2014-08-13 04:32:18 +02:00
|
|
|
#
|
2023-11-21 21:29:58 +01:00
|
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
|
|
#
|
2024-01-23 12:26:48 +01:00
|
|
|
# Copyright 2014-2016 OpenMarket Ltd
|
2023-11-21 21:29:58 +01:00
|
|
|
# Copyright (C) 2023 New Vector, Ltd
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as
|
|
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
|
|
# License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# See the GNU Affero General Public License for more details:
|
|
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
|
|
#
|
|
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
|
|
#
|
|
|
|
# [This file includes modifications made by New Vector Limited]
|
2014-08-13 04:32:18 +02:00
|
|
|
#
|
|
|
|
#
|
|
|
|
|
2014-08-12 16:10:52 +02:00
|
|
|
"""Tests REST events for /profile paths."""
|
2022-06-14 19:28:26 +02:00
|
|
|
import urllib.parse
|
|
|
|
from http import HTTPStatus
|
2022-02-28 18:47:37 +01:00
|
|
|
from typing import Any, Dict, Optional
|
|
|
|
|
|
|
|
from twisted.test.proto_helpers import MemoryReactor
|
2022-01-28 15:41:33 +01:00
|
|
|
|
|
|
|
from synapse.api.errors import Codes
|
2019-05-08 22:57:03 +02:00
|
|
|
from synapse.rest import admin
|
2021-08-17 13:57:58 +02:00
|
|
|
from synapse.rest.client import login, profile, room
|
2022-02-28 18:47:37 +01:00
|
|
|
from synapse.server import HomeServer
|
2022-01-28 15:41:33 +01:00
|
|
|
from synapse.types import UserID
|
2022-02-28 18:47:37 +01:00
|
|
|
from synapse.util import Clock
|
2018-07-09 08:09:20 +02:00
|
|
|
|
2016-07-26 17:46:53 +02:00
|
|
|
from tests import unittest
|
2018-07-09 08:09:20 +02:00
|
|
|
|
2019-05-08 19:26:56 +02:00
|
|
|
|
2019-06-01 12:13:49 +02:00
|
|
|
class ProfileTestCase(unittest.HomeserverTestCase):
|
|
|
|
servlets = [
|
|
|
|
admin.register_servlets_for_client_rest_resource,
|
|
|
|
login.register_servlets,
|
|
|
|
profile.register_servlets,
|
2022-01-28 15:41:33 +01:00
|
|
|
room.register_servlets,
|
2019-06-01 12:13:49 +02:00
|
|
|
]
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
2019-06-01 12:13:49 +02:00
|
|
|
self.hs = self.setup_test_homeserver()
|
|
|
|
return self.hs
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
2019-06-01 12:13:49 +02:00
|
|
|
self.owner = self.register_user("owner", "pass")
|
|
|
|
self.owner_tok = self.login("owner", "pass")
|
2021-02-16 14:04:15 +01:00
|
|
|
self.other = self.register_user("other", "pass", displayname="Bob")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_get_displayname(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_displayname()
|
|
|
|
self.assertEqual(res, "owner")
|
2019-06-01 12:13:49 +02:00
|
|
|
|
2022-06-14 19:28:26 +02:00
|
|
|
def test_get_displayname_rejects_bad_username(self) -> None:
|
|
|
|
channel = self.make_request(
|
|
|
|
"GET", f"/profile/{urllib.parse.quote('@alice:')}/displayname"
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, HTTPStatus.BAD_REQUEST, channel.result)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_displayname(self) -> None:
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-06-01 12:13:49 +02:00
|
|
|
"PUT",
|
2019-06-20 11:32:02 +02:00
|
|
|
"/profile/%s/displayname" % (self.owner,),
|
2021-02-16 14:04:15 +01:00
|
|
|
content={"displayname": "test"},
|
2019-06-01 12:13:49 +02:00
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_displayname()
|
2019-06-01 12:13:49 +02:00
|
|
|
self.assertEqual(res, "test")
|
|
|
|
|
2023-08-01 15:14:02 +02:00
|
|
|
def test_set_displayname_with_extra_spaces(self) -> None:
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/displayname" % (self.owner,),
|
|
|
|
content={"displayname": " test "},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = self._get_displayname()
|
|
|
|
self.assertEqual(res, "test")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_displayname_noauth(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/displayname" % (self.owner,),
|
|
|
|
content={"displayname": "test"},
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 401, channel.result)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_displayname_too_long(self) -> None:
|
2019-06-01 12:13:49 +02:00
|
|
|
"""Attempts to set a stupid displayname should get a 400"""
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-06-01 12:13:49 +02:00
|
|
|
"PUT",
|
2019-06-20 11:32:02 +02:00
|
|
|
"/profile/%s/displayname" % (self.owner,),
|
2021-02-16 14:04:15 +01:00
|
|
|
content={"displayname": "test" * 100},
|
2019-06-01 12:13:49 +02:00
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 400, channel.result)
|
|
|
|
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_displayname()
|
2019-06-01 12:13:49 +02:00
|
|
|
