mirror of
https://github.com/element-hq/synapse.git
synced 2026-04-26 13:07:46 +00:00
93e0497fc3
Currently synapse returns `M_FORBIDDEN` when trying to use the account deactivation API, if the server admin disabled displayname changes. This is undesirable, since it prevents GDPR erasure without admin interaction. The admin API seems to work fine though. This also only seems to affect the deactivate API, when the erase flag is true. Relevant endpoint: https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3accountdeactivate This change only removes the checked for condition that the displayname and profile avatar are allowed to be changed per the configuration setting. If a user is deleting themselves, why is that denied? There did not seem to be a basic test for this endpoint that checks the `erase` usage, so that was added as well as checking the above mentioned behavior.
602 lines
22 KiB
Python
602 lines
22 KiB
Python
#
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
#
|
|
# Copyright 2014-2016 OpenMarket Ltd
|
|
# Copyright (C) 2023 New Vector, Ltd
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# See the GNU Affero General Public License for more details:
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
#
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
#
|
|
# [This file includes modifications made by New Vector Limited]
|
|
#
|
|
#
|
|
from typing import Any, Awaitable, Callable
|
|
from unittest.mock import AsyncMock, Mock, patch
|
|
|
|
from parameterized import parameterized
|
|
|
|
from twisted.internet.testing import MemoryReactor
|
|
|
|
import synapse.types
|
|
from synapse.api.constants import EventTypes
|
|
from synapse.api.errors import AuthError, SynapseError
|
|
from synapse.rest import admin
|
|
from synapse.rest.client import login, room
|
|
from synapse.server import HomeServer
|
|
from synapse.types import JsonDict, UserID
|
|
from synapse.types.state import StateFilter
|
|
from synapse.util.clock import Clock
|
|
from synapse.util.duration import Duration
|
|
from synapse.util.task_scheduler import TaskStatus
|
|
|
|
from tests import unittest
|
|
from tests.unittest import override_config
|
|
|
|
|
|
class ProfileTestCase(unittest.HomeserverTestCase):
|
|
"""Tests profile management."""
|
|
|
|
servlets = [
|
|
admin.register_servlets,
|
|
login.register_servlets,
|
|
room.register_servlets,
|
|
]
|
|
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
|
self.mock_federation = AsyncMock()
|
|
self.mock_registry = Mock()
|
|
|
|
self.query_handlers: dict[str, Callable[[dict], Awaitable[JsonDict]]] = {}
|
|
|
|
def register_query_handler(
|
|
query_type: str, handler: Callable[[dict], Awaitable[JsonDict]]
|
|
) -> None:
|
|
self.query_handlers[query_type] = handler
|
|
|
|
self.mock_registry.register_query_handler = register_query_handler
|
|
|
|
hs = self.setup_test_homeserver(
|
|
federation_client=self.mock_federation,
|
|
federation_server=Mock(),
|
|
federation_registry=self.mock_registry,
|
|
)
|
|
return hs
|
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
|
self.store = hs.get_datastores().main
|
|
self.storage_controllers = self.hs.get_storage_controllers()
|
|
self.task_scheduler = hs.get_task_scheduler()
|
|
|
|
self.frank = UserID.from_string("@1234abcd:test")
|
|
self.bob = UserID.from_string("@4567:test")
|
|
self.alice = UserID.from_string("@alice:remote")
|
|
|
|
self.register_user(self.frank.localpart, "frankpassword")
|
|
self.frank_token = self.login(self.frank.localpart, "frankpassword")
|
|
|
|
self.handler = hs.get_profile_handler()
|
|
|
|
def test_get_my_name(self) -> None:
|
|
self.get_success(self.store.set_profile_displayname(self.frank, "Frank"))
|
|
|
|
displayname = self.get_success(self.handler.get_displayname(self.frank))
|
|
|
|
self.assertEqual("Frank", displayname)
|
|
|
|
def test_set_my_name(self) -> None:
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
|
|
)
|
|
)
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_displayname(self.frank))),
|
|
"Frank Jr.",
|
|
)
|
|
|
|
# Set displayname again
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank"
|
|
)
|
|
)
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_displayname(self.frank))),
|
|
"Frank",
|
|
)
|
|
|
|
# Set displayname to an empty string
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), ""
|
|
)
|
|
)
|
|
|
|
self.assertIsNone(
|
|
self.get_success(self.store.get_profile_displayname(self.frank))
|
|
)
|
|
|
|
def test_update_room_membership_on_set_displayname(self) -> None:
|
|
"""Test that `set_displayname` updates membership events in rooms."""
