MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-07-03 09:58:20 +02:00
Code Issues Projects Releases Wiki Activity
synapse/tests/rest/admin/test_user.py

1948 lines
72 KiB
Python
Raw Normal View History

Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
# -*- coding: utf-8 -*-
# Copyright 2018 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import hashlib
import hmac
import json
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
import urllib.parse
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
from binascii import unhexlify
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
from typing import Optional
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
from mock import Mock
import synapse.rest.admin
from synapse.api.constants import UserTypes
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
from synapse.api.errors import Codes, HttpResponseException, ResourceLimitError
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
from synapse.rest.client.v1 import login, logout, profile, room
from synapse.rest.client.v2_alpha import devices, sync
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
from tests import unittest
Convert stats and related calls to async/await (#8192)
2020-08-27 23:24:37 +02:00
from tests.test_utils import make_awaitable
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
from tests.unittest import override_config
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
class UserRegisterTestCase(unittest.HomeserverTestCase):
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
servlets = [
synapse.rest.admin.register_servlets_for_client_rest_resource,
profile.register_servlets,
]
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
def make_homeserver(self, reactor, clock):
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.url = "/_synapse/admin/v1/register"
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.registration_handler = Mock()
self.identity_handler = Mock()
self.login_handler = Mock()
self.device_handler = Mock()
self.device_handler.check_device_registered = Mock(return_value="FAKE")
self.datastore = Mock(return_value=Mock())
self.datastore.get_current_state_deltas = Mock(return_value=(0, []))
self.secrets = Mock()
self.hs = self.setup_test_homeserver()
self.hs.config.registration_shared_secret = "shared"
self.hs.get_media_repository = Mock()
self.hs.get_deactivate_account_handler = Mock()
return self.hs
def test_disabled(self):
"""
If there is no shared secret, registration through this method will be
prevented.
"""
self.hs.config.registration_shared_secret = None
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, b"{}")
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(
"Shared secret registration is not enabled", channel.json_body["error"]
)
def test_get_nonce(self):
"""
Calling GET on the endpoint will return a randomised nonce, using the
homeserver's secrets provider.
"""
secrets = Mock()
secrets.token_hex = Mock(return_value="abcd")
self.hs.get_secrets = Mock(return_value=secrets)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(channel.json_body, {"nonce": "abcd"})
def test_expired_nonce(self):
"""
Calling GET on the endpoint will return a randomised nonce, which will
only last for SALT_TIMEOUT (60s).
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
nonce = channel.json_body["nonce"]
# 59 seconds
self.reactor.advance(59)
body = json.dumps({"nonce": nonce})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("username must be specified", channel.json_body["error"])
# 61 seconds
self.reactor.advance(2)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("unrecognised nonce", channel.json_body["error"])
def test_register_incorrect_nonce(self):
"""
Only the provided nonce can be used, as it's checked in the MAC.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(b"notthenonce\x00bob\x00abc123\x00admin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob",
"password": "abc123",
"admin": True,
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("HMAC incorrect", channel.json_body["error"])
def test_register_correct_nonce(self):
"""
When the correct nonce is provided, and the right key is provided, the
user is registered.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(
nonce.encode("ascii") + b"\x00bob\x00abc123\x00admin\x00support"
)
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob",
"password": "abc123",
"admin": True,
"user_type": UserTypes.SUPPORT,
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["user_id"])
def test_nonce_reuse(self):
"""
A valid unrecognised nonce.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(nonce.encode("ascii") + b"\x00bob\x00abc123\x00admin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob",
"password": "abc123",
"admin": True,
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["user_id"])
# Now, try and reuse it
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("unrecognised nonce", channel.json_body["error"])
def test_missing_parts(self):
"""
Synapse will complain if you don't give nonce, username, password, and
mac. Admin and user_types are optional. Additional checks are done for length
and type.
"""
def nonce():
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
return channel.json_body["nonce"]
#
# Nonce check
#
# Must be present
body = json.dumps({})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("nonce must be specified", channel.json_body["error"])
#
# Username checks
#
# Must be present
body = json.dumps({"nonce": nonce()})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("username must be specified", channel.json_body["error"])
# Must be a string
body = json.dumps({"nonce": nonce(), "username": 1234})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid username", channel.json_body["error"])
# Must not have null bytes
body = json.dumps({"nonce": nonce(), "username": "abcd\u0000"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid username", channel.json_body["error"])
# Must not have null bytes
body = json.dumps({"nonce": nonce(), "username": "a" * 1000})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid username", channel.json_body["error"])
#
# Password checks
#
# Must be present
body = json.dumps({"nonce": nonce(), "username": "a"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("password must be specified", channel.json_body["error"])
# Must be a string
body = json.dumps({"nonce": nonce(), "username": "a", "password": 1234})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid password", channel.json_body["error"])
# Must not have null bytes
body = json.dumps({"nonce": nonce(), "username": "a", "password": "abcd\u0000"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid password", channel.json_body["error"])
# Super long
body = json.dumps({"nonce": nonce(), "username": "a", "password": "A" * 1000})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid password", channel.json_body["error"])
#
# user_type check
#
# Invalid user_type
body = json.dumps(
{
"nonce": nonce(),
"username": "a",
"password": "1234",
"user_type": "invalid",
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Invalid user type", channel.json_body["error"])
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
def test_displayname(self):
"""
Test that displayname of new user is set
"""
# set no displayname
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(nonce.encode("ascii") + b"\x00bob1\x00abc123\x00notadmin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{"nonce": nonce, "username": "bob1", "password": "abc123", "mac": want_mac}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob1:test", channel.json_body["user_id"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "/profile/@bob1:test/displayname")
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("bob1", channel.json_body["displayname"])
# displayname is None
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(nonce.encode("ascii") + b"\x00bob2\x00abc123\x00notadmin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob2",
"displayname": None,
"password": "abc123",
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob2:test", channel.json_body["user_id"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "/profile/@bob2:test/displayname")
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("bob2", channel.json_body["displayname"])
# displayname is empty
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(nonce.encode("ascii") + b"\x00bob3\x00abc123\x00notadmin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob3",
"displayname": "",
"password": "abc123",
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob3:test", channel.json_body["user_id"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "/profile/@bob3:test/displayname")
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(404, int(channel.result["code"]), msg=channel.result["body"])
# set displayname
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(nonce.encode("ascii") + b"\x00bob4\x00abc123\x00notadmin")
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob4",
"displayname": "Bob's Name",
"password": "abc123",
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob4:test", channel.json_body["user_id"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "/profile/@bob4:test/displayname")
Add `displayname` to Shared-Secret Registration for admins (#8722) Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
2020-11-05 14:55:45 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Bob's Name", channel.json_body["displayname"])
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
@override_config(
{"limit_usage_by_mau": True, "max_mau_value": 2, "mau_trial_days": 0}
)
def test_register_mau_limit_reached(self):
"""
Check we can register a user via the shared secret registration API
even if the MAU limit is reached.