self.assertEqual(res, "owner")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_get_displayname_other(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_displayname(self.other)
|
2022-02-28 13:12:29 +01:00
|
|
|
self.assertEqual(res, "Bob")
|
2021-02-16 14:04:15 +01:00
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_displayname_other(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/displayname" % (self.other,),
|
|
|
|
content={"displayname": "test"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 400, channel.result)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_get_avatar_url(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_avatar_url()
|
|
|
|
self.assertIsNone(res)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_avatar_url(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/avatar_url" % (self.owner,),
|
|
|
|
content={"avatar_url": "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = self._get_avatar_url()
|
|
|
|
self.assertEqual(res, "http://my.server/pic.gif")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_avatar_url_noauth(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/avatar_url" % (self.owner,),
|
|
|
|
content={"avatar_url": "http://my.server/pic.gif"},
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 401, channel.result)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_avatar_url_too_long(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
"""Attempts to set a stupid avatar_url should get a 400"""
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/avatar_url" % (self.owner,),
|
|
|
|
content={"avatar_url": "http://my.server/pic.gif" * 100},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 400, channel.result)
|
|
|
|
|
|
|
|
res = self._get_avatar_url()
|
|
|
|
self.assertIsNone(res)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_get_avatar_url_other(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
res = self._get_avatar_url(self.other)
|
|
|
|
self.assertIsNone(res)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_set_avatar_url_other(self) -> None:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
"/profile/%s/avatar_url" % (self.other,),
|
|
|
|
content={"avatar_url": "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 400, channel.result)
|
|
|
|
|
2022-07-04 19:08:56 +02:00
|
|
|
def _get_displayname(self, name: Optional[str] = None) -> Optional[str]:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"GET", "/profile/%s/displayname" % (name or self.owner,)
|
|
|
|
)
|
2019-06-01 12:13:49 +02:00
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
2022-07-04 19:08:56 +02:00
|
|
|
# FIXME: If a user has no displayname set, Synapse returns 200 and omits a
|
2023-11-15 14:02:11 +01:00
|
|
|
# displayname from the response. This contradicts the spec, see
|
|
|
|
# https://github.com/matrix-org/synapse/issues/13137.
|
2022-07-04 19:08:56 +02:00
|
|
|
return channel.json_body.get("displayname")
|
2019-06-01 12:13:49 +02:00
|
|
|
|
2022-07-04 19:08:56 +02:00
|
|
|
def _get_avatar_url(self, name: Optional[str] = None) -> Optional[str]:
|
2021-02-16 14:04:15 +01:00
|
|
|
channel = self.make_request(
|
|
|
|
"GET", "/profile/%s/avatar_url" % (name or self.owner,)
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
2022-07-04 19:08:56 +02:00
|
|
|
# FIXME: If a user has no avatar set, Synapse returns 200 and omits an
|
2023-11-15 14:02:11 +01:00
|
|
|
# avatar_url from the response. This contradicts the spec, see
|
|
|
|
# https://github.com/matrix-org/synapse/issues/13137.
|
2021-02-16 14:04:15 +01:00
|
|
|
return channel.json_body.get("avatar_url")
|
|
|
|
|
2022-01-28 15:41:33 +01:00
|
|
|
@unittest.override_config({"max_avatar_size": 50})
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_avatar_size_limit_global(self) -> None:
|
2022-01-28 15:41:33 +01:00
|
|
|
"""Tests that the maximum size limit for avatars is enforced when updating a
|
|
|
|
global profile.
|
|
|
|
"""
|
|
|
|
self._setup_local_files(
|
|
|
|
{
|
|
|
|
"small": {"size": 40},
|
|
|
|
"big": {"size": 60},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/avatar_url",
|
|
|
|
content={"avatar_url": "mxc://test/big"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 403, channel.result)
|
|
|
|
self.assertEqual(
|
|
|
|
channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/avatar_url",
|
|
|
|
content={"avatar_url": "mxc://test/small"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
@unittest.override_config({"max_avatar_size": 50})
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_avatar_size_limit_per_room(self) -> None:
|
2022-01-28 15:41:33 +01:00
|
|
|
"""Tests that the maximum size limit for avatars is enforced when updating a
|
|
|
|
per-room profile.
