2018-07-09 02:09:20 -04:00
|
|
|
import json
|
|
|
|
|
2019-02-18 11:49:38 -05:00
|
|
|
from synapse.api.constants import LoginType
|
|
|
|
from synapse.appservice import ApplicationService
|
2018-07-17 06:43:18 -04:00
|
|
|
from synapse.rest.client.v2_alpha.register import register_servlets
|
2018-07-09 02:09:20 -04:00
|
|
|
|
2015-07-28 12:34:12 -04:00
|
|
|
from tests import unittest
|
|
|
|
|
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
class RegisterRestServletTestCase(unittest.HomeserverTestCase):
|
|
|
|
|
|
|
|
servlets = [register_servlets]
|
|
|
|
|
|
|
|
def make_homeserver(self, reactor, clock):
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.url = b"/_matrix/client/r0/register"
|
2015-07-28 12:34:12 -04:00
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
self.hs = self.setup_test_homeserver()
|
2016-02-03 09:42:01 -05:00
|
|
|
self.hs.config.enable_registration = True
|
2018-01-18 19:28:08 -05:00
|
|
|
self.hs.config.registrations_require_3pid = []
|
2017-10-17 05:39:50 -04:00
|
|
|
self.hs.config.auto_join_rooms = []
|
2019-02-18 11:49:38 -05:00
|
|
|
self.hs.config.enable_registration_captcha = False
|
2015-07-28 12:34:12 -04:00
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
return self.hs
|
2015-07-28 12:34:12 -04:00
|
|
|
|
|
|
|
def test_POST_appservice_registration_valid(self):
|
2019-02-18 11:49:38 -05:00
|
|
|
user_id = "@as_user_kermit:test"
|
|
|
|
as_token = "i_am_an_app_service"
|
|
|
|
|
|
|
|
appservice = ApplicationService(
|
|
|
|
as_token, self.hs.config.hostname,
|
|
|
|
id="1234",
|
|
|
|
namespaces={
|
|
|
|
"users": [{"regex": r"@as_user.*", "exclusive": True}],
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
self.hs.get_datastore().services_cache.append(appservice)
|
|
|
|
request_data = json.dumps({"username": "as_user_kermit"})
|
2018-07-17 06:43:18 -04:00
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(
|
2018-07-17 06:43:18 -04:00
|
|
|
b"POST", self.url + b"?access_token=i_am_an_app_service", request_data
|
2016-07-22 09:52:53 -04:00
|
|
|
)
|
2018-11-06 11:00:00 -05:00
|
|
|
self.render(request)
|
2016-07-19 13:46:19 -04:00
|
|
|
|
2018-07-17 06:43:18 -04:00
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
2016-03-09 18:08:37 -05:00
|
|
|
det_data = {
|
2016-03-10 04:13:35 -05:00
|
|
|
"user_id": user_id,
|
2018-07-17 06:43:18 -04:00
|
|
|
"home_server": self.hs.hostname,
|
2016-03-09 18:08:37 -05:00
|
|
|
}
|
2018-08-08 22:22:01 -04:00
|
|
|
self.assertDictContainsSubset(det_data, channel.json_body)
|
2015-07-28 12:34:12 -04:00
|
|
|
|
|
|
|
def test_POST_appservice_registration_invalid(self):
|
|
|
|
self.appservice = None # no application service exists
|
2018-07-17 06:43:18 -04:00
|
|
|
request_data = json.dumps({"username": "kermit"})
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(
|
2018-07-17 06:43:18 -04:00
|
|
|
b"POST", self.url + b"?access_token=i_am_an_app_service", request_data
|
|
|
|
)
|
2018-11-06 11:00:00 -05:00
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"401", channel.result)
|
2015-07-28 12:34:12 -04:00
|
|
|
|
|
|
|
def test_POST_bad_password(self):
|
2018-07-17 06:43:18 -04:00
|
|
|
request_data = json.dumps({"username": "kermit", "password": 666})
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url, request_data)
|
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"400", channel.result)
|
2018-08-10 09:54:09 -04:00
|
|
|
self.assertEquals(channel.json_body["error"], "Invalid password")
|
2015-07-28 12:34:12 -04:00
|
|
|
|
|
|
|
def test_POST_bad_username(self):
|
2018-07-17 06:43:18 -04:00
|
|
|
request_data = json.dumps({"username": 777, "password": "monkey"})
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url, request_data)
|
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"400", channel.result)
|
2018-08-10 09:54:09 -04:00
|
|
|
self.assertEquals(channel.json_body["error"], "Invalid username")
|
2018-07-17 06:43:18 -04:00
|
|
|
|
2015-07-28 12:34:12 -04:00
|
|
|
def test_POST_user_valid(self):
|
2019-02-18 11:49:38 -05:00
|
|
|
user_id = "@kermit:test"
|
2016-07-19 13:38:26 -04:00
|
|
|
device_id = "frogfone"
|
2019-02-18 11:49:38 -05:00
