mirror of
https://github.com/element-hq/synapse.git
synced 2025-03-06 16:06:52 +00:00
6ec5e13ec9
This also happens for rejecting an invite. Basically, any out-of-band membership transition where we first get the membership as an `outlier` and then rely on federation filling us in to de-outlier it. This PR mainly addresses automated test flakiness, bots/scripts, and options within Synapse like [`auto_accept_invites`](https://element-hq.github.io/synapse/v1.122/usage/configuration/config_documentation.html#auto_accept_invites) that are able to react quickly (before federation is able to push us events), but also helps in generic scenarios where federation is lagging. I initially thought this might be a Synapse consistency issue (see issues labeled with [`Z-Read-After-Write`](https://github.com/matrix-org/synapse/labels/Z-Read-After-Write)) but it seems to be an event auth logic problem. Workers probably do increase the number of possible race condition scenarios that make this visible though (replication and cache invalidation lag). Fix https://github.com/element-hq/synapse/issues/15012 (probably fixes https://github.com/matrix-org/synapse/issues/15012 (https://github.com/element-hq/synapse/issues/15012)) Related to https://github.com/matrix-org/matrix-spec/issues/2062 Problems: 1. We don't consider [out-of-band membership](https://github.com/element-hq/synapse/blob/develop/docs/development/room-dag-concepts.md#out-of-band-membership-events) (outliers) in our `event_auth` logic even though we expose them in `/sync`. 1. (This PR doesn't address this point) Perhaps we should consider authing events in the persistence queue as events already in the queue could allow subsequent events to be allowed (events come through many channels: federation transaction, remote invite, remote join, local send). But this doesn't save us in the case where the event is more delayed over federation. ### What happened before? I wrote some Complement test that stresses this exact scenario and reproduces the problem: https://github.com/matrix-org/complement/pull/757 ``` COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestSynapseConsistency ``` We have `hs1` and `hs2` running in monolith mode (no workers): 1. `@charlie1:hs2` is invited and joins the room: 1. `hs1` invites `@charlie1:hs2` to a room which we receive on `hs2` as `PUT /_matrix/federation/v1/invite/{roomId}/{eventId}` (`on_invite_request(...)`) and the invite membership is persisted as an outlier. The `room_memberships` and `local_current_membership` database tables are also updated which means they are visible down `/sync` at this point. 1. `@charlie1:hs2` decides to join because it saw the invite down `/sync`. Because `hs2` is not yet in the room, this happens as a remote join `make_join`/`send_join` which comes back with all of the auth events needed to auth successfully and now `@charlie1:hs2` is successfully joined to the room. 1. `@charlie2:hs2` is invited and and tries to join the room: 1. `hs1` invites `@charlie2:hs2` to the room which we receive on `hs2` as `PUT /_matrix/federation/v1/invite/{roomId}/{eventId}` (`on_invite_request(...)`) and the invite membership is persisted as an outlier. The `room_memberships` and `local_current_membership` database tables are also updated which means they are visible down `/sync` at this point. 1. Because `hs2` is already participating in the room, we also see the invite come over federation in a transaction and we start processing it (not done yet, see below) 1. `@charlie2:hs2` decides to join because it saw the invite down `/sync`. Because `hs2`, is already in the room, this happens as a local join but we deny the event because our `event_auth` logic thinks that we have no membership in the room ❌ (expected to be able to join because we saw the invite down `/sync`) 1. We finally finish processing the `@charlie2:hs2` invite event from and de-outlier it. - If this finished before we tried to join we would have been fine but this is the race condition that makes this situation visible. Logs for `hs2`: ``` 🗳️ on_invite_request: handling event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=False> 🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True> 🔦 _store_room_members_txn update local_current_membership: <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True> 📨 Notifying about new event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True> ✅ on_invite_request: handled event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True> 🧲 do_invite_join for @user-2-charlie1:hs2 in !sfZVBdLUezpPWetrol:hs1 🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$bwv8LxFnqfpsw_rhR7OrTjtz09gaJ23MqstKOcs7ygA, type=m.room.member, state_key=@user-1-alice:hs1, membership=join, outlier=True> 🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$oju1ts3G3pz5O62IesrxX5is4LxAwU3WPr4xvid5ijI, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=join, outlier=False> 📨 Notifying about new event <FrozenEventV3 event_id=$oju1ts3G3pz5O62IesrxX5is4LxAwU3WPr4xvid5ijI, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=join, outlier=False> ... 