|
|
|
|
"""
|
|
|
|
self._setup_local_files(
|
|
|
|
{
|
|
|
|
"small": {"size": 40},
|
|
|
|
"big": {"size": 60},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", "avatar_url": "mxc://test/big"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 403, channel.result)
|
|
|
|
self.assertEqual(
|
|
|
|
channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", "avatar_url": "mxc://test/small"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
@unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_avatar_allowed_mime_type_global(self) -> None:
|
2022-01-28 15:41:33 +01:00
|
|
|
"""Tests that the MIME type whitelist for avatars is enforced when updating a
|
|
|
|
global profile.
|
|
|
|
"""
|
|
|
|
self._setup_local_files(
|
|
|
|
{
|
|
|
|
"good": {"mimetype": "image/png"},
|
|
|
|
"bad": {"mimetype": "application/octet-stream"},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/avatar_url",
|
|
|
|
content={"avatar_url": "mxc://test/bad"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 403, channel.result)
|
|
|
|
self.assertEqual(
|
|
|
|
channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/avatar_url",
|
|
|
|
content={"avatar_url": "mxc://test/good"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
@unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_avatar_allowed_mime_type_per_room(self) -> None:
|
2022-01-28 15:41:33 +01:00
|
|
|
"""Tests that the MIME type whitelist for avatars is enforced when updating a
|
|
|
|
per-room profile.
|
|
|
|
"""
|
|
|
|
self._setup_local_files(
|
|
|
|
{
|
|
|
|
"good": {"mimetype": "image/png"},
|
|
|
|
"bad": {"mimetype": "application/octet-stream"},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", "avatar_url": "mxc://test/bad"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 403, channel.result)
|
|
|
|
self.assertEqual(
|
|
|
|
channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
|
|
|
|
)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", "avatar_url": "mxc://test/good"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
2023-12-04 12:36:12 +01:00
|
|
|
@unittest.override_config(
|
|
|
|
{"experimental_features": {"msc4069_profile_inhibit_propagation": True}}
|
|
|
|
)
|
|
|
|
def test_msc4069_inhibit_propagation(self) -> None:
|
|
|
|
"""Tests to ensure profile update propagation can be inhibited."""
|
|
|
|
for prop in ["avatar_url", "displayname"]:
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", prop: "mxc://my.server/existing"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/{prop}?org.matrix.msc4069.propagate=false",
|
|
|
|
content={prop: "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = (
|
|
|
|
self._get_avatar_url()
|
|
|
|
if prop == "avatar_url"
|
|
|
|
else self._get_displayname()
|
|
|
|
)
|
|
|
|
self.assertEqual(res, "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"GET",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
self.assertEqual(channel.json_body.get(prop), "mxc://my.server/existing")
|
|
|
|
|
|
|
|
def test_msc4069_inhibit_propagation_disabled(self) -> None:
|
|
|
|
"""Tests to ensure profile update propagation inhibit flags are ignored when the
|
|
|
|
experimental flag is not enabled.
|
|
|
|
"""
|
|
|
|
for prop in ["avatar_url", "displayname"]:
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", prop: "mxc://my.server/existing"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/{prop}?org.matrix.msc4069.propagate=false",
|
|
|
|
content={prop: "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = (
|
|
|
|
self._get_avatar_url()
|
|
|
|
if prop == "avatar_url"
|
|
|
|
else self._get_displayname()
|
|
|
|
)
|
|
|
|
self.assertEqual(res, "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"GET",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
# The ?propagate=false should be ignored by the server because the config flag
|
|
|
|
# isn't enabled.
|
|
|
|
self.assertEqual(channel.json_body.get(prop), "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
def test_msc4069_inhibit_propagation_default(self) -> None:
|
|
|
|
"""Tests to ensure profile update propagation happens by default."""
|
|
|
|
for prop in ["avatar_url", "displayname"]:
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", prop: "mxc://my.server/existing"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/{prop}",
|
|
|
|
content={prop: "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = (
|
|
|
|
self._get_avatar_url()
|
|
|
|
if prop == "avatar_url"
|
|
|
|
else self._get_displayname()
|
|
|
|
)
|
|
|
|
self.assertEqual(res, "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"GET",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
# The ?propagate=false should be ignored by the server because the config flag
|
|
|
|
# isn't enabled.
|
|
|
|
self.assertEqual(channel.json_body.get(prop), "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
@unittest.override_config(
|
|
|
|
{"experimental_features": {"msc4069_profile_inhibit_propagation": True}}
|
|
|
|
)
|
|
|
|
def test_msc4069_inhibit_propagation_like_default(self) -> None:
|
|
|
|
"""Tests to ensure clients can request explicit profile propagation."""
