From 75047fda95911366f4dd668d0a7c2dd6be048b8f Mon Sep 17 00:00:00 2001 From: Half-Shot Date: Tue, 18 Jan 2022 15:43:12 +0000 Subject: [PATCH] Add integration tests for E2EE --- config/harness-pan.yaml | 185 ++++++++++++++++++++++++++++++++++++++++ config/harness.yaml | 16 +--- mx-tester.yml | 1 + package.json | 1 + 4 files changed, 191 insertions(+), 12 deletions(-) create mode 100644 config/harness-pan.yaml diff --git a/config/harness-pan.yaml b/config/harness-pan.yaml new file mode 100644 index 0000000..2c82d37 --- /dev/null +++ b/config/harness-pan.yaml @@ -0,0 +1,185 @@ +# This configuration file is for the integration tests run by yarn:integration. +# Unless you're working on the test suite, you should probably rather check +# default.yaml! + +# Where the homeserver is located (client-server URL). This should point at +# pantalaimon if you're using that. +homeserverUrl: "http://localhost:8081" + +# Where the homeserver is located (client-server URL). NOT pantalaimon. +rawHomeserverUrl: "http://localhost:8081" + +# Pantalaimon options (https://github.com/matrix-org/pantalaimon) +pantalaimon: + # If true, accessToken above is ignored and the username/password below will be + # used instead. The access token of the bot will be stored in the dataPath. + use: true + + # The username to login with. + username: mjolnir + + # The password to login with. Can be removed after the bot has logged in once and + # stored the access token. + password: mjolnir + +# The directory the bot should store various bits of information in +dataPath: "./test/harness/mjolnir-data/" + +# If true (the default), only users in the `managementRoom` can invite the bot +# to new rooms. +autojoinOnlyIfManager: true + +# If `autojoinOnlyIfManager` is false, only the members in this group can invite +# the bot to new rooms. +acceptInvitesFromGroup: '+example:example.org' + +# If the bot is invited to a room and it won't accept the invite (due to the +# conditions above), report it to the management room. Defaults to disabled (no +# reporting). +recordIgnoredInvites: false + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias or room ID - not a matrix.to URL. +# Note: Mjolnir is fairly verbose - expect a lot of messages from it. +managementRoom: "#moderators:localhost:9999" + +# Set to false to make the management room a bit quieter. +verboseLogging: true + +# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR. +# This should be at INFO or DEBUG in order to get support for Mjolnir problems. +logLevel: "DEBUG" + +# Set to false to disable synchronizing the ban lists on startup. If true, this +# is the same as running !mjolnir sync immediately after startup. +syncOnStartup: true + +# Set to false to prevent Mjolnir from checking its permissions on startup. This +# is recommended to be left as "true" to catch room permission problems (state +# resets, etc) before Mjolnir is needed. +verifyPermissionsOnStartup: true + +# If true, Mjolnir won't actually ban users or apply server ACLs, but will +# think it has. This is useful to see what it does in a scenario where the +# bot might not be trusted fully, yet. Default false (do bans/ACLs). +noop: false + +# Set to true to use /joined_members instead of /state to figure out who is +# in the room. Using /state is preferred because it means that users are +# banned when they are invited instead of just when they join, though if your +# server struggles with /state requests then set this to true. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to automatically redact a user's +# messages for. Typically this is useful to avoid having to type two commands +# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match +# "spam for testing" as well as "spamtesting"). +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# A list of rooms to protect (matrix.to URLs) +protectedRooms: [] + +# Set this option to true to protect every room the bot is joined to. Note that +# this effectively makes the protectedRooms and associated commands useless because +# the bot by nature must be joined to the room to protect it. +# +# Note: the management room is *excluded* from this condition. Add it to the +# protected rooms to protect it. +# +# Note: ban list rooms the bot is watching but didn't create will not be protected. +# Manually add these rooms to the protected rooms list if you want them protected. +protectAllJoinedRooms: false + +# Misc options for command handling and commands +commands: + # If true, Mjolnir will respond to commands like !help and !ban instead of + # requiring a prefix. This is useful if Mjolnir is the only bot running in + # your management room. + # + # Note that Mjolnir can be pinged by display name instead of having to use + # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will ban a user. + allowNoPrefix: false + + # In addition to the bot's display