🗳️ on_invite_request: handling event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False> 🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True> 🔦 _store_room_members_txn update local_current_membership: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True> 📨 Notifying about new event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True> ✅ on_invite_request: handled event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True> 📬 handling received PDU in room !sfZVBdLUezpPWetrol:hs1: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False> 📮 handle_new_client_event: handling <FrozenEventV3 event_id=$WNVDTQrxy5tCdPQHMyHyIn7tE4NWqKsZ8Bn8R4WbBSA, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=join, outlier=False> ❌ Denying new event <FrozenEventV3 event_id=$WNVDTQrxy5tCdPQHMyHyIn7tE4NWqKsZ8Bn8R4WbBSA, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=join, outlier=False> because 403: You are not invited to this room. synapse.http.server - 130 - INFO - POST-16 - <SynapseRequest at 0x7f460c91fbf0 method='POST' uri='/_matrix/client/v3/join/%21sfZVBdLUezpPWetrol:hs1?server_name=hs1' clientproto='HTTP/1.0' site='8080'> SynapseError: 403 - You are not invited to this room. 📨 Notifying about new event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False> ✅ handled received PDU in room !sfZVBdLUezpPWetrol:hs1: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False> ```
594 lines
23 KiB
Python
594 lines
23 KiB
Python
#
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
#
|
|
# Copyright 2019 Matrix.org Federation C.I.C
|
|
# Copyright (C) 2023 New Vector, Ltd
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# See the GNU Affero General Public License for more details:
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
#
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
#
|
|
# [This file includes modifications made by New Vector Limited]
|
|
#
|
|
#
|
|
import logging
|
|
from http import HTTPStatus
|
|
from typing import Optional, Union
|
|
from unittest.mock import Mock
|
|
|
|
from parameterized import parameterized
|
|
|
|
from twisted.test.proto_helpers import MemoryReactor
|
|
|
|
from synapse.api.constants import EventTypes, Membership
|
|
from synapse.api.errors import FederationError
|
|
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
|
|
from synapse.config.server import DEFAULT_ROOM_VERSION
|
|
from synapse.events import EventBase, make_event_from_dict
|
|
from synapse.federation.federation_base import event_from_pdu_json
|
|
from synapse.http.types import QueryParams
|
|
from synapse.logging.context import LoggingContext
|
|
from synapse.rest import admin
|
|
from synapse.rest.client import login, room
|
|
from synapse.server import HomeServer
|
|
from synapse.storage.controllers.state import server_acl_evaluator_from_event
|
|
from synapse.types import JsonDict
|
|
from synapse.util import Clock
|
|
|
|
from tests import unittest
|
|
from tests.unittest import override_config
|
|
|
|
|
|
class FederationServerTests(unittest.FederatingHomeserverTestCase):
|
|
servlets = [
|
|
admin.register_servlets,
|
|
room.register_servlets,
|
|
login.register_servlets,
|
|
]
|
|
|
|
@parameterized.expand([(b"",), (b"foo",), (b'{"limit": Infinity}',)])
|
|
def test_bad_request(self, query_content: bytes) -> None:
|
|
"""
|
|
Querying with bad data returns a reasonable error code.
|
|
"""
|
|
u1 = self.register_user("u1", "pass")
|
|
u1_token = self.login("u1", "pass")
|
|
|
|
room_1 = self.helper.create_room_as(u1, tok=u1_token)
|
|
self.inject_room_member(room_1, "@user:other.example.com", "join")
|
|
|
|
"/get_missing_events/(?P<room_id>[^/]*)/?"
|
|
|
|
channel = self.make_request(
|
|
"POST",
|
|
"/_matrix/federation/v1/get_missing_events/%s" % (room_1,),
|
|
query_content,
|
|
)
|
|
self.assertEqual(HTTPStatus.BAD_REQUEST, channel.code, channel.result)
|
|
self.assertEqual(channel.json_body["errcode"], "M_NOT_JSON")
|
|
|
|
def test_failed_edu_causes_500(self) -> None:
|
|
"""If the EDU handler fails, /send should return a 500."""
