forked-synapse/tests/test_terms_auth.py

#
# This file is licensed under the Affero General Public License (AGPL) version 3.
#
# Copyright (C) 2023 New Vector, Ltd
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# See the GNU Affero General Public License for more details:
# <https://www.gnu.org/licenses/agpl-3.0.html>.
#
# Originally licensed under the Apache License, Version 2.0:
# <http://www.apache.org/licenses/LICENSE-2.0>.
#
# [This file includes modifications made by New Vector Limited]
#
#

from unittest.mock import Mock

from twisted.internet.interfaces import IReactorTime
from twisted.test.proto_helpers import MemoryReactor, MemoryReactorClock

from synapse.rest.client.register import register_servlets
from synapse.server import HomeServer
from synapse.types import JsonDict
from synapse.util import Clock

from tests import unittest


class TermsTestCase(unittest.HomeserverTestCase):
    servlets = [register_servlets]

    def default_config(self) -> JsonDict:
        config = super().default_config()
        config.update(
            {
                "public_baseurl": "https://example.org/",
                "user_consent": {
                    "version": "1.0",
                    "policy_name": "My Cool Privacy Policy",
                    "template_dir": "/",
                    "require_at_registration": True,
                },
            }
        )
        return config

    def prepare(
        self, reactor: MemoryReactor, clock: Clock, homeserver: HomeServer
    ) -> None:
        # type-ignore: mypy-zope doesn't seem to recognise that MemoryReactorClock
        # implements IReactorTime, via inheritance from twisted.internet.testing.Clock
        self.clock: IReactorTime = MemoryReactorClock()  # type: ignore[assignment]
        self.hs_clock = Clock(self.clock)
        self.url = "/_matrix/client/r0/register"
        self.registration_handler = Mock()
        self.auth_handler = Mock()
        self.device_handler = Mock()

    def test_ui_auth(self) -> None:
        # Do a UI auth request
        request_data: JsonDict = {"username": "kermit", "password": "monkey"}
        channel = self.make_request(b"POST", self.url, request_data)

        self.assertEqual(channel.code, 401, channel.result)

        self.assertTrue(channel.json_body is not None)
        self.assertIsInstance(channel.json_body["session"], str)

        self.assertIsInstance(channel.json_body["flows"], list)
        for flow in channel.json_body["flows"]:
            self.assertIsInstance(flow["stages"], list)
            self.assertTrue(len(flow["stages"]) > 0)
            self.assertTrue("m.login.terms" in flow["stages"])

        expected_params = {
            "m.login.terms": {
                "policies": {
                    "privacy_policy": {
                        "en": {
                            "name": "My Cool Privacy Policy",
                            "url": "https://example.org/_matrix/consent?v=1.0",
                        },
                        "version": "1.0",
                    }
                }
            }
        }
        self.assertIsInstance(channel.json_body["params"], dict)
        self.assertLessEqual(
            channel.json_body["params"].items(), expected_params.items()
        )

        # We have to complete the dummy auth stage before completing the terms stage
        request_data = {
            "username": "kermit",
            "password": "monkey",
            "auth": {
                "session": channel.json_body["session"],
                "type": "m.login.dummy",
            },
        }

        self.registration_handler.check_username = Mock(return_value=True)

        channel = self.make_request(b"POST", self.url, request_data)

        # We don't bother checking that the response is correct - we'll leave that to
        # other tests. We just want to make sure we're on the right path.
        self.assertEqual(channel.code, 401, channel.result)

        # Finish the UI auth for terms
        request_data = {
            "username": "kermit",
            "password": "monkey",
            "auth": {
                "session": channel.json_body["session"],
                "type": "m.login.terms",
            },
        }
        channel = self.make_request(b"POST", self.url, request_data)

        # We're interested in getting a response that looks like a successful
        # registration, not so much that the details are exactly what we want.

        self.assertEqual(channel.code, 200, channel.result)

        self.assertTrue(channel.json_body is not None)
        self.assertIsInstance(channel.json_body["user_id"], str)
        self.assertIsInstance(channel.json_body["access_token"], str)
        self.assertIsInstance(channel.json_body["device_id"], str)
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`#`
Update license headers 2023-11-21 15:29:58 -05:00			`# This file is licensed under the Affero General Public License (AGPL) version 3.`
			`#`
			`# Copyright (C) 2023 New Vector, Ltd`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as`
			`# published by the Free Software Foundation, either version 3 of the`
			`# License, or (at your option) any later version.`
			`#`
			`# See the GNU Affero General Public License for more details:`
			`# <https://www.gnu.org/licenses/agpl-3.0.html>.`
			`#`
			`# Originally licensed under the Apache License, Version 2.0:`
			`# <http://www.apache.org/licenses/LICENSE-2.0>.`
			`#`
			`# [This file includes modifications made by New Vector Limited]`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`#`
			`#`

Use mock from the stdlib. (#9772) 2021-04-09 13:44:38 -04:00			`from unittest.mock import Mock`
It helps to import things 2018-10-24 15:32:13 -04:00
Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`from twisted.internet.interfaces import IReactorTime`
			`from twisted.test.proto_helpers import MemoryReactor, MemoryReactorClock`
It helps to import things 2018-10-24 15:32:13 -04:00
Flatten the synapse.rest.client package (#10600) 2021-08-17 07:57:58 -04:00			`from synapse.rest.client.register import register_servlets`
Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`from synapse.server import HomeServer`
			`from synapse.types import JsonDict`
It helps to import things 2018-10-24 15:32:13 -04:00			`from synapse.util import Clock`

			`from tests import unittest`


Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`class TermsTestCase(unittest.HomeserverTestCase):`
			`servlets = [register_servlets]`

Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`def default_config(self) -> JsonDict:`
Remove spurious "name" parameter to `default_config` this is never set to anything other than "test", and is a source of unnecessary boilerplate. 2020-03-24 14:33:49 -04:00			`config = super().default_config()`
Refactor code for calculating registration flows (#6106) because, frankly, it looked like it was written by an axe-murderer. This should be a non-functional change, except that where `m.login.dummy` was previously advertised before `m.login.terms`, it will now be advertised afterwards. AFAICT that should have no effect, and will be more consistent with the flows that involve passing a 3pid. 2019-09-25 06:32:05 -04:00			`config.update(`
			`{`
			`"public_baseurl": "https://example.org/",`
			`"user_consent": {`
			`"version": "1.0",`
			`"policy_name": "My Cool Privacy Policy",`
			`"template_dir": "/",`
			`"require_at_registration": True,`
			`},`
			`}`
			`)`
			`return config`

Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`def prepare(`
			`self, reactor: MemoryReactor, clock: Clock, homeserver: HomeServer`
			`) -> None:`
			`# type-ignore: mypy-zope doesn't seem to recognise that MemoryReactorClock`
			`# implements IReactorTime, via inheritance from twisted.internet.testing.Clock`
			`self.clock: IReactorTime = MemoryReactorClock() # type: ignore[assignment]`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`self.hs_clock = Clock(self.clock)`
			`self.url = "/_matrix/client/r0/register"`
			`self.registration_handler = Mock()`
			`self.auth_handler = Mock()`
			`self.device_handler = Mock()`

Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`def test_ui_auth(self) -> None:`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`# Do a UI auth request`
Proper types for tests.test_terms_auth (#15007) * Proper types for tests.test_terms_auth * Changelog 2023-02-07 07:03:39 -05:00			`request_data: JsonDict = {"username": "kermit", "password": "monkey"}`
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it. 2020-12-15 09:44:04 -05:00			`channel = self.make_request(b"POST", self.url, request_data)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 10:59:09 -04:00			`self.assertEqual(channel.code, 401, channel.result)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`self.assertTrue(channel.json_body is not None)`
Replace all remaining six usage with native Python 3 equivalents (#7704) 2020-06-16 08:51:47 -04:00			`self.assertIsInstance(channel.json_body["session"], str)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`self.assertIsInstance(channel.json_body["flows"], list)`
			`for flow in channel.json_body["flows"]:`
			`self.assertIsInstance(flow["stages"], list)`
			`self.assertTrue(len(flow["stages"]) > 0)`
Terms might not be the last stage 2019-05-13 11:10:26 -04:00			`self.assertTrue("m.login.terms" in flow["stages"])`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`expected_params = {`
			`"m.login.terms": {`
			`"policies": {`
			`"privacy_policy": {`
			`"en": {`
Add config variables for enabling terms auth and the policy name (#4142) So people can still collect consent the old way if they want to. 2018-11-06 05:32:34 -05:00			`"name": "My Cool Privacy Policy",`
The tests also need a version parameter 2018-10-31 15:28:08 -04:00			`"url": "https://example.org/_matrix/consent?v=1.0",`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`},`
Run Black on the tests again (#5170) 2019-05-10 01:12:11 -04:00			`"version": "1.0",`
			`}`
			`}`
			`}`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00			`}`
			`self.assertIsInstance(channel.json_body["params"], dict)`
Prepare unit tests for Python 3.12 (#16099) 2023-08-25 15:05:10 -04:00			`self.assertLessEqual(`
			`channel.json_body["params"].items(), expected_params.items()`
			`)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`# We have to complete the dummy auth stage before completing the terms stage`
Remove unnecessary `json.dumps` from tests (#13303) 2022-07-17 17:28:45 -04:00			`request_data = {`
			`"username": "kermit",`
			`"password": "monkey",`
			`"auth": {`
			`"session": channel.json_body["session"],`
			`"type": "m.login.dummy",`
			`},`
			`}`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`self.registration_handler.check_username = Mock(return_value=True)`

Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it. 2020-12-15 09:44:04 -05:00			`channel = self.make_request(b"POST", self.url, request_data)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`# We don't bother checking that the response is correct - we'll leave that to`
			`# other tests. We just want to make sure we're on the right path.`
Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 10:59:09 -04:00			`self.assertEqual(channel.code, 401, channel.result)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`# Finish the UI auth for terms`
Remove unnecessary `json.dumps` from tests (#13303) 2022-07-17 17:28:45 -04:00			`request_data = {`
			`"username": "kermit",`
			`"password": "monkey",`
			`"auth": {`
			`"session": channel.json_body["session"],`
			`"type": "m.login.terms",`
			`},`
			`}`
Remove spurious "SynapseRequest" result from `make_request" This was never used, so let's get rid of it. 2020-12-15 09:44:04 -05:00			`channel = self.make_request(b"POST", self.url, request_data)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
pep8 2018-10-24 15:54:38 -04:00			`# We're interested in getting a response that looks like a successful`
			`# registration, not so much that the details are exactly what we want.`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
Use literals in place of `HTTPStatus` constants in tests (#13463) 2022-08-05 10:59:09 -04:00			`self.assertEqual(channel.code, 200, channel.result)`
Move test to where the other integration tests are 2018-10-24 15:24:24 -04:00
			`self.assertTrue(channel.json_body is not None)`
Replace all remaining six usage with native Python 3 equivalents (#7704) 2020-06-16 08:51:47 -04:00			`self.assertIsInstance(channel.json_body["user_id"], str)`
			`self.assertIsInstance(channel.json_body["access_token"], str)`
			`self.assertIsInstance(channel.json_body["device_id"], str)`