"""
handler = self.hs.get_registration_handler()
store = self.hs.get_datastore()
# Set monthly active users to the limit
Convert synapse.api to async/await (#8031)
2020-08-06 14:30:06 +02:00
store.get_monthly_active_count = Mock(
Allow for make_awaitable's return value to be re-used. (#8261)
2020-09-08 13:26:55 +02:00
return_value=make_awaitable(self.hs.config.max_mau_value)
Convert synapse.api to async/await (#8031)
2020-08-06 14:30:06 +02:00
)
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
# Check that the blocking of monthly active users is working as expected
# The registration of a new user fails due to the limit
self.get_failure(
handler.register_user(localpart="local_part"), ResourceLimitError
)
# Register new user with admin API
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url)
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
nonce = channel.json_body["nonce"]
want_mac = hmac.new(key=b"shared", digestmod=hashlib.sha1)
want_mac.update(
nonce.encode("ascii") + b"\x00bob\x00abc123\x00admin\x00support"
)
want_mac = want_mac.hexdigest()
body = json.dumps(
{
"nonce": nonce,
"username": "bob",
"password": "abc123",
"admin": True,
"user_type": UserTypes.SUPPORT,
"mac": want_mac,
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, body.encode("utf8"))
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["user_id"])
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
class UsersListTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
]
url = "/_synapse/admin/v2/users"
def prepare(self, reactor, clock, hs):
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
self.user1 = self.register_user(
"user1", "pass1", admin=False, displayname="Name 1"
)
self.user2 = self.register_user(
"user2", "pass2", admin=False, displayname="Name 2"
)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
def test_no_auth(self):
"""
Try to list users without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, b"{}")
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_no_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
other_user_token = self.login("user1", "pass1")
Fix `UsersListTestCase` (#8964)
2020-12-17 16:46:40 +01:00
channel = self.make_request("GET", self.url, access_token=other_user_token)
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
def test_all_users(self):
"""
List all users, including deactivated users.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
"GET",
self.url + "?deactivated=true",
b"{}",
access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(3, len(channel.json_body["users"]))
Return total number of users and profile attributes in admin users endpoint (#6881) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-04-28 19:19:36 +02:00
self.assertEqual(3, channel.json_body["total"])
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
# Check that all fields are available
for u in channel.json_body["users"]:
self.assertIn("name", u)
self.assertIn("is_guest", u)
self.assertIn("admin", u)
self.assertIn("user_type", u)
self.assertIn("deactivated", u)
self.assertIn("displayname", u)
self.assertIn("avatar_url", u)
def test_search_term(self):
"""Test that searching for a users works correctly"""
def _search_test(
expected_user_id: Optional[str],
search_term: str,
search_field: Optional[str] = "name",
expected_http_code: Optional[int] = 200,
):
"""Search for a user and check that the returned user's id is a match
Args:
expected_user_id: The user_id expected to be returned by the API. Set
to None to expect zero results for the search
search_term: The term to search for user names with
search_field: Field which is to request: `name` or `user_id`
expected_http_code: The expected http code for the request
"""
url = self.url + "?%s=%s" % (search_field, search_term,)
Fix `UsersListTestCase` (#8964)
2020-12-17 16:46:40 +01:00
channel = self.make_request(
Make search statement in List Room and User Admin API case-insensitive (#8931)
2020-12-17 11:43:37 +01:00
"GET", url.encode("ascii"), access_token=self.admin_user_tok,
)
self.assertEqual(expected_http_code, channel.code, msg=channel.json_body)
if expected_http_code != 200:
return
# Check that users were returned
self.assertTrue("users" in channel.json_body)
users = channel.json_body["users"]
# Check that the expected number of users were returned
expected_user_count = 1 if expected_user_id else 0
self.assertEqual(len(users), expected_user_count)
self.assertEqual(channel.json_body["total"], expected_user_count)
if expected_user_id:
# Check that the first returned user id is correct
u = users[0]
self.assertEqual(expected_user_id, u["name"])
# Perform search tests
_search_test(self.user1, "er1")
_search_test(self.user1, "me 1")
_search_test(self.user2, "er2")
_search_test(self.user2, "me 2")
_search_test(self.user1, "er1", "user_id")
_search_test(self.user2, "er2", "user_id")
# Test case insensitive
_search_test(self.user1, "ER1")
_search_test(self.user1, "NAME 1")
_search_test(self.user2, "ER2")
_search_test(self.user2, "NAME 2")
_search_test(self.user1, "ER1", "user_id")
_search_test(self.user2, "ER2", "user_id")
_search_test(None, "foo")
_search_test(None, "bar")
_search_test(None, "foo", "user_id")
_search_test(None, "bar", "user_id")
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
class UserRestTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
sync.register_servlets,
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
]
def prepare(self, reactor, clock, hs):
self.store = hs.get_datastore()
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
Fix a bug that deactivated users appear in the directory (#8933) Fixes a bug that deactivated users appear in the directory when their profile information was updated. To change profile information of deactivated users is neccesary for example you will remove displayname or avatar. But they should not appear in directory. They are deactivated. Co-authored-by: Erik Johnston <erikj@jki.re>
2020-12-17 13:05:39 +01:00
self.other_user = self.register_user("user", "pass", displayname="User")
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.other_user_token = self.login("user", "pass")
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.url_other_user = "/_synapse/admin/v2/users/%s" % urllib.parse.quote(
self.other_user