|
|
|
|
async def failing_handler(_origin: str, _content: JsonDict) -> None:
|
|
raise Exception("bleh")
|
|
|
|
self.hs.get_federation_registry().register_edu_handler(
|
|
"FAIL_EDU_TYPE", failing_handler
|
|
)
|
|
|
|
channel = self.make_signed_federation_request(
|
|
"PUT",
|
|
"/_matrix/federation/v1/send/txn",
|
|
{"edus": [{"edu_type": "FAIL_EDU_TYPE", "content": {}}]},
|
|
)
|
|
self.assertEqual(500, channel.code, channel.result)
|
|
|
|
|
|
def _create_acl_event(content: JsonDict) -> EventBase:
|
|
return make_event_from_dict(
|
|
{
|
|
"room_id": "!a:b",
|
|
"event_id": "$a:b",
|
|
"type": "m.room.server_acls",
|
|
"sender": "@a:b",
|
|
"content": content,
|
|
}
|
|
)
|
|
|
|
|
|
class MessageAcceptTests(unittest.FederatingHomeserverTestCase):
|
|
"""
|
|
Tests to make sure that we don't accept flawed events from federation (incoming).
|
|
"""
|
|
|
|
servlets = [
|
|
admin.register_servlets,
|
|
login.register_servlets,
|
|
room.register_servlets,
|
|
]
|
|
|
|
def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
|
|
self.http_client = Mock()
|
|
return self.setup_test_homeserver(federation_http_client=self.http_client)
|
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
|
super().prepare(reactor, clock, hs)
|
|
|
|
self.store = self.hs.get_datastores().main
|
|
self.storage_controllers = hs.get_storage_controllers()
|
|
self.federation_event_handler = self.hs.get_federation_event_handler()
|
|
|
|
# Create a local room
|
|
user1_id = self.register_user("user1", "pass")
|
|
user1_tok = self.login(user1_id, "pass")
|
|
self.room_id = self.helper.create_room_as(
|
|
user1_id, tok=user1_tok, is_public=True
|
|
)
|
|
|
|
state_map = self.get_success(
|
|
self.storage_controllers.state.get_current_state(self.room_id)
|
|
)
|
|
|
|
# Figure out what the forward extremities in the room are (the most recent
|
|
# events that aren't tied into the DAG)
|
|
forward_extremity_event_ids = self.get_success(
|
|
self.hs.get_datastores().main.get_latest_event_ids_in_room(self.room_id)
|
|
)
|
|
|
|
# Join a remote user to the room that will attempt to send bad events
|
|
self.remote_bad_user_id = f"@baduser:{self.OTHER_SERVER_NAME}"
|
|
self.remote_bad_user_join_event = make_event_from_dict(
|
|
self.add_hashes_and_signatures_from_other_server(
|
|
{
|
|
"room_id": self.room_id,
|
|
"sender": self.remote_bad_user_id,
|
|
"state_key": self.remote_bad_user_id,
|
|
"depth": 1000,
|
|
"origin_server_ts": 1,
|
|
"type": EventTypes.Member,
|
|
"content": {"membership": Membership.JOIN},
|
|
"auth_events": [
|
|
state_map[(EventTypes.Create, "")].event_id,
|
|
state_map[(EventTypes.JoinRules, "")].event_id,
|
|
],
|
|
"prev_events": list(forward_extremity_event_ids),
|
|
}
|
|
),
|
|
room_version=RoomVersions.V10,
|
|
)
|
|
|
|
# Send the join, it should return None (which is not an error)
|
|
self.assertEqual(
|
|
self.get_success(
|
|
self.federation_event_handler.on_receive_pdu(
|
|
self.OTHER_SERVER_NAME, self.remote_bad_user_join_event
|
|
)
|
|
),
|
|
None,
|
|
)
|
|
|
|
# Make sure we actually joined the room
|
|
self.assertEqual(
|
|
self.get_success(self.store.get_latest_event_ids_in_room(self.room_id)),
|
|
{self.remote_bad_user_join_event.event_id},
|
|
)
|
|
|
|
def test_cant_hide_direct_ancestors(self) -> None:
|
|
"""
|
|
If you send a message, you must be able to provide the direct
|
|
prev_events that said event references.
