forked-synapse/tests
David Robertson 4f00432ce1
Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981)
There are two steps to rebuilding the user directory:

1. a scan over rooms, followed by
2. a scan over local users.

The former reads avatars and display names from the `room_memberships`
table and therefore contains potentially private avatars and
display names. The latter reads from the the `profiles` table which only
contains public data; moreover it will overwrite any private profiles
that the rooms scan may have written to the user directory. This means
that the rebuild could leak private user while the rebuild was in
progress, only to later cover up the leaks once the rebuild had completed.

This change skips over local users when writing user_directory rows
when scanning rooms. Doing so means that it'll take longer for a rebuild
to make local users searchable, which is unfortunate. I think a future
PR can improve this by swapping the order of the two steps above. (And
indeed there's more to do here, e.g. copying from `profiles` without
going via Python.)

Small tidy-ups while I'm here:

* Remove duplicated code from test_initial. This was meant to be pulled into `purge_and_rebuild_user_dir`.
* Move `is_public` before updating sharing tables. No functional change; it's still before the first read of `is_public`.
* Don't bother creating a set from dict keys. Slightly nicer and makes the code simpler.

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2021-10-05 18:35:25 +01:00
..
api Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
app Use direct references for configuration variables (part 4). (#10893) 2021-09-23 12:03:01 -04:00
appservice Fix errors in Synapse logs from unit tests. (#10939) 2021-09-30 11:03:29 -04:00
config Use direct references for configuration variables (part 7). (#10959) 2021-10-04 07:18:54 -04:00
crypto Rewrite the KeyRing (#10035) 2021-06-02 16:37:59 +01:00
events Strip "join_authorised_via_users_server" from join events which do not need it. (#10933) 2021-10-01 11:39:17 -04:00
federation Fix errors in Synapse logs from unit tests. (#10939) 2021-09-30 11:03:29 -04:00
handlers Consistently exclude from user_directory (#10960) 2021-10-04 11:45:51 +00:00
http Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
logging Add reactor to SynapseRequest and fix up types. (#10868) 2021-09-24 11:01:25 +01:00
module_api Fix errors in Synapse logs from unit tests. (#10939) 2021-09-30 11:03:29 -04:00
push Synapse 1.42.0rc1 (2021-09-01) 2021-09-01 14:58:14 +01:00
replication type-hint HomeserverTestcase.setup_test_homeserver (#10961) 2021-10-01 12:22:47 +01:00
rest Make is_public Optional[bool] for create_room_as test util (#10951) (#10963) 2021-10-04 14:43:03 +00:00
scripts Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
server_notices Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
state Update the MSC3083 support to verify if joins are from an authorized server. (#10254) 2021-07-26 12:17:00 -04:00
storage Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981) 2021-10-05 18:35:25 +01:00
test_utils Create a constant for a small png image in tests. (#10834) 2021-09-16 12:01:14 -04:00
util Use direct references for configuration variables (part 4). (#10893) 2021-09-23 12:03:01 -04:00
__init__.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
server.py Pass str to twisted's IReactorTCP (#10895) 2021-09-30 12:51:47 +01:00
test_distributor.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
test_event_auth.py Strip "join_authorised_via_users_server" from join events which do not need it. (#10933) 2021-10-01 11:39:17 -04:00
test_federation.py Inline _check_event_auth for outliers (#10926) 2021-09-28 15:25:07 +01:00
test_mau.py Add functionality to remove deactivated users from the monthly_active_users table (#10947) 2021-10-04 08:34:42 -07:00
test_metrics.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
test_phone_home.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
test_preview.py Support underscores (in addition to hyphens) for charset detection. (#10410) 2021-07-27 17:29:42 +00:00
test_server.py Add reactor to SynapseRequest and fix up types. (#10868) 2021-09-24 11:01:25 +01:00
test_state.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
test_terms_auth.py Flatten the synapse.rest.client package (#10600) 2021-08-17 11:57:58 +00:00
test_test_utils.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
test_types.py [pyupgrade] tests/ (#10347) 2021-07-13 11:43:15 +01:00
test_visibility.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
unittest.py Consistently exclude from user_directory (#10960) 2021-10-04 11:45:51 +00:00
utils.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00