)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
def test_requester_is_no_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url = "/_synapse/admin/v2/users/@bob:test"
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.other_user_token,)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("You are not a server admin", channel.json_body["error"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"PUT", url, access_token=self.other_user_token, content=b"{}",
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
)
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("You are not a server admin", channel.json_body["error"])
Return a 404 for admin api user lookup if user not found (#6901)
2020-02-12 19:14:10 +01:00
def test_user_does_not_exist(self):
"""
Tests that a lookup for a user that does not exist returns a 404
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Return a 404 for admin api user lookup if user not found (#6901)
2020-02-12 19:14:10 +01:00
"GET",
"/_synapse/admin/v2/users/@unknown_person:test",
access_token=self.admin_user_tok,
)
self.assertEqual(404, channel.code, msg=channel.json_body)
self.assertEqual("M_NOT_FOUND", channel.json_body["errcode"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
def test_create_server_admin(self):
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
"""
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
Check that a new admin user is created successfully.
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
"""
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url = "/_synapse/admin/v2/users/@bob:test"
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
# Create user (server admin)
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
body = json.dumps(
{
"password": "abc123",
"admin": True,
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"displayname": "Bob's name",
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
"threepids": [{"medium": "email", "address": "bob@bob.bob"}],
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
"avatar_url": "mxc://fibble/wibble",
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
}
)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"PUT",
url,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("Bob's name", channel.json_body["displayname"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
self.assertEqual(True, channel.json_body["admin"])
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
self.assertEqual("mxc://fibble/wibble", channel.json_body["avatar_url"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("Bob's name", channel.json_body["displayname"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
self.assertEqual(True, channel.json_body["admin"])
self.assertEqual(False, channel.json_body["is_guest"])
self.assertEqual(False, channel.json_body["deactivated"])
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
self.assertEqual("mxc://fibble/wibble", channel.json_body["avatar_url"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
def test_create_user(self):
"""
Check that a new regular user is created successfully.
"""
url = "/_synapse/admin/v2/users/@bob:test"
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
# Create user
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
body = json.dumps(
{
"password": "abc123",
"admin": False,
"displayname": "Bob's name",
"threepids": [{"medium": "email", "address": "bob@bob.bob"}],
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
"avatar_url": "mxc://fibble/wibble",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
"PUT",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url,
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual("Bob's name", channel.json_body["displayname"])
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual(False, channel.json_body["admin"])
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
self.assertEqual("mxc://fibble/wibble", channel.json_body["avatar_url"])
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual("Bob's name", channel.json_body["displayname"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
self.assertEqual(False, channel.json_body["admin"])
self.assertEqual(False, channel.json_body["is_guest"])
self.assertEqual(False, channel.json_body["deactivated"])
Call set_avatar_url with target_user, not user_id (#8872) * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-12-07 20:13:07 +01:00
self.assertEqual("mxc://fibble/wibble", channel.json_body["avatar_url"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
@override_config(
{"limit_usage_by_mau": True, "max_mau_value": 2, "mau_trial_days": 0}
)
def test_create_user_mau_limit_reached_active_admin(self):
"""
Check that an admin can register a new user via the admin API
even if the MAU limit is reached.
Admin user was active before creating user.
"""
handler = self.hs.get_registration_handler()
# Sync to set admin user to active
# before limit of monthly active users is reached
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "/sync", access_token=self.admin_user_tok)
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
if channel.code != 200:
raise HttpResponseException(
channel.code, channel.result["reason"], channel.result["body"]
)
# Set monthly active users to the limit
self.store.get_monthly_active_count = Mock(
Allow for make_awaitable's return value to be re-used. (#8261)
2020-09-08 13:26:55 +02:00
return_value=make_awaitable(self.hs.config.max_mau_value)
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
)
# Check that the blocking of monthly active users is working as expected
# The registration of a new user fails due to the limit
self.get_failure(
handler.register_user(localpart="local_part"), ResourceLimitError
)
# Register new user with admin API
url = "/_synapse/admin/v2/users/@bob:test"
# Create user
body = json.dumps({"password": "abc123", "admin": False})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
"PUT",
url,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual(False, channel.json_body["admin"])
@override_config(
{"limit_usage_by_mau": True, "max_mau_value": 2, "mau_trial_days": 0}
)
def test_create_user_mau_limit_reached_passive_admin(self):
"""
Check that an admin can register a new user via the admin API
even if the MAU limit is reached.