name, !mjolnir, and optionally no prefix + # above, the bot will respond to these names. The items here can be used either + # as display names or prefixed with exclamation points. + additionalPrefixes: + - "mjolnir_bot" + + # If true, ban commands that use wildcard characters require confirmation with + # an extra `--force` argument + confirmWildcardBan: true + +# Configuration specific to certain toggleable protections +protections: + # Configuration for the wordlist plugin, which can ban users based if they say certain + # blocked words shortly after joining. + wordlist: + # A list of words which should be monitored by the bot. These will match if any part + # of the word is present in the message in any case. e.g. "hello" also matches + # "HEllO". Additionally, regular expressions can be used. + words: + - "CaSe" + - "InSeNsAtIve" + - "WoRd" + - "LiSt" + + # How long after a user joins the server should the bot monitor their messages. After + # this time, users can say words from the wordlist without being banned automatically. + # Set to zero to disable (users will always be banned if they say a bad word) + minutesBeforeTrusting: 20 + +# Options for monitoring the health of the bot +health: + # healthz options. These options are best for use in container environments + # like Kubernetes to detect how healthy the service is. The bot will report + # that it is unhealthy until it is able to process user requests. Typically + # this means that it'll flag itself as unhealthy for a number of minutes + # before saying "Now monitoring rooms" and flagging itself healthy. + # + # Health is flagged through HTTP status codes, defined below. + healthz: + # Whether the healthz integration should be enabled (default false) + enabled: false + + # The port to expose the webserver on. Defaults to 8080. + port: 8080 + + # The address to listen for requests on. Defaults to all addresses. + address: "0.0.0.0" + + # The path to expose the monitoring endpoint at. Defaults to `/healthz` + endpoint: "/healthz" + + # The HTTP status code which reports that the bot is healthy/ready to + # process requests. Typically this should not be changed. Defaults to + # 200. + healthyStatus: 200 + + # The HTTP status code which reports that the bot is not healthy/ready. + # Defaults to 418. + unhealthyStatus: 418 + +# Options for exposing web APIs. +web: + # Whether to enable web APIs. + enabled: true + + # The port to expose the webserver on. Defaults to 8080. + port: 8082 + + # The address to listen for requests on. Defaults to all addresses. + # Be careful with this setting, as opening to the wide web will increase + # your security perimeter. + address: localhost + + # A web API designed to intercept Matrix API + # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId} + # and display readable abuse reports in the moderation room. + abuseReporting: + # Whether to enable this feature. + enabled: true diff --git a/config/harness.yaml b/config/harness.yaml index 2c82d37..1424fba 100644 --- a/config/harness.yaml +++ b/config/harness.yaml @@ -9,18 +9,10 @@ homeserverUrl: "http://localhost:8081" # Where the homeserver is located (client-server URL). NOT pantalaimon. rawHomeserverUrl: "http://localhost:8081" -# Pantalaimon options (https://github.com/matrix-org/pantalaimon) -pantalaimon: - # If true, accessToken above is ignored and the username/password below will be - # used instead. The access token of the bot will be stored in the dataPath. - use: true - - # The username to login with. - username: mjolnir - - # The password to login with. Can be removed after the bot has logged in once and - # stored the access token. - password: mjolnir +# Enable support for handling encrypted rooms. This cannot be enabled if +# Pantalaimon is enabled. +encryption: + enabled: true # The directory the bot should store various bits of information in dataPath: "./test/harness/mjolnir-data/" diff --git a/mx-tester.yml b/mx-tester.yml index 5e7d471..dc22018 100644 --- a/mx-tester.yml +++ b/mx-tester.yml @@ -11,6 +11,7 @@ up: run: - yarn test:integration + - yarn test:integration:pan down: finally: - docker stop mjolnir-test-reverse-proxy || true diff --git a/package.json b/package.json index 44a8998..7df5830 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,7 @@ "start:dev": "yarn build && node --async-stack-traces lib/index.js", "test": "ts-mocha --project ./tsconfig.json test/commands/**/*.ts", "test:integration": "NODE_ENV=harness ts-mocha --async-stack-traces --require test/integration/fixtures.ts --project ./tsconfig.json \"test/integration/**/*Test.ts\"", + "test:integration:pan": "NODE_ENV=harness-pan ts-mocha --async-stack-traces --require test/integration/fixtures.ts --project ./tsconfig.json \"test/integration/**/*Test.ts\"", "test:manual": "NODE_ENV=harness ts-node test/integration/manualLaunchScript.ts" }, "devDependencies": {