|
|
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank"
|
|
)
|
|
)
|
|
|
|
room_id = self.helper.create_room_as(
|
|
self.frank.to_string(), tok=self.frank_token
|
|
)
|
|
|
|
state_tuple = (EventTypes.Member, self.frank.to_string())
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(membership[state_tuple].content["displayname"], "Frank")
|
|
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
|
|
)
|
|
)
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(membership[state_tuple].content["displayname"], "Frank Jr.")
|
|
|
|
def test_background_update_room_membership_on_set_displayname(self) -> None:
|
|
"""Test that `set_displayname` returns immediately and that room membership updates are still done in background."""
|
|
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank"
|
|
)
|
|
)
|
|
|
|
room_id = self.helper.create_room_as(
|
|
self.frank.to_string(), tok=self.frank_token
|
|
)
|
|
|
|
original_update_membership = self.hs.get_room_member_handler().update_membership
|
|
|
|
async def slow_update_membership(*args: Any, **kwargs: Any) -> tuple[str, int]:
|
|
await self.clock.sleep(Duration(milliseconds=10))
|
|
return await original_update_membership(*args, **kwargs)
|
|
|
|
with patch.object(
|
|
self.hs.get_room_member_handler(),
|
|
"update_membership",
|
|
side_effect=slow_update_membership,
|
|
):
|
|
state_tuple = (EventTypes.Member, self.frank.to_string())
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
|
|
)
|
|
)
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(membership[state_tuple].content["displayname"], "Frank")
|
|
|
|
# Let's be sure we are over the delay introduced by slow_update_membership
|
|
self.get_success(self.clock.sleep(Duration(milliseconds=20)), by=1)
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(
|
|
membership[state_tuple].content["displayname"], "Frank Jr."
|
|
)
|
|
|
|
def test_background_update_room_membership_resume_after_restart(self) -> None:
|
|
"""Test that room membership updates triggered by changing the avatar or the display name are resumed after a restart."""
|
|
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank"
|
|
)
|
|
)
|
|
|
|
room_id_1 = self.helper.create_room_as(
|
|
self.frank.to_string(), tok=self.frank_token
|
|
)
|
|
|
|
room_id_2 = self.helper.create_room_as(
|
|
self.frank.to_string(), tok=self.frank_token
|
|
)
|
|
|
|
# Ensure `room_id_1` comes before `room_id_2` alphabetically
|
|
if room_id_1 > room_id_2:
|
|
room_id_1, room_id_2 = room_id_2, room_id_1
|
|
|
|
original_update_membership = self.hs.get_room_member_handler().update_membership
|
|
|
|
room_1_updated = False
|
|
|
|
async def potentially_slow_update_membership(
|
|
*args: Any, **kwargs: Any
|
|
) -> tuple[str, int]:
|
|
if args[2] == room_id_2:
|
|
await self.clock.sleep(Duration(milliseconds=10))
|
|
if args[2] == room_id_1:
|
|
nonlocal room_1_updated
|
|
room_1_updated = True
|
|
return await original_update_membership(*args, **kwargs)
|
|
|
|
with patch.object(
|
|
self.hs.get_room_member_handler(),
|
|
"update_membership",
|
|
side_effect=potentially_slow_update_membership,
|
|
):
|
|
state_tuple = (EventTypes.Member, self.frank.to_string())
|
|
self.get_success(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
|
|
)
|
|
)
|
|
|
|
# Check that the displayname is updated immediately for the first room
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id_1, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(
|
|
membership[state_tuple].content["displayname"], "Frank Jr."