|
|
|
|
for prop in ["avatar_url", "displayname"]:
|
|
|
|
room_id = self.helper.create_room_as(tok=self.owner_tok)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
content={"membership": "join", prop: "mxc://my.server/existing"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"PUT",
|
|
|
|
f"/profile/{self.owner}/{prop}?org.matrix.msc4069.propagate=true",
|
|
|
|
content={prop: "http://my.server/pic.gif"},
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
res = (
|
|
|
|
self._get_avatar_url()
|
|
|
|
if prop == "avatar_url"
|
|
|
|
else self._get_displayname()
|
|
|
|
)
|
|
|
|
self.assertEqual(res, "http://my.server/pic.gif")
|
|
|
|
|
|
|
|
channel = self.make_request(
|
|
|
|
"GET",
|
|
|
|
f"/rooms/{room_id}/state/m.room.member/{self.owner}",
|
|
|
|
access_token=self.owner_tok,
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
|
|
|
# The client requested ?propagate=true, so it should have happened.
|
|
|
|
self.assertEqual(channel.json_body.get(prop), "http://my.server/pic.gif")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def _setup_local_files(self, names_and_props: Dict[str, Dict[str, Any]]) -> None:
|
2022-01-28 15:41:33 +01:00
|
|
|
"""Stores metadata about files in the database.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
names_and_props: A dictionary with one entry per file, with the key being the
|
|
|
|
file's name, and the value being a dictionary of properties. Supported
|
|
|
|
properties are "mimetype" (for the file's type) and "size" (for the
|
|
|
|
file's size).
|
|
|
|
"""
|
2022-02-23 12:04:02 +01:00
|
|
|
store = self.hs.get_datastores().main
|
2022-01-28 15:41:33 +01:00
|
|
|
|
|
|
|
for name, props in names_and_props.items():
|
|
|
|
self.get_success(
|
|
|
|
store.store_local_media(
|
|
|
|
media_id=name,
|
|
|
|
media_type=props.get("mimetype", "image/png"),
|
|
|
|
time_now_ms=self.clock.time_msec(),
|
|
|
|
upload_name=None,
|
|
|
|
media_length=props.get("size", 50),
|
|
|
|
user_id=UserID.from_string("@rin:test"),
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
2019-06-01 12:13:49 +02:00
|
|
|
|
2019-05-08 19:26:56 +02:00
|
|
|
class ProfilesRestrictedTestCase(unittest.HomeserverTestCase):
|
|
|
|
servlets = [
|
2019-05-08 22:57:03 +02:00
|
|
|
admin.register_servlets_for_client_rest_resource,
|
2019-05-08 19:26:56 +02:00
|
|
|
login.register_servlets,
|
|
|
|
profile.register_servlets,
|
|
|
|
room.register_servlets,
|
|
|
|
]
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
2019-05-08 19:26:56 +02:00
|
|
|
config = self.default_config()
|
2019-05-13 22:01:14 +02:00
|
|
|
config["require_auth_for_profile_requests"] = True
|
2019-12-16 17:11:55 +01:00
|
|
|
config["limit_profile_requests_to_users_who_share_rooms"] = True
|
2019-05-08 19:26:56 +02:00
|
|
|
self.hs = self.setup_test_homeserver(config=config)
|
|
|
|
|
|
|
|
return self.hs
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
2019-05-08 19:26:56 +02:00
|
|
|
# User owning the requested profile.
|
|
|
|
self.owner = self.register_user("owner", "pass")
|
|
|
|
self.owner_tok = self.login("owner", "pass")
|
|
|
|
self.profile_url = "/profile/%s" % (self.owner)