|
|
"""
|
|
|
|
async def post_json(
|
|
destination: str,
|
|
path: str,
|
|
data: Optional[JsonDict] = None,
|
|
long_retries: bool = False,
|
|
timeout: Optional[int] = None,
|
|
ignore_backoff: bool = False,
|
|
args: Optional[QueryParams] = None,
|
|
) -> Union[JsonDict, list]:
|
|
# If it asks us for new missing events, give them NOTHING
|
|
if path.startswith("/_matrix/federation/v1/get_missing_events/"):
|
|
return {"events": []}
|
|
return {}
|
|
|
|
self.http_client.post_json = post_json
|
|
|
|
# Figure out what the forward extremities in the room are (the most recent
|
|
# events that aren't tied into the DAG)
|
|
forward_extremity_event_ids = self.get_success(
|
|
self.hs.get_datastores().main.get_latest_event_ids_in_room(self.room_id)
|
|
)
|
|
|
|
# Now lie about an event's prev_events
|
|
lying_event = make_event_from_dict(
|
|
self.add_hashes_and_signatures_from_other_server(
|
|
{
|
|
"room_id": self.room_id,
|
|
"sender": self.remote_bad_user_id,
|
|
"depth": 1000,
|
|
"origin_server_ts": 1,
|
|
"type": "m.room.message",
|
|
"content": {"body": "hewwo?"},
|
|
"auth_events": [],
|
|
"prev_events": ["$missing_prev_event"]
|
|
+ list(forward_extremity_event_ids),
|
|
}
|
|
),
|
|
room_version=RoomVersions.V10,
|
|
)
|
|
|
|
with LoggingContext("test-context"):
|
|
failure = self.get_failure(
|
|
self.federation_event_handler.on_receive_pdu(
|
|
self.OTHER_SERVER_NAME, lying_event
|
|
),
|
|
FederationError,
|
|
)
|
|
|
|
# on_receive_pdu should throw an error
|
|
self.assertEqual(
|
|
failure.value.args[0],
|
|
(
|
|
"ERROR 403: Your server isn't divulging details about prev_events "
|
|
"referenced in this event."
|
|
),
|
|
)
|
|
|
|
# Make sure the invalid event isn't there
|
|
extrem = self.get_success(self.store.get_latest_event_ids_in_room(self.room_id))
|
|
self.assertEqual(extrem, {self.remote_bad_user_join_event.event_id})
|
|
|
|
|
|
class ServerACLsTestCase(unittest.TestCase):
|
|
def test_blocked_server(self) -> None:
|
|
e = _create_acl_event({"allow": ["*"], "deny": ["evil.com"]})
|
|
logging.info("ACL event: %s", e.content)
|
|
|
|
server_acl_evalutor = server_acl_evaluator_from_event(e)
|
|
|
|
self.assertFalse(server_acl_evalutor.server_matches_acl_event("evil.com"))
|
|
self.assertFalse(server_acl_evalutor.server_matches_acl_event("EVIL.COM"))
|
|
|
|
self.assertTrue(server_acl_evalutor.server_matches_acl_event("evil.com.au"))
|
|
self.assertTrue(
|
|
server_acl_evalutor.server_matches_acl_event("honestly.not.evil.com")
|
|
)
|
|
|
|
def test_block_ip_literals(self) -> None:
|
|
e = _create_acl_event({"allow_ip_literals": False, "allow": ["*"]})
|
|
logging.info("ACL event: %s", e.content)
|
|
|
|
server_acl_evalutor = server_acl_evaluator_from_event(e)
|
|
|
|
self.assertFalse(server_acl_evalutor.server_matches_acl_event("1.2.3.4"))
|
|
self.assertTrue(server_acl_evalutor.server_matches_acl_event("1a.2.3.4"))
|
|
self.assertFalse(server_acl_evalutor.server_matches_acl_event("[1:2::]"))
|
|
self.assertTrue(server_acl_evalutor.server_matches_acl_event("1:2:3:4"))
|
|
|
|
def test_wildcard_matching(self) -> None:
|
|
e = _create_acl_event({"allow": ["good*.com"]})
|
|
|
|
server_acl_evalutor = server_acl_evaluator_from_event(e)
|
|
|
|
self.assertTrue(
|
|
server_acl_evalutor.server_matches_acl_event("good.com"),
|
|
"* matches 0 characters",
|
|
)
|
|
self.assertTrue(
|
|
server_acl_evalutor.server_matches_acl_event("GOOD.COM"),
|
|
"pattern is case-insensitive",
|
|
)
|
|
self.assertTrue(
|
|