|
|
)
|
|
|
|
# Simulate a synapse restart by emptying the list of running tasks
|
|
# and canceling the deferred
|
|
_, deferred = self.task_scheduler._running_tasks.popitem()
|
|
deferred.cancel()
|
|
|
|
# Let's reset the flag to track whether room 1 was updated after the restart
|
|
room_1_updated = False
|
|
|
|
# Let's be sure we are over the delay introduced by slow_update_membership
|
|
# and that the task was not executed as expected
|
|
self.get_success(self.clock.sleep(Duration(milliseconds=20)), by=1)
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id_2, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(membership[state_tuple].content["displayname"], "Frank")
|
|
|
|
cancelled_task = self.get_success(
|
|
self.task_scheduler.get_tasks(
|
|
actions=["update_join_states"], statuses=[TaskStatus.CANCELLED]
|
|
)
|
|
)[0]
|
|
|
|
self.get_success(
|
|
self.task_scheduler.update_task(
|
|
cancelled_task.id, status=TaskStatus.ACTIVE
|
|
)
|
|
)
|
|
|
|
# Let's be sure we are over the delay introduced by slow_update_membership
|
|
self.get_success(self.clock.sleep(Duration(milliseconds=20)), by=1)
|
|
|
|
# Updates should have been resumed from room 2 after the restart
|
|
# so room 1 should not have been updated this time
|
|
self.assertFalse(room_1_updated)
|
|
|
|
membership = self.get_success(
|
|
self.storage_controllers.state.get_current_state(
|
|
room_id_2, StateFilter.from_types([state_tuple])
|
|
)
|
|
)
|
|
self.assertEqual(
|
|
membership[state_tuple].content["displayname"], "Frank Jr."
|
|
)
|
|
|
|
@override_config({"enable_set_displayname": False})
|
|
def test_set_my_name_if_disabled(self) -> None:
|
|
# Setting displayname for the first time is allowed
|
|
self.get_success(self.store.set_profile_displayname(self.frank, "Frank"))
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_displayname(self.frank))),
|
|
"Frank",
|
|
)
|
|
|
|
# Setting displayname a second time is forbidden
|
|
self.get_failure(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
|
|
),
|
|
SynapseError,
|
|
)
|
|
|
|
def test_set_my_name_noauth(self) -> None:
|
|
self.get_failure(
|
|
self.handler.set_displayname(
|
|
self.frank, synapse.types.create_requester(self.bob), "Frank Jr."
|
|
),
|
|
AuthError,
|
|
)
|
|
|
|
def test_get_other_name(self) -> None:
|
|
self.mock_federation.make_query.return_value = {"displayname": "Alice"}
|
|
|
|
displayname = self.get_success(self.handler.get_displayname(self.alice))
|
|
|
|
self.assertEqual(displayname, "Alice")
|
|
self.mock_federation.make_query.assert_called_with(
|
|
destination="remote",
|
|
query_type="profile",
|
|
args={"user_id": "@alice:remote", "field": "displayname"},
|
|
ignore_backoff=True,
|
|
)
|
|
|
|
def test_incoming_fed_query(self) -> None:
|
|
self.get_success(
|
|
self.store.create_profile(UserID.from_string("@caroline:test"))
|
|
)
|
|
self.get_success(
|
|
self.store.set_profile_displayname(
|
|
UserID.from_string("@caroline:test"), "Caroline"
|
|
)
|
|
)
|
|
|
|
response = self.get_success(
|
|
self.query_handlers["profile"](
|
|
{
|
|
"user_id": "@caroline:test",
|
|
"field": "displayname",
|
|
"origin": "servername.tld",
|
|
}
|
|
)
|
|
)
|
|
|
|
self.assertEqual({"displayname": "Caroline"}, response)
|
|
|
|
def test_get_my_avatar(self) -> None:
|
|
self.get_success(
|
|
self.store.set_profile_avatar_url(self.frank, "http://my.server/me.png")
|
|
)
|
|
