mirror of
https://github.com/element-hq/synapse.git
synced 2025-03-09 01:16:50 +00:00
048c1ac7f6
See the updated MSC2965 --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
140 lines
4.7 KiB
Python
140 lines
4.7 KiB
Python
#
|
|
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
#
|
|
# Copyright 2023 The Matrix.org Foundation C.I.C
|
|
# Copyright (C) 2023-2025 New Vector, Ltd
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# See the GNU Affero General Public License for more details:
|
|
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
#
|
|
# Originally licensed under the Apache License, Version 2.0:
|
|
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
#
|
|
# [This file includes modifications made by New Vector Limited]
|
|
#
|
|
from http import HTTPStatus
|
|
from unittest.mock import AsyncMock
|
|
|
|
from synapse.rest.client import auth_metadata
|
|
|
|
from tests.unittest import HomeserverTestCase, override_config, skip_unless
|
|
from tests.utils import HAS_AUTHLIB
|
|
|
|
ISSUER = "https://account.example.com/"
|
|
|
|
|
|
class AuthIssuerTestCase(HomeserverTestCase):
|
|
servlets = [
|
|
auth_metadata.register_servlets,
|
|
]
|
|
|
|
def test_returns_404_when_msc3861_disabled(self) -> None:
|
|
# Make an unauthenticated request for the discovery info.
|
|
channel = self.make_request(
|
|
"GET",
|
|
"/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.NOT_FOUND)
|
|
|
|
@skip_unless(HAS_AUTHLIB, "requires authlib")
|
|
@override_config(
|
|
{
|
|
"disable_registration": True,
|
|
"experimental_features": {
|
|
"msc3861": {
|
|
"enabled": True,
|
|
"issuer": ISSUER,
|
|
"client_id": "David Lister",
|
|
"client_auth_method": "client_secret_post",
|
|
"client_secret": "Who shot Mister Burns?",
|
|
}
|
|
},
|
|
}
|
|
)
|
|
def test_returns_issuer_when_oidc_enabled(self) -> None:
|
|
# Patch the HTTP client to return the issuer metadata
|
|
req_mock = AsyncMock(return_value={"issuer": ISSUER})
|
|
self.hs.get_proxied_http_client().get_json = req_mock # type: ignore[method-assign]
|
|
|
|
channel = self.make_request(
|
|
"GET",
|
|
"/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
|
|
)
|
|
|
|
self.assertEqual(channel.code, HTTPStatus.OK)
|
|
self.assertEqual(channel.json_body, {"issuer": ISSUER})
|
|
|
|
req_mock.assert_called_with(
|
|
"https://account.example.com/.well-known/openid-configuration"
|
|
)
|
|
req_mock.reset_mock()
|
|
|
|
# Second call it should use the cached value
|
|
channel = self.make_request(
|
|
"GET",
|
|
"/_matrix/client/unstable/org.matrix.msc2965/auth_issuer",
|
|
)
|
|
|
|
self.assertEqual(channel.code, HTTPStatus.OK)
|
|
self.assertEqual(channel.json_body, {"issuer": ISSUER})
|
|
req_mock.assert_not_called()
|
|
|
|
|
|
class AuthMetadataTestCase(HomeserverTestCase):
|
|
servlets = [
|
|
auth_metadata.register_servlets,
|
|
]
|
|
|
|
def test_returns_404_when_msc3861_disabled(self) -> None:
|
|
# Make an unauthenticated request for the discovery info.
|
|
channel = self.make_request(
|
|
"GET",
|
|
"/_matrix/client/unstable/org.matrix.msc2965/auth_metadata",
|
|
)
|
|
self.assertEqual(channel.code, HTTPStatus.NOT_FOUND)
|
|
|
|
@skip_unless(HAS_AUTHLIB, "requires authlib")
|
|
@override_config(
|
|
{
|
|
"disable_registration": True,
|
|
"experimental_features": {
|
|
"msc3861": {
|
|
"enabled": True,
|
|
"issuer": ISSUER,
|
|
"client_id": "David Lister",
|
|
"client_auth_method": "client_secret_post",
|
|
"client_secret": "Who shot Mister Burns?",
|
|
}
|
|
},
|
|
}
|
|
)
|
|
def test_returns_issuer_when_oidc_enabled(self) -> None:
|
|
# Patch the HTTP client to return the issuer metadata
|
|
req_mock = AsyncMock(
|
|
return_value={
|
|
"issuer": ISSUER,
|
|
"authorization_endpoint": "https://example.com/auth",
|
|
"token_endpoint": "https://example.com/token",
|
|
}
|
|
)
|
|
self.hs.get_proxied_http_client().get_json = req_mock # type: ignore[method-assign]
|
|
|
|
channel = self.make_request(
|
|
"GET",
|
|
"/_matrix/client/unstable/org.matrix.msc2965/auth_metadata",
|
|
)
|
|
|
|
self.assertEqual(channel.code, HTTPStatus.OK)
|
|
self.assertEqual(
|
|
channel.json_body,
|
|
{
|
|
"issuer": ISSUER,
|
|
"authorization_endpoint": "https://example.com/auth",
|
|
"token_endpoint": "https://example.com/token",
|
|
},
|
|
)
|