server_acl_evalutor.server_matches_acl_event("good.aa.com"),
|
|
"* matches several characters, including '.'",
|
|
)
|
|
self.assertFalse(
|
|
server_acl_evalutor.server_matches_acl_event("ishgood.com"),
|
|
"pattern does not allow prefixes",
|
|
)
|
|
|
|
|
|
class StateQueryTests(unittest.FederatingHomeserverTestCase):
|
|
servlets = [
|
|
admin.register_servlets,
|
|
room.register_servlets,
|
|
login.register_servlets,
|
|
]
|
|
|
|
def test_needs_to_be_in_room(self) -> None:
|
|
"""/v1/state/<room_id> requires the server to be in the room"""
|
|
u1 = self.register_user("u1", "pass")
|
|
u1_token = self.login("u1", "pass")
|
|
|
|
room_1 = self.helper.create_room_as(u1, tok=u1_token)
|
|
|
|
channel = self.make_signed_federation_request(
|
|
"GET", "/_matrix/federation/v1/state/%s?event_id=xyz" % (room_1,)
|
|
)
|
|
self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, channel.result)
|
|
self.assertEqual(channel.json_body["errcode"], "M_FORBIDDEN")
|
|
|
|
|
|
class SendJoinFederationTests(unittest.FederatingHomeserverTestCase):
|
|
servlets = [
|
|
admin.register_servlets,
|
|
room.register_servlets,
|
|
login.register_servlets,
|
|
]
|
|
|
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
|
super().prepare(reactor, clock, hs)
|
|
|
|
self._storage_controllers = hs.get_storage_controllers()
|
|
|
|
# create the room
|
|
creator_user_id = self.register_user("kermit", "test")
|
|
tok = self.login("kermit", "test")
|
|
self._room_id = self.helper.create_room_as(
|
|
room_creator=creator_user_id, tok=tok
|
|
)
|
|
|
|
# a second member on the orgin HS
|
|
second_member_user_id = self.register_user("fozzie", "bear")
|
|
tok2 = self.login("fozzie", "bear")
|
|
self.helper.join(self._room_id, second_member_user_id, tok=tok2)
|
|
|
|
def _make_join(self, user_id: str) -> JsonDict:
|
|
channel = self.make_signed_federation_request(
|
|
"GET",
|
|
f"/_matrix/federation/v1/make_join/{self._room_id}/{user_id}"
|
|
f"?ver={DEFAULT_ROOM_VERSION}",
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
|
|
return channel.json_body
|
|
|
|
def test_send_join(self) -> None:
|
|
"""happy-path test of send_join"""
|
|
joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME
|
|
join_result = self._make_join(joining_user)
|
|
|
|
join_event_dict = join_result["event"]
|
|
self.add_hashes_and_signatures_from_other_server(
|
|
join_event_dict,
|
|
KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],
|
|
)
|
|
channel = self.make_signed_federation_request(
|
|
"PUT",
|
|
f"/_matrix/federation/v2/send_join/{self._room_id}/x",
|
|
content=join_event_dict,
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
|
|
|
|
# we should get complete room state back
|
|
returned_state = [
|
|
(ev["type"], ev["state_key"]) for ev in channel.json_body["state"]
|
|
]
|
|
self.assertCountEqual(
|
|
returned_state,
|
|
[
|
|
("m.room.create", ""),
|
|
("m.room.power_levels", ""),
|
|
("m.room.join_rules", ""),
|
|
("m.room.history_visibility", ""),
|
|
("m.room.member", "@kermit:test"),
|
|
("m.room.member", "@fozzie:test"),
|
|
# nb: *not* the joining user
|
|
],
|
|
)
|
|
|
|
# also check the auth chain
|
|
returned_auth_chain_events = [
|
|
(ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]
|
|
]
|
|
self.assertCountEqual(
|
|
returned_auth_chain_events,
|
|
[
|
|
("m.room.create", ""),
|
|
("m.room.member", "@kermit:test"),
|
|
("m.room.power_levels", ""),
|
|
("m.room.join_rules", ""),
|
|
],
|
|
)
|
|
|
|
# the room should show that the new user is a member
|
|