avatar_url = self.get_success(self.handler.get_avatar_url(self.frank))
|
|
|
|
self.assertEqual("http://my.server/me.png", avatar_url)
|
|
|
|
def test_get_profile_empty_displayname(self) -> None:
|
|
self.get_success(self.store.set_profile_displayname(self.frank, None))
|
|
self.get_success(
|
|
self.store.set_profile_avatar_url(self.frank, "http://my.server/me.png")
|
|
)
|
|
|
|
profile = self.get_success(self.handler.get_profile(self.frank.to_string()))
|
|
|
|
self.assertEqual("http://my.server/me.png", profile["avatar_url"])
|
|
|
|
def test_set_my_avatar(self) -> None:
|
|
self.get_success(
|
|
self.handler.set_avatar_url(
|
|
self.frank,
|
|
synapse.types.create_requester(self.frank),
|
|
"http://my.server/pic.gif",
|
|
)
|
|
)
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_avatar_url(self.frank))),
|
|
"http://my.server/pic.gif",
|
|
)
|
|
|
|
# Set avatar again
|
|
self.get_success(
|
|
self.handler.set_avatar_url(
|
|
self.frank,
|
|
synapse.types.create_requester(self.frank),
|
|
"http://my.server/me.png",
|
|
)
|
|
)
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_avatar_url(self.frank))),
|
|
"http://my.server/me.png",
|
|
)
|
|
|
|
# Set avatar to an empty string
|
|
self.get_success(
|
|
self.handler.set_avatar_url(
|
|
self.frank,
|
|
synapse.types.create_requester(self.frank),
|
|
"",
|
|
)
|
|
)
|
|
|
|
self.assertIsNone(
|
|
(self.get_success(self.store.get_profile_avatar_url(self.frank))),
|
|
)
|
|
|
|
@override_config({"enable_set_avatar_url": False})
|
|
def test_set_my_avatar_if_disabled(self) -> None:
|
|
# Setting displayname for the first time is allowed
|
|
self.get_success(
|
|
self.store.set_profile_avatar_url(self.frank, "http://my.server/me.png")
|
|
)
|
|
|
|
self.assertEqual(
|
|
(self.get_success(self.store.get_profile_avatar_url(self.frank))),
|
|
"http://my.server/me.png",
|
|
)
|
|
|
|
# Set avatar a second time is forbidden
|
|
self.get_failure(
|
|
self.handler.set_avatar_url(
|
|
self.frank,
|
|
synapse.types.create_requester(self.frank),
|
|
"http://my.server/pic.gif",
|
|
),
|
|
SynapseError,
|
|
)
|
|
|
|
def test_avatar_constraints_no_config(self) -> None:
|
|
"""Tests that the method to check an avatar against configured constraints skips
|
|
all of its check if no constraint is configured.
|
|
"""
|
|
# The first check that's done by this method is whether the file exists; if we
|
|
# don't get an error on a non-existing file then it means all of the checks were
|
|
# successfully skipped.
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/unknown_file")
|
|
)
|
|
self.assertTrue(res)
|
|
|
|
@unittest.override_config({"max_avatar_size": 50})
|
|
def test_avatar_constraints_allow_empty_avatar_url(self) -> None:
|
|
"""An empty avatar is always permitted."""
|
|
res = self.get_success(self.handler.check_avatar_size_and_mime_type(""))
|
|
self.assertTrue(res)
|
|
|
|
@unittest.override_config({"max_avatar_size": 50})
|
|
def test_avatar_constraints_missing(self) -> None:
|
|
"""Tests that an avatar isn't allowed if the file at the given MXC URI couldn't
|
|
be found.
|
|
"""
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/unknown_file")
|
|
)
|
|
self.assertFalse(res)
|
|
|
|
@unittest.override_config({"max_avatar_size": 50})
|
|
def test_avatar_constraints_file_size(self) -> None:
|
|
"""Tests that a file that's above the allowed file size is forbidden but one
|
|
that's below it is allowed.