Admin user was not active before creating user.
"""
handler = self.hs.get_registration_handler()
# Set monthly active users to the limit
self.store.get_monthly_active_count = Mock(
Allow for make_awaitable's return value to be re-used. (#8261)
2020-09-08 13:26:55 +02:00
return_value=make_awaitable(self.hs.config.max_mau_value)
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
)
# Check that the blocking of monthly active users is working as expected
# The registration of a new user fails due to the limit
self.get_failure(
handler.register_user(localpart="local_part"), ResourceLimitError
)
# Register new user with admin API
url = "/_synapse/admin/v2/users/@bob:test"
# Create user
body = json.dumps({"password": "abc123", "admin": False})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
"PUT",
url,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
# Admin user is not blocked by mau anymore
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual(False, channel.json_body["admin"])
@override_config(
{
"email": {
"enable_notifs": True,
"notif_for_new_users": True,
"notif_from": "test@example.com",
},
"public_baseurl": "https://example.com",
}
)
Email notifications for new users when creating via the Admin API. (#7267)
2020-06-01 16:34:33 +02:00
def test_create_user_email_notif_for_new_users(self):
"""
Check that a new regular user is created successfully and
got an email pusher.
"""
url = "/_synapse/admin/v2/users/@bob:test"
# Create user
body = json.dumps(
{
"password": "abc123",
"threepids": [{"medium": "email", "address": "bob@bob.bob"}],
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Email notifications for new users when creating via the Admin API. (#7267)
2020-06-01 16:34:33 +02:00
"PUT",
url,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
pushers = self.get_success(
self.store.get_pushers_by({"user_name": "@bob:test"})
)
pushers = list(pushers)
self.assertEqual(len(pushers), 1)
Convert internal pusher dicts to attrs classes. (#8940) This improves type hinting and should use less memory.
2020-12-16 17:25:30 +01:00
self.assertEqual("@bob:test", pushers[0].user_name)
Email notifications for new users when creating via the Admin API. (#7267)
2020-06-01 16:34:33 +02:00
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
2020-06-05 14:08:49 +02:00
@override_config(
{
"email": {
"enable_notifs": False,
"notif_for_new_users": False,
"notif_from": "test@example.com",
},
"public_baseurl": "https://example.com",
}
)
Email notifications for new users when creating via the Admin API. (#7267)
2020-06-01 16:34:33 +02:00
def test_create_user_email_no_notif_for_new_users(self):
"""
Check that a new regular user is created successfully and
got not an email pusher.
"""
url = "/_synapse/admin/v2/users/@bob:test"
# Create user
body = json.dumps(
{
"password": "abc123",
"threepids": [{"medium": "email", "address": "bob@bob.bob"}],
}
)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Email notifications for new users when creating via the Admin API. (#7267)
2020-06-01 16:34:33 +02:00
"PUT",
url,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob@bob.bob", channel.json_body["threepids"][0]["address"])
pushers = self.get_success(
self.store.get_pushers_by({"user_name": "@bob:test"})
)
pushers = list(pushers)
self.assertEqual(len(pushers), 0)
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
def test_set_password(self):
"""
Test setting a new password for another user.
"""
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Fix changing password via user admin API. (#6730)
2020-01-20 18:23:59 +01:00
# Change password
body = json.dumps({"password": "hahaha"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fix changing password via user admin API. (#6730)
2020-01-20 18:23:59 +01:00
"PUT",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.url_other_user,
Fix changing password via user admin API. (#6730)
2020-01-20 18:23:59 +01:00
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
def test_set_displayname(self):
"""
Test setting the displayname of another user.
"""
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
# Modify user
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
body = json.dumps({"displayname": "foobar"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual("foobar", channel.json_body["displayname"])
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"GET", self.url_other_user, access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual("foobar", channel.json_body["displayname"])
def test_set_threepid(self):
"""
Test setting threepid for an other user.
"""
# Delete old and add new threepid to user
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
body = json.dumps(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
{"threepids": [{"medium": "email", "address": "bob3@bob.bob"}]}
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
)
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
"PUT",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.url_other_user,
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob3@bob.bob", channel.json_body["threepids"][0]["address"])
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"GET", self.url_other_user, access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
self.assertEqual("bob3@bob.bob", channel.json_body["threepids"][0]["address"])
def test_deactivate_user(self):
"""
Test deactivating another user.
