_one_onecol to async (#8162) 2020-08-26 13:19:32 +02:00			`(yield defer.ensureDeferred(self.store.get_user_by_id(self.user_id))),`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00			`)`

			`@defer.inlineCallbacks`
			`def test_add_tokens(self):`
Remove access-token support from RegistrationStore.register (#5642) The 'token' param is no longer used anywhere except the tests, so let's kill that off too. 2019-07-10 17:26:49 +02:00			`yield self.store.register_user(self.user_id, self.pwhash)`
Converts event_federation and registration databases to async/await (#8061) 2020-08-11 23:21:13 +02:00			`yield defer.ensureDeferred(`
			`self.store.add_access_token_to_user(`
			`self.user_id, self.tokens[1], self.device_id, valid_until_ms=None`
			`)`
Run black. 2018-08-10 15:54:09 +02:00			`)`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00
s/by_token/by_access_token/g We're about to have two kinds of token, access and refresh 2015-08-20 17:01:29 +02:00			`result = yield self.store.get_user_by_access_token(self.tokens[1])`
Make work in both Maria and SQLite. Fix tests 2015-04-01 15:12:33 +02:00
			`self.assertDictContainsSubset(`
Run black. 2018-08-10 15:54:09 +02:00			`{"name": self.user_id, "device_id": self.device_id}, result`
Unit-test for RegistrationStore using SQLiteMemoryDbPool 2014-09-11 18:44:00 +02:00			`)`

Make work in both Maria and SQLite. Fix tests 2015-04-01 15:12:33 +02:00			`self.assertTrue("token_id" in result)`

Delete refresh tokens when deleting devices 2016-07-26 12:09:47 +02:00			`@defer.inlineCallbacks`
			`def test_user_delete_access_tokens(self):`
			`# add some tokens`
Remove access-token support from RegistrationStore.register (#5642) The 'token' param is no longer used anywhere except the tests, so let's kill that off too. 2019-07-10 17:26:49 +02:00			`yield self.store.register_user(self.user_id, self.pwhash)`
Converts event_federation and registration databases to async/await (#8061) 2020-08-11 23:21:13 +02:00			`yield defer.ensureDeferred(`
			`self.store.add_access_token_to_user(`
			`self.user_id, self.tokens[0], device_id=None, valid_until_ms=None`
			`)`
Implement access token expiry (#5660) Record how long an access token is valid for, and raise a soft-logout once it expires. 2019-07-12 18:26:02 +02:00			`)`
Converts event_federation and registration databases to async/await (#8061) 2020-08-11 23:21:13 +02:00			`yield defer.ensureDeferred(`
			`self.store.add_access_token_to_user(`
			`self.user_id, self.tokens[1], self.device_id, valid_until_ms=None`
			`)`
Run black. 2018-08-10 15:54:09 +02:00			`)`
Delete refresh tokens when deleting devices 2016-07-26 12:09:47 +02:00
			`# now delete some`
			`yield self.store.user_delete_access_tokens(`
Run black. 2018-08-10 15:54:09 +02:00			`self.user_id, device_id=self.device_id`
Fix tests for refresh_token removal 2017-11-01 11:18:59 +01:00			`)`
Delete refresh tokens when deleting devices 2016-07-26 12:09:47 +02:00
			`# check they were deleted`
			`user = yield self.store.get_user_by_access_token(self.tokens[1])`
			`self.assertIsNone(user, "access token was not deleted by device_id")`

			`# check the one not associated with the device was not deleted`
			`user = yield self.store.get_user_by_access_token(self.tokens[0])`
			`self.assertEqual(self.user_id, user["name"])`

			`# now delete the rest`
Fix tests for refresh_token removal 2017-11-01 11:18:59 +01:00			`yield self.store.user_delete_access_tokens(self.user_id)`
Delete refresh tokens when deleting devices 2016-07-26 12:09:47 +02:00
			`user = yield self.store.get_user_by_access_token(self.tokens[0])`
Run black. 2018-08-10 15:54:09 +02:00			`self.assertIsNone(user, "access token was not deleted without device_id")`
Delete refresh tokens when deleting devices 2016-07-26 12:09:47 +02:00
create support user (#4141) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. 2018-12-14 19:20:59 +01:00			`@defer.inlineCallbacks`
			`def test_is_support_user(self):`
			`TEST_USER = "@test:test"`
			`SUPPORT_USER = "@support:test"`

			`res = yield self.store.is_support_user(None)`
			`self.assertFalse(res)`
Remove access-token support from RegistrationStore.register (#5642) The 'token' param is no longer used anywhere except the tests, so let's kill that off too. 2019-07-10 17:26:49 +02:00			`yield self.store.register_user(user_id=TEST_USER, password_hash=None)`
create support user (#4141) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. 2018-12-14 19:20:59 +01:00			`res = yield self.store.is_support_user(TEST_USER)`
			`self.assertFalse(res)`

Remove access-token support from RegistrationStore.register (#5642) The 'token' param is no longer used anywhere except the tests, so let's kill that off too. 2019-07-10 17:26:49 +02:00			`yield self.store.register_user(`
			`user_id=SUPPORT_USER, password_hash=None, user_type=UserTypes.SUPPORT`
create support user (#4141) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. 2018-12-14 19:20:59 +01:00			`)`
			`res = yield self.store.is_support_user(SUPPORT_USER)`
			`self.assertTrue(res)`
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991) * Don't raise session_id errors on submit_token if request_token_inhibit_3pid_errors is set * Changelog * Also wait some time before responding to /requestToken * Incorporate review * Update synapse/storage/databases/main/registration.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Incorporate review Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> 2020-08-24 12:33:55 +02:00
			`@defer.inlineCallbacks`
			`def test_3pid_inhibit_invalid_validation_session_error(self):`
			`"""Tests that enabling the configuration option to inhibit 3PID errors on`
			`/requestToken also inhibits validation errors caused by an unknown session ID.`
			`"""`

			`# Check that, with the config setting set to false (the default value), a`
			`# validation error is caused by the unknown session ID.`
			`try:`
			`yield defer.ensureDeferred(`
			`self.store.validate_threepid_session(`
			`"fake_sid", "fake_client_secret", "fake_token", 0,`
			`)`
			`)`
			`except ThreepidValidationError as e:`
			`self.assertEquals(e.msg, "Unknown session_id", e)`

			`# Set the config setting to true.`
			`self.store._ignore_unknown_session_error = True`

			`# Check that now the validation error is caused by the token not matching.`
			`try:`
			`yield defer.ensureDeferred(`
			`self.store.validate_threepid_session(`
			`"fake_sid", "fake_client_secret", "fake_token", 0,`
			`)`
			`)`
			`except ThreepidValidationError as e:`
			`self.assertEquals(e.msg, "Validation token not found or has expired", e)`