|
|
"""
|
|
self._setup_local_files(
|
|
{
|
|
"small": {"size": 40},
|
|
"big": {"size": 60},
|
|
}
|
|
)
|
|
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/small")
|
|
)
|
|
self.assertTrue(res)
|
|
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/big")
|
|
)
|
|
self.assertFalse(res)
|
|
|
|
@unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
|
|
def test_avatar_constraint_mime_type(self) -> None:
|
|
"""Tests that a file with an unauthorised MIME type is forbidden but one with
|
|
an authorised content type is allowed.
|
|
"""
|
|
self._setup_local_files(
|
|
{
|
|
"good": {"mimetype": "image/png"},
|
|
"bad": {"mimetype": "application/octet-stream"},
|
|
}
|
|
)
|
|
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/good")
|
|
)
|
|
self.assertTrue(res)
|
|
|
|
res = self.get_success(
|
|
self.handler.check_avatar_size_and_mime_type("mxc://test/bad")
|
|
)
|
|
self.assertFalse(res)
|
|
|
|
@unittest.override_config(
|
|
{"server_name": "test:8888", "allowed_avatar_mimetypes": ["image/png"]}
|
|
)
|
|
def test_avatar_constraint_on_local_server_with_port(self) -> None:
|
|
"""Test that avatar metadata is correctly fetched when the media is on a local
|
|
server and the server has an explicit port.
|
|
|
|
(This was previously a bug)
|
|
"""
|
|
local_server_name = self.hs.config.server.server_name
|
|
media_id = "local"
|
|
local_mxc = f"mxc://{local_server_name}/{media_id}"
|
|
|
|
# mock up the existence of the avatar file
|
|
self._setup_local_files({media_id: {"mimetype": "image/png"}})
|
|
|
|
# and now check that check_avatar_size_and_mime_type is happy
|
|
self.assertTrue(
|
|
self.get_success(self.handler.check_avatar_size_and_mime_type(local_mxc))
|
|
)
|
|
|
|
@parameterized.expand([("remote",), ("remote:1234",)])
|
|
@unittest.override_config({"allowed_avatar_mimetypes": ["image/png"]})
|
|
def test_check_avatar_on_remote_server(self, remote_server_name: str) -> None:
|
|
"""Test that avatar metadata is correctly fetched from a remote server"""
|
|
media_id = "remote"
|
|
remote_mxc = f"mxc://{remote_server_name}/{media_id}"
|
|
|
|
# if the media is remote, check_avatar_size_and_mime_type just checks the
|
|
# media cache, so we don't need to instantiate a real remote server. It is
|
|
# sufficient to poke an entry into the db.
|
|
self.get_success(
|
|
self.hs.get_datastores().main.store_cached_remote_media(
|
|
media_id=media_id,
|
|
media_type="image/png",
|
|
media_length=50,
|
|
origin=remote_server_name,
|
|
time_now_ms=self.clock.time_msec(),
|
|
upload_name=None,
|
|
filesystem_id="xyz",
|
|
sha256="abcdefg12345",
|
|
)
|
|
)
|
|
|
|
self.assertTrue(
|
|
self.get_success(self.handler.check_avatar_size_and_mime_type(remote_mxc))
|
|
)
|
|
|
|
def _setup_local_files(self, names_and_props: dict[str, dict[str, Any]]) -> None:
|
|
"""Stores metadata about files in the database.
|
|
|
|
Args:
|
|
names_and_props: A dictionary with one entry per file, with the key being the
|
|
file's name, and the value being a dictionary of properties. Supported
|
|
properties are "mimetype" (for the file's type) and "size" (for the
|
|
file's size).
|
|
"""
|
|
store = self.hs.get_datastores().main
|
|
|
|
for name, props in names_and_props.items():
|
|
self.get_success(
|
|
store.store_local_media(
|
|
media_id=name,
|
|
media_type=props.get("mimetype", "image/png"),
|
|
time_now_ms=self.clock.time_msec(),
|
|
upload_name=None,
|
|
media_length=props.get("size", 50),
|
|
user_id=UserID.from_string("@rin:test"),
|
|
)
|
|
)
|