"""
# Deactivate user
body = json.dumps({"deactivated": True})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
self.assertEqual(True, channel.json_body["deactivated"])
Admin api to add an email address (#6789)
2020-02-07 11:29:36 +01:00
# the user is deactivated, the threepid will be deleted
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"GET", self.url_other_user, access_token=self.admin_user_tok,
Allow admin users to create or modify users without a shared secret (#6495) Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 14:31:00 +01:00
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(True, channel.json_body["deactivated"])
Fix a bug that deactivated users appear in the directory (#8933) Fixes a bug that deactivated users appear in the directory when their profile information was updated. To change profile information of deactivated users is neccesary for example you will remove displayname or avatar. But they should not appear in directory. They are deactivated. Co-authored-by: Erik Johnston <erikj@jki.re>
2020-12-17 13:05:39 +01:00
@override_config({"user_directory": {"enabled": True, "search_all_users": True}})
def test_change_name_deactivate_user_user_directory(self):
"""
Test change profile information of a deactivated user and
check that it does not appear in user directory
"""
# is in user directory
profile = self.get_success(self.store.get_user_in_directory(self.other_user))
self.assertTrue(profile["display_name"] == "User")
# Deactivate user
body = json.dumps({"deactivated": True})
Fix `UsersListTestCase` (#8964)
2020-12-17 16:46:40 +01:00
channel = self.make_request(
Fix a bug that deactivated users appear in the directory (#8933) Fixes a bug that deactivated users appear in the directory when their profile information was updated. To change profile information of deactivated users is neccesary for example you will remove displayname or avatar. But they should not appear in directory. They are deactivated. Co-authored-by: Erik Johnston <erikj@jki.re>
2020-12-17 13:05:39 +01:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(True, channel.json_body["deactivated"])
# is not in user directory
profile = self.get_success(self.store.get_user_in_directory(self.other_user))
self.assertTrue(profile is None)
# Set new displayname user
body = json.dumps({"displayname": "Foobar"})
Fix `UsersListTestCase` (#8964)
2020-12-17 16:46:40 +01:00
channel = self.make_request(
Fix a bug that deactivated users appear in the directory (#8933) Fixes a bug that deactivated users appear in the directory when their profile information was updated. To change profile information of deactivated users is neccesary for example you will remove displayname or avatar. But they should not appear in directory. They are deactivated. Co-authored-by: Erik Johnston <erikj@jki.re>
2020-12-17 13:05:39 +01:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(True, channel.json_body["deactivated"])
self.assertEqual("Foobar", channel.json_body["displayname"])
# is not in user directory
profile = self.get_success(self.store.get_user_in_directory(self.other_user))
self.assertTrue(profile is None)
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
def test_reactivate_user(self):
"""
Test reactivating another user.
"""
# Deactivate the user.
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=json.dumps({"deactivated": True}).encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
Fixed a bug with reactivating users with the admin API (#8362) Fixes: #8359 Trying to reactivate a user with the admin API (`PUT /_synapse/admin/v2/users/<user_name>`) causes an internal server error. Seems to be a regression in #8033.
2020-09-22 19:19:01 +02:00
self._is_erased("@user:test", False)
d = self.store.mark_user_erased("@user:test")
self.assertIsNone(self.get_success(d))
self._is_erased("@user:test", True)
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
# Attempt to reactivate the user (without a password).
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=json.dumps({"deactivated": False}).encode(encoding="utf_8"),
)
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
# Reactivate the user.
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=json.dumps({"deactivated": False, "password": "foo"}).encode(
encoding="utf_8"
),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
"GET", self.url_other_user, access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(False, channel.json_body["deactivated"])
Fixed a bug with reactivating users with the admin API (#8362) Fixes: #8359 Trying to reactivate a user with the admin API (`PUT /_synapse/admin/v2/users/<user_name>`) causes an internal server error. Seems to be a regression in #8033.
2020-09-22 19:19:01 +02:00
self._is_erased("@user:test", False)
Allow accounts to be re-activated from the admin APIs. (#7847)
2020-07-15 17:00:21 +02:00
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
def test_set_user_as_admin(self):
"""
Test setting the admin flag on a user.
"""
# Set a user as an admin
body = json.dumps({"admin": True})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"PUT",
self.url_other_user,
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(True, channel.json_body["admin"])
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
"GET", self.url_other_user, access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@user:test", channel.json_body["name"])
self.assertEqual(True, channel.json_body["admin"])
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
def test_accidental_deactivation_prevention(self):
"""
Ensure an account can't accidentally be deactivated by using a str value
for the deactivated body parameter
"""
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url = "/_synapse/admin/v2/users/@bob:test"
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
# Create user
body = json.dumps({"password": "abc123"})
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
"PUT",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url,
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(201, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("bob", channel.json_body["displayname"])
# Get user
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("bob", channel.json_body["displayname"])
self.assertEqual(0, channel.json_body["deactivated"])
# Change password (and use a str for deactivate instead of a bool)
body = json.dumps({"password": "abc123", "deactivated": "false"}) # oops!
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
"PUT",
Fixed set a user as an admin with the new API (#6928) Fix #6910
2020-02-28 10:58:05 +01:00
url,
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
access_token=self.admin_user_tok,
content=body.encode(encoding="utf_8"),
)
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
# Check user is not deactivated
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (#6990)
2020-02-26 13:22:55 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("@bob:test", channel.json_body["name"])
self.assertEqual("bob", channel.json_body["displayname"])
# Ensure they're still alive
self.assertEqual(0, channel.json_body["deactivated"])
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
Fixed a bug with reactivating users with the admin API (#8362) Fixes: #8359 Trying to reactivate a user with the admin API (`PUT /_synapse/admin/v2/users/<user_name>`) causes an internal server error. Seems to be a regression in #8033.