r = self.get_success(
|
|
self._storage_controllers.state.get_current_state(self._room_id)
|
|
)
|
|
self.assertEqual(r[("m.room.member", joining_user)].membership, "join")
|
|
|
|
def test_send_join_partial_state(self) -> None:
|
|
"""/send_join should return partial state, if requested"""
|
|
joining_user = "@misspiggy:" + self.OTHER_SERVER_NAME
|
|
join_result = self._make_join(joining_user)
|
|
|
|
join_event_dict = join_result["event"]
|
|
self.add_hashes_and_signatures_from_other_server(
|
|
join_event_dict,
|
|
KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],
|
|
)
|
|
channel = self.make_signed_federation_request(
|
|
"PUT",
|
|
f"/_matrix/federation/v2/send_join/{self._room_id}/x?omit_members=true",
|
|
content=join_event_dict,
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
|
|
|
|
# expect a reduced room state
|
|
returned_state = [
|
|
(ev["type"], ev["state_key"]) for ev in channel.json_body["state"]
|
|
]
|
|
self.assertCountEqual(
|
|
returned_state,
|
|
[
|
|
("m.room.create", ""),
|
|
("m.room.power_levels", ""),
|
|
("m.room.join_rules", ""),
|
|
("m.room.history_visibility", ""),
|
|
# Users included here because they're heroes.
|
|
("m.room.member", "@kermit:test"),
|
|
("m.room.member", "@fozzie:test"),
|
|
],
|
|
)
|
|
|
|
# the auth chain should not include anything already in "state"
|
|
returned_auth_chain_events = [
|
|
(ev["type"], ev["state_key"]) for ev in channel.json_body["auth_chain"]
|
|
]
|
|
self.assertCountEqual(
|
|
returned_auth_chain_events,
|
|
# TODO: change the test so that we get at least one event in the auth chain
|
|
# here.
|
|
[],
|
|
)
|
|
|
|
# the room should show that the new user is a member
|
|
r = self.get_success(
|
|
self._storage_controllers.state.get_current_state(self._room_id)
|
|
)
|
|
self.assertEqual(r[("m.room.member", joining_user)].membership, "join")
|
|
|
|
@override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})
|
|
def test_make_join_respects_room_join_rate_limit(self) -> None:
|
|
# In the test setup, two users join the room. Since the rate limiter burst
|
|
# count is 3, a new make_join request to the room should be accepted.
|
|
|
|
joining_user = "@ronniecorbett:" + self.OTHER_SERVER_NAME
|
|
self._make_join(joining_user)
|
|
|
|
# Now have a new local user join the room. This saturates the rate limiter
|
|
# bucket, so the next make_join should be denied.
|
|
new_local_user = self.register_user("animal", "animal")
|
|
token = self.login("animal", "animal")
|
|
self.helper.join(self._room_id, new_local_user, tok=token)
|
|
|
|
joining_user = "@ronniebarker:" + self.OTHER_SERVER_NAME
|
|
channel = self.make_signed_federation_request(
|
|
"GET",
|
|
f"/_matrix/federation/v1/make_join/{self._room_id}/{joining_user}"
|
|
f"?ver={DEFAULT_ROOM_VERSION}",
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)
|
|
|
|
@override_config({"rc_joins_per_room": {"per_second": 0, "burst_count": 3}})
|
|
def test_send_join_contributes_to_room_join_rate_limit_and_is_limited(self) -> None:
|
|
# Make two make_join requests up front. (These are rate limited, but do not
|
|
# contribute to the rate limit.)
|
|
join_event_dicts = []
|
|
for i in range(2):
|
|
joining_user = f"@misspiggy{i}:{self.OTHER_SERVER_NAME}"
|
|
join_result = self._make_join(joining_user)
|
|
join_event_dict = join_result["event"]
|
|
self.add_hashes_and_signatures_from_other_server(
|
|
join_event_dict,
|
|
KNOWN_ROOM_VERSIONS[DEFAULT_ROOM_VERSION],
|
|
)
|
|
join_event_dicts.append(join_event_dict)