|
|
|
params = {
|
|
|
|
"username": "kermit",
|
|
|
|
"password": "monkey",
|
|
|
|
"device_id": device_id,
|
|
|
|
"auth": {"type": LoginType.DUMMY},
|
|
|
|
}
|
2019-02-18 08:43:16 -05:00
|
|
|
request_data = json.dumps(params)
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url, request_data)
|
|
|
|
self.render(request)
|
2015-07-28 12:34:12 -04:00
|
|
|
|
2016-03-09 18:08:37 -05:00
|
|
|
det_data = {
|
2016-03-10 04:13:35 -05:00
|
|
|
"user_id": user_id,
|
2016-07-19 13:38:26 -04:00
|
|
|
"home_server": self.hs.hostname,
|
|
|
|
"device_id": device_id,
|
2016-03-09 18:08:37 -05:00
|
|
|
}
|
2018-07-17 06:43:18 -04:00
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
2018-08-08 22:22:01 -04:00
|
|
|
self.assertDictContainsSubset(det_data, channel.json_body)
|
2015-07-28 12:34:12 -04:00
|
|
|
|
|
|
|
def test_POST_disabled_registration(self):
|
2016-02-03 09:42:01 -05:00
|
|
|
self.hs.config.enable_registration = False
|
2018-07-17 06:43:18 -04:00
|
|
|
request_data = json.dumps({"username": "kermit", "password": "monkey"})
|
|
|
|
self.auth_result = (None, {"username": "kermit", "password": "monkey"}, None)
|
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url, request_data)
|
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"403", channel.result)
|
2018-08-10 09:54:09 -04:00
|
|
|
self.assertEquals(channel.json_body["error"], "Registration has been disabled")
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
def test_POST_guest_registration(self):
|
|
|
|
self.hs.config.macaroon_secret_key = "test"
|
|
|
|
self.hs.config.allow_guest_access = True
|
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
det_data = {
|
|
|
|
"home_server": self.hs.hostname,
|
|
|
|
"device_id": "guest_device",
|
|
|
|
}
|
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
2018-08-08 22:22:01 -04:00
|
|
|
self.assertDictContainsSubset(det_data, channel.json_body)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
def test_POST_disabled_guest_registration(self):
|
|
|
|
self.hs.config.allow_guest_access = False
|
|
|
|
|
2018-11-06 11:00:00 -05:00
|
|
|
request, channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
|
|
|
self.render(request)
|
2018-07-17 06:43:18 -04:00
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"403", channel.result)
|
2018-08-10 09:54:09 -04:00
|
|
|
self.assertEquals(channel.json_body["error"], "Guest access is disabled")
|
2019-03-05 09:25:33 -05:00
|
|
|
|
|
|
|
def test_POST_ratelimiting_guest(self):
|
|
|
|
self.hs.config.rc_registration_request_burst_count = 5
|
|
|
|
|
|
|
|
for i in range(0, 6):
|
|
|
|
url = self.url + b"?kind=guest"
|
|
|
|
request, channel = self.make_request(b"POST", url, b"{}")
|
|
|
|
self.render(request)
|
|
|
|
|
|
|
|
if i == 5:
|
|
|
|
self.assertEquals(channel.result["code"], b"429", channel.result)
|
|
|
|
retry_after_ms = int(channel.json_body["retry_after_ms"])
|
|
|
|
else:
|
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
|
|
|
|
|
|
|
self.reactor.advance(retry_after_ms / 1000.)
|
|
|
|
|
|
|
|
request, channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
|
|
|
self.render(request)
|
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
|
|
|
|
|
|
|
def test_POST_ratelimiting(self):
|
|
|
|
self.hs.config.rc_registration_request_burst_count = 5
|
|
|
|
|
|
|
|
for i in range(0, 6):
|
|
|
|
params = {
|
|
|
|
"username": "kermit" + str(i),
|
|
|
|
"password": "monkey",
|
|
|
|
"device_id": "frogfone",
|
|
|
|
"auth": {"type": LoginType.DUMMY},
|
|
|
|
}
|
|
|
|
request_data = json.dumps(params)
|
|
|
|
request, channel = self.make_request(b"POST", self.url, request_data)
|
|
|
|
self.render(request)
|
|
|
|
|
|
|
|
if i == 5:
|
|
|
|
self.assertEquals(channel.result["code"], b"429", channel.result)
|
|
|
|
retry_after_ms = int(channel.json_body["retry_after_ms"])
|
|
|
|
else:
|
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|
|
|
|
|
|
|
|
self.reactor.advance(retry_after_ms / 1000.)
|
|
|
|
|
|
|
|
request, channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
|
|
|
self.render(request)
|
|
|
|
|
|
|
|
self.assertEquals(channel.result["code"], b"200", channel.result)
|