2020-09-22 19:19:01 +02:00
def _is_erased(self, user_id, expect):
"""Assert that the user is erased or not
"""
d = self.store.is_user_erased(user_id)
if expect:
self.assertTrue(self.get_success(d))
else:
self.assertFalse(self.get_success(d))
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
class UserMembershipRestTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
room.register_servlets,
]
def prepare(self, reactor, clock, hs):
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
self.other_user = self.register_user("user", "pass")
self.url = "/_synapse/admin/v1/users/%s/joined_rooms" % urllib.parse.quote(
self.other_user
)
def test_no_auth(self):
"""
Try to list rooms of an user without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, b"{}")
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_no_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
other_user_token = self.login("user", "pass")
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=other_user_token,)
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_user_does_not_exist(self):
"""
Tests that a lookup for a user that does not exist returns a 404
"""
url = "/_synapse/admin/v1/users/@unknown_person:test/joined_rooms"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
self.assertEqual(404, channel.code, msg=channel.json_body)
self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
def test_user_is_not_local(self):
"""
Tests that a lookup for a user that is not a local returns a 400
"""
url = "/_synapse/admin/v1/users/@unknown_person:unknown_domain/joined_rooms"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual("Can only lookup local users", channel.json_body["error"])
Fix a bug in the joined_rooms admin API (#8643) If the user was not in any rooms then the API returned the same error as if the user did not exist.
2020-10-26 17:25:48 +01:00
def test_no_memberships(self):
"""
Tests that a normal lookup for rooms is successfully
if user has no memberships
"""
# Get rooms
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Fix a bug in the joined_rooms admin API (#8643) If the user was not in any rooms then the API returned the same error as if the user did not exist.
2020-10-26 17:25:48 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(0, channel.json_body["total"])
self.assertEqual(0, len(channel.json_body["joined_rooms"]))
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
def test_get_rooms(self):
"""
Tests that a normal lookup for rooms is successfully
"""
# Create rooms and join
other_user_tok = self.login("user", "pass")
number_rooms = 5
for n in range(number_rooms):
self.helper.create_room_as(self.other_user, tok=other_user_tok)
# Get rooms
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Admin API for querying rooms where a user is a member (#8306) Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
2020-09-18 16:26:36 +02:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(number_rooms, channel.json_body["total"])
self.assertEqual(number_rooms, len(channel.json_body["joined_rooms"]))
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
class PushersRestTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
]
def prepare(self, reactor, clock, hs):
self.store = hs.get_datastore()
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
self.other_user = self.register_user("user", "pass")
self.url = "/_synapse/admin/v1/users/%s/pushers" % urllib.parse.quote(
self.other_user
)
def test_no_auth(self):
"""
Try to list pushers of an user without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, b"{}")
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_no_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
other_user_token = self.login("user", "pass")
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=other_user_token,)
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_user_does_not_exist(self):
"""
Tests that a lookup for a user that does not exist returns a 404
"""
url = "/_synapse/admin/v1/users/@unknown_person:test/pushers"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(404, channel.code, msg=channel.json_body)
self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
def test_user_is_not_local(self):
"""
Tests that a lookup for a user that is not a local returns a 400
"""
url = "/_synapse/admin/v1/users/@unknown_person:unknown_domain/pushers"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual("Can only lookup local users", channel.json_body["error"])
def test_get_pushers(self):
"""
Tests that a normal lookup for pushers is successfully
"""
# Get pushers
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(0, channel.json_body["total"])
# Register the pusher
other_user_token = self.login("user", "pass")
user_tuple = self.get_success(
self.store.get_user_by_access_token(other_user_token)
)
Fix unit tests (#8689) * Fix unit tests * Newsfile
2020-10-29 19:21:49 +01:00
token_id = user_tuple.token_id
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.get_success(
self.hs.get_pusherpool().add_pusher(
user_id=self.other_user,
access_token=token_id,
kind="http",
app_id="m.http",
app_display_name="HTTP Push Notifications",
device_display_name="pushy push",
pushkey="a@example.com",
lang=None,
Add additional validation to pusher URLs. (#8865) Pusher URLs now must end in `/_matrix/push/v1/notify` per the specification.
2020-12-04 16:51:56 +01:00
data={"url": "https://example.com/_matrix/push/v1/notify"},
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
)
)
# Get pushers
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Add an admin APIs to allow server admins to list users' pushers (#8610) Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
2020-10-28 16:02:42 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(1, channel.json_body["total"])
for p in channel.json_body["pushers"]:
self.assertIn("pushkey", p)
self.assertIn("kind", p)
self.assertIn("app_id", p)
self.assertIn("app_display_name", p)
self.assertIn("device_display_name", p)
self.assertIn("profile_tag", p)
self.assertIn("lang", p)
self.assertIn("url", p["data"])
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
class UserMediaRestTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
]
def prepare(self, reactor, clock, hs):
self.media_repo = hs.get_media_repository_resource()
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
self.other_user = self.register_user("user", "pass")
self.url = "/_synapse/admin/v1/users/%s/media" % urllib.parse.quote(
self.other_user
)
def test_no_auth(self):
"""
Try to list media of an user without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, b"{}")
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_no_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
other_user_token = self.login("user", "pass")
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=other_user_token,)
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_user_does_not_exist(self):
"""
Tests that a lookup for a user that does not exist returns a 404
"""
url = "/_synapse/admin/v1/users/@unknown_person:test/media"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(404, channel.code, msg=channel.json_body)
self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
def test_user_is_not_local(self):
"""
Tests that a lookup for a user that is not a local returns a 400
"""
url = "/_synapse/admin/v1/users/@unknown_person:unknown_domain/media"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url, access_token=self.admin_user_tok,)
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual("Can only lookup local users", channel.json_body["error"])
def test_limit(self):
"""
Testing list of media with limit
"""
number_media = 20
other_user_tok = self.login("user", "pass")
self._create_media(other_user_tok, number_media)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?limit=5", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), 5)