|
|
|
|
# In the test setup, two users join the room. Since the rate limiter burst
|
|
# count is 3, the first send_join should be accepted...
|
|
channel = self.make_signed_federation_request(
|
|
"PUT",
|
|
f"/_matrix/federation/v2/send_join/{self._room_id}/join0",
|
|
content=join_event_dicts[0],
|
|
)
|
|
self.assertEqual(channel.code, 200, channel.json_body)
|
|
|
|
# ... but the second should be denied.
|
|
channel = self.make_signed_federation_request(
|
|
"PUT",
|
|
f"/_matrix/federation/v2/send_join/{self._room_id}/join1",
|
|
content=join_event_dicts[1],
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.TOO_MANY_REQUESTS, channel.json_body)
|
|
|
|
# NB: we could write a test which checks that the send_join event is seen
|
|
# by other workers over replication, and that they update their rate limit
|
|
# buckets accordingly. I'm going to assume that the join event gets sent over
|
|
# replication, at which point the tests.handlers.room_member test
|
|
# test_local_users_joining_on_another_worker_contribute_to_rate_limit
|
|
# is probably sufficient to reassure that the bucket is updated.
|
|
|
|
|
|
class StripUnsignedFromEventsTestCase(unittest.TestCase):
|
|
"""
|
|
Test to make sure that we handle the raw JSON events from federation carefully and
|
|
strip anything that shouldn't be there.
|
|
"""
|
|
|
|
def test_strip_unauthorized_unsigned_values(self) -> None:
|
|
event1 = {
|
|
"sender": "@baduser:test.serv",
|
|
"state_key": "@baduser:test.serv",
|
|
"event_id": "$event1:test.serv",
|
|
"depth": 1000,
|
|
"origin_server_ts": 1,
|
|
"type": "m.room.member",
|
|
"origin": "test.servx",
|
|
"content": {"membership": "join"},
|
|
"auth_events": [],
|
|
"unsigned": {"malicious garbage": "hackz", "more warez": "more hackz"},
|
|
}
|
|
filtered_event = event_from_pdu_json(event1, RoomVersions.V1)
|
|
# Make sure unauthorized fields are stripped from unsigned
|
|
self.assertNotIn("more warez", filtered_event.unsigned)
|
|
|
|
def test_strip_event_maintains_allowed_fields(self) -> None:
|
|
event2 = {
|
|
"sender": "@baduser:test.serv",
|
|
"state_key": "@baduser:test.serv",
|
|
"event_id": "$event2:test.serv",
|
|
"depth": 1000,
|
|
"origin_server_ts": 1,
|
|
"type": "m.room.member",
|
|
"origin": "test.servx",
|
|
"auth_events": [],
|
|
"content": {"membership": "join"},
|
|
"unsigned": {
|
|
"malicious garbage": "hackz",
|
|
"more warez": "more hackz",
|
|
"age": 14,
|
|
"invite_room_state": [],
|
|
},
|
|
}
|
|
|
|
filtered_event2 = event_from_pdu_json(event2, RoomVersions.V1)
|
|
self.assertIn("age", filtered_event2.unsigned)
|
|
self.assertEqual(14, filtered_event2.unsigned["age"])
|
|
self.assertNotIn("more warez", filtered_event2.unsigned)
|
|
# Invite_room_state is allowed in events of type m.room.member
|
|
self.assertIn("invite_room_state", filtered_event2.unsigned)
|
|
self.assertEqual([], filtered_event2.unsigned["invite_room_state"])
|
|
|
|
def test_strip_event_removes_fields_based_on_event_type(self) -> None:
|
|
event3 = {
|
|
"sender": "@baduser:test.serv",
|
|
"state_key": "@baduser:test.serv",
|
|
"event_id": "$event3:test.serv",
|
|
"depth": 1000,
|
|
"origin_server_ts": 1,
|
|
"type": "m.room.power_levels",
|
|
"origin": "test.servx",
|
|
"content": {},
|
|
"auth_events": [],
|
|
"unsigned": {
|
|
"malicious garbage": "hackz",
|
|
"more warez": "more hackz",
|
|
"age": 14,
|
|
"invite_room_state": [],
|
|
},
|
|
}
|
|
filtered_event3 = event_from_pdu_json(event3, RoomVersions.V1)
|
|
self.assertIn("age", filtered_event3.unsigned)
|
|
# Invite_room_state field is only permitted in event type m.room.member
|
|
self.assertNotIn("invite_room_state", filtered_event3.unsigned)
|
|
self.assertNotIn("more warez", filtered_event3.unsigned)
|