|
|
|
|
|
|
|
|
# User requesting the profile.
|
|
|
|
self.requester = self.register_user("requester", "pass")
|
|
|
|
self.requester_tok = self.login("requester", "pass")
|
|
|
|
|
|
|
|
self.room_id = self.helper.create_room_as(self.owner, tok=self.owner_tok)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_no_auth(self) -> None:
|
2019-05-08 19:26:56 +02:00
|
|
|
self.try_fetch_profile(401)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_not_in_shared_room(self) -> None:
|
2019-05-08 19:26:56 +02:00
|
|
|
self.ensure_requester_left_room()
|
|
|
|
|
|
|
|
self.try_fetch_profile(403, access_token=self.requester_tok)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_in_shared_room(self) -> None:
|
2019-05-08 19:26:56 +02:00
|
|
|
self.ensure_requester_left_room()
|
|
|
|
|
2019-05-10 07:12:11 +02:00
|
|
|
self.helper.join(room=self.room_id, user=self.requester, tok=self.requester_tok)
|
2019-05-08 19:26:56 +02:00
|
|
|
|
|
|
|
self.try_fetch_profile(200, self.requester_tok)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def try_fetch_profile(
|
|
|
|
self, expected_code: int, access_token: Optional[str] = None
|
|
|
|
) -> None:
|
2019-05-10 07:12:11 +02:00
|
|
|
self.request_profile(expected_code, access_token=access_token)
|
2019-05-08 19:26:56 +02:00
|
|
|
|
|
|
|
self.request_profile(
|
2019-05-10 07:12:11 +02:00
|
|
|
expected_code, url_suffix="/displayname", access_token=access_token
|
2019-05-08 19:26:56 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
self.request_profile(
|
2019-05-10 07:12:11 +02:00
|
|
|
expected_code, url_suffix="/avatar_url", access_token=access_token
|
2019-05-08 19:26:56 +02:00
|
|
|
)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def request_profile(
|
|
|
|
self,
|
|
|
|
expected_code: int,
|
|
|
|
url_suffix: str = "",
|
|
|
|
access_token: Optional[str] = None,
|
|
|
|
) -> None:
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-05-10 07:12:11 +02:00
|
|
|
"GET", self.profile_url + url_suffix, access_token=access_token
|
2019-05-08 19:26:56 +02:00
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, expected_code, channel.result)
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def ensure_requester_left_room(self) -> None:
|
2019-05-08 19:26:56 +02:00
|
|
|
try:
|
|
|
|
self.helper.leave(
|
2019-05-10 07:12:11 +02:00
|
|
|
room=self.room_id, user=self.requester, tok=self.requester_tok
|
2019-05-08 19:26:56 +02:00
|
|
|
)
|
|
|
|
except AssertionError:
|
|
|
|
# We don't care whether the leave request didn't return a 200 (e.g.
|
|
|
|
# if the user isn't already in the room), because we only want to
|
|
|
|
# make sure the user isn't in the room.
|
|
|
|
pass
|
2019-07-08 18:41:16 +02:00
|
|
|
|
|
|
|
|
|
|
|
class OwnProfileUnrestrictedTestCase(unittest.HomeserverTestCase):
|
|
|
|
servlets = [
|
|
|
|
admin.register_servlets_for_client_rest_resource,
|
|
|
|
login.register_servlets,
|
|
|
|
profile.register_servlets,
|
|
|
|
]
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
2019-07-08 18:41:16 +02:00
|
|
|
config = self.default_config()
|
|
|
|
config["require_auth_for_profile_requests"] = True
|
2019-12-16 17:11:55 +01:00
|
|
|
config["limit_profile_requests_to_users_who_share_rooms"] = True
|
2019-07-08 18:41:16 +02:00
|
|
|
self.hs = self.setup_test_homeserver(config=config)
|
|
|
|
|
|
|
|
return self.hs
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
2019-07-08 18:41:16 +02:00
|
|
|
# User requesting the profile.
|
|
|
|
self.requester = self.register_user("requester", "pass")
|
|
|
|
self.requester_tok = self.login("requester", "pass")
|
|
|
|
|
2022-02-28 18:47:37 +01:00
|
|
|
def test_can_lookup_own_profile(self) -> None:
|
2019-07-08 18:41:16 +02:00
|
|
|
"""Tests that a user can lookup their own profile without having to be in a room
|
|
|
|
if 'require_auth_for_profile_requests' is set to true in the server's config.
|
|
|
|
"""
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-07-08 18:41:16 +02:00
|
|
|
"GET", "/profile/" + self.requester, access_token=self.requester_tok
|
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-07-08 18:41:16 +02:00
|
|
|
"GET",
|
|
|
|
"/profile/" + self.requester + "/displayname",
|
2019-07-08 18:44:20 +02:00
|
|
|
access_token=self.requester_tok,
|
2019-07-08 18:41:16 +02:00
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|
|
|
|
|
2020-12-15 15:44:04 +01:00
|
|
|
channel = self.make_request(
|
2019-07-08 18:41:16 +02:00
|
|
|
"GET",
|
|
|
|
"/profile/" + self.requester + "/avatar_url",
|
2019-07-08 18:44:20 +02:00
|
|
|
access_token=self.requester_tok,
|
2019-07-08 18:41:16 +02:00
|
|
|
)
|
|
|
|
self.assertEqual(channel.code, 200, channel.result)
|