self.assertEqual(channel.json_body["next_token"], 5)
self._check_fields(channel.json_body["media"])
def test_from(self):
"""
Testing list of media with a defined starting point (from)
"""
number_media = 20
other_user_tok = self.login("user", "pass")
self._create_media(other_user_tok, number_media)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?from=5", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), 15)
self.assertNotIn("next_token", channel.json_body)
self._check_fields(channel.json_body["media"])
def test_limit_and_from(self):
"""
Testing list of media with a defined starting point and limit
"""
number_media = 20
other_user_tok = self.login("user", "pass")
self._create_media(other_user_tok, number_media)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?from=5&limit=10", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(channel.json_body["next_token"], 15)
self.assertEqual(len(channel.json_body["media"]), 10)
self._check_fields(channel.json_body["media"])
def test_limit_is_negative(self):
"""
Testing that a negative limit parameter returns a 400
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?limit=-5", access_token=self.admin_user_tok,
)
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
def test_from_is_negative(self):
"""
Testing that a negative from parameter returns a 400
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?from=-5", access_token=self.admin_user_tok,
)
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
def test_next_token(self):
"""
Testing that `next_token` appears at the right place
"""
number_media = 20
other_user_tok = self.login("user", "pass")
self._create_media(other_user_tok, number_media)
# `next_token` does not appear
# Number of results is the number of entries
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?limit=20", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), number_media)
self.assertNotIn("next_token", channel.json_body)
# `next_token` does not appear
# Number of max results is larger than the number of entries
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?limit=21", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), number_media)
self.assertNotIn("next_token", channel.json_body)
# `next_token` does appear
# Number of max results is smaller than the number of entries
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?limit=19", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), 19)
self.assertEqual(channel.json_body["next_token"], 19)
# Check
# Set `from` to value of `next_token` for request remaining entries
# `next_token` does not appear
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
"GET", self.url + "?from=19", access_token=self.admin_user_tok,
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(channel.json_body["total"], number_media)
self.assertEqual(len(channel.json_body["media"]), 1)
self.assertNotIn("next_token", channel.json_body)
def test_user_has_no_media(self):
"""
Tests that a normal lookup for media is successfully
if user has no media created
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(0, channel.json_body["total"])
self.assertEqual(0, len(channel.json_body["media"]))
def test_get_media(self):
"""
Tests that a normal lookup for media is successfully
"""
number_media = 5
other_user_tok = self.login("user", "pass")
self._create_media(other_user_tok, number_media)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url, access_token=self.admin_user_tok,)
Add admin API to list users' local media (#8647) Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
2020-10-27 15:12:31 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(number_media, channel.json_body["total"])
self.assertEqual(number_media, len(channel.json_body["media"]))
self.assertNotIn("next_token", channel.json_body)
self._check_fields(channel.json_body["media"])
def _create_media(self, user_token, number_media):
"""
Create a number of media for a specific user
"""
upload_resource = self.media_repo.children[b"upload"]
for i in range(number_media):
# file size is 67 Byte
image_data = unhexlify(
b"89504e470d0a1a0a0000000d4948445200000001000000010806"
b"0000001f15c4890000000a49444154789c63000100000500010d"
b"0a2db40000000049454e44ae426082"
)
# Upload some media into the room
self.helper.upload_media(
upload_resource, image_data, tok=user_token, expect_code=200
)
def _check_fields(self, content):
"""Checks that all attributes are present in content
"""
for m in content:
self.assertIn("media_id", m)
self.assertIn("media_type", m)
self.assertIn("media_length", m)
self.assertIn("upload_name", m)
self.assertIn("created_ts", m)
self.assertIn("last_access_ts", m)
self.assertIn("quarantined_by", m)
self.assertIn("safe_from_quarantine", m)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
class UserTokenRestTestCase(unittest.HomeserverTestCase):
"""Test for /_synapse/admin/v1/users/<user>/login
"""
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
sync.register_servlets,
room.register_servlets,
devices.register_servlets,
logout.register_servlets,
]
def prepare(self, reactor, clock, hs):
self.store = hs.get_datastore()
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
self.other_user = self.register_user("user", "pass")
self.other_user_tok = self.login("user", "pass")
self.url = "/_synapse/admin/v1/users/%s/login" % urllib.parse.quote(
self.other_user
)
def _get_token(self) -> str:
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"POST", self.url, b"{}", access_token=self.admin_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
return channel.json_body["access_token"]
def test_no_auth(self):
"""Try to login as a user without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", self.url, b"{}")
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_not_admin(self):
"""Try to login as a user as a non-admin user.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"POST", self.url, b"{}", access_token=self.other_user_tok
)
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
def test_send_event(self):
"""Test that sending event as a user works.
"""
# Create a room.
room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_tok)
# Login in as the user
puppet_token = self._get_token()
# Test that sending works, and generates the event as the right user.
resp = self.helper.send_event(room_id, "com.example.test", tok=puppet_token)
event_id = resp["event_id"]
event = self.get_success(self.store.get_event(event_id))
self.assertEqual(event.sender, self.other_user)
def test_devices(self):
"""Tests that logging in as a user doesn't create a new device for them.
"""
# Login in as the user
self._get_token()
# Check that we don't see a new device in our devices list
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"GET", "devices", b"{}", access_token=self.other_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# We should only see the one device (from the login in `prepare`)
self.assertEqual(len(channel.json_body["devices"]), 1)
def test_logout(self):
"""Test that calling `/logout` with the token works.
"""
# Login in as the user
puppet_token = self._get_token()
# Test that we can successfully make a request
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# Logout with the puppet token
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("POST", "logout", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# The puppet token should no longer work
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
# .. but the real user's tokens should still work
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"GET", "devices", b"{}", access_token=self.other_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
def test_user_logout_all(self):
"""Tests that the target user calling `/logout/all` does *not* expire
the token.
"""
# Login in as the user
puppet_token = self._get_token()
# Test that we can successfully make a request
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# Logout all with the real user token
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"POST", "logout/all", b"{}", access_token=self.other_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# The puppet token should still work
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# .. but the real user's tokens shouldn't
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"GET", "devices", b"{}", access_token=self.other_user_tok
)
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
def test_admin_logout_all(self):
"""Tests that the admin user calling `/logout/all` does expire the
token.
"""
# Login in as the user
puppet_token = self._get_token()
# Test that we can successfully make a request
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# Logout all with the admin user token
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"POST", "logout/all", b"{}", access_token=self.admin_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
# The puppet token should no longer work
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", "devices", b"{}", access_token=puppet_token)
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
# .. but the real user's tokens should still work
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request(
Add admin API for logging in as a user (#8617)
2020-11-17 11:51:25 +01:00
"GET", "devices", b"{}", access_token=self.other_user_tok
)
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
@unittest.override_config(
{
"public_baseurl": "https://example.org/",
"user_consent": {
"version": "1.0",
"policy_name": "My Cool Privacy Policy",
"template_dir": "/",
"require_at_registration": True,
"block_events_error": "You should accept the policy",
},
"form_secret": "123secret",
}
)
def test_consent(self):
"""Test that sending a message is not subject to the privacy policies.
"""
# Have the admin user accept the terms.
self.get_success(self.store.user_set_consent_version(self.admin_user, "1.0"))
# First, cheekily accept the terms and create a room
self.get_success(self.store.user_set_consent_version(self.other_user, "1.0"))
room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_tok)
self.helper.send_event(room_id, "com.example.test", tok=self.other_user_tok)
# Now unaccept it and check that we can't send an event
self.get_success(self.store.user_set_consent_version(self.other_user, "0.0"))
self.helper.send_event(
room_id, "com.example.test", tok=self.other_user_tok, expect_code=403
)
# Login in as the user
puppet_token = self._get_token()
# Sending an event on their behalf should work fine
self.helper.send_event(room_id, "com.example.test", tok=puppet_token)
@override_config(
{"limit_usage_by_mau": True, "max_mau_value": 1, "mau_trial_days": 0}
)
def test_mau_limit(self):
# Create a room as the admin user. This will bump the monthly active users to 1.
room_id = self.helper.create_room_as(self.admin_user, tok=self.admin_user_tok)
# Trying to join as the other user should fail due to reaching MAU limit.
self.helper.join(
room_id, user=self.other_user, tok=self.other_user_tok, expect_code=403
)
# Logging in as the other user and joining a room should work, even
# though the MAU limit would stop the user doing so.
puppet_token = self._get_token()
self.helper.join(room_id, user=self.other_user, tok=puppet_token)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
class WhoisRestTestCase(unittest.HomeserverTestCase):
servlets = [
synapse.rest.admin.register_servlets,
login.register_servlets,
]
def prepare(self, reactor, clock, hs):
self.admin_user = self.register_user("admin", "pass", admin=True)
self.admin_user_tok = self.login("admin", "pass")
self.other_user = self.register_user("user", "pass")
self.url1 = "/_synapse/admin/v1/whois/%s" % urllib.parse.quote(self.other_user)
self.url2 = "/_matrix/client/r0/admin/whois/%s" % urllib.parse.quote(
self.other_user
)
def test_no_auth(self):
"""
Try to get information of an user without authentication.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url1, b"{}")
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url2, b"{}")
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(401, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
def test_requester_is_not_admin(self):
"""
If the user is not a server admin, an error is returned.
"""
self.register_user("user2", "pass")
other_user2_token = self.login("user2", "pass")
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url1, access_token=other_user2_token,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url2, access_token=other_user2_token,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_user_is_not_local(self):
"""
Tests that a lookup for a user that is not a local returns a 400
"""
url1 = "/_synapse/admin/v1/whois/@unknown_person:unknown_domain"
url2 = "/_matrix/client/r0/admin/whois/@unknown_person:unknown_domain"
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url1, access_token=self.admin_user_tok,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual("Can only whois a local user", channel.json_body["error"])
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", url2, access_token=self.admin_user_tok,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(400, channel.code, msg=channel.json_body)
self.assertEqual("Can only whois a local user", channel.json_body["error"])
def test_get_whois_admin(self):
"""
The lookup should succeed for an admin.
"""
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url1, access_token=self.admin_user_tok,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(self.other_user, channel.json_body["user_id"])
self.assertIn("devices", channel.json_body)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url2, access_token=self.admin_user_tok,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(self.other_user, channel.json_body["user_id"])
self.assertIn("devices", channel.json_body)
def test_get_whois_user(self):
"""
The lookup should succeed for a normal user looking up their own information.
"""
other_user_token = self.login("user", "pass")
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url1, access_token=other_user_token,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(self.other_user, channel.json_body["user_id"])
self.assertIn("devices", channel.json_body)
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it.
2020-12-15 15:44:04 +01:00
channel = self.make_request("GET", self.url2, access_token=other_user_token,)
Remove deprecated `/_matrix/client/*/admin` endpoints (#8785) These are now only available via `/_synapse/admin/v1`.
2020-11-25 22:26:11 +01:00
self.assertEqual(200, channel.code, msg=channel.json_body)
self.assertEqual(self.other_user, channel.json_body["user_id"])
self.assertIn("devices", channel.json_body)
Reference in a new issue Copy permalink