mirror of
https://github.com/element-hq/dendrite.git
synced 2025-09-14 21:32:23 +03:00
mas: TestAdminAllowCrossSigningReplacementWithoutUIA
This commit is contained in:
Roman Isaev
parent
5dd8568ecd
commit
418c584e40
2 changed files with 111 additions and 15 deletions
|
|
@ -11,6 +11,8 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/element-hq/dendrite/userapi/types"
|
||||||
|
|
||||||
"github.com/element-hq/dendrite/federationapi"
|
"github.com/element-hq/dendrite/federationapi"
|
||||||
"github.com/element-hq/dendrite/internal/caching"
|
"github.com/element-hq/dendrite/internal/caching"
|
||||||
"github.com/element-hq/dendrite/internal/httputil"
|
"github.com/element-hq/dendrite/internal/httputil"
|
||||||
|
|
@ -1967,7 +1969,103 @@ func TestAdminDeactivateAccount(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAdminAllowCrossSigningReplacementWithoutUIA(t *testing.T) {
|
func TestAdminAllowCrossSigningReplacementWithoutUIA(t *testing.T) {
|
||||||
|
alice := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||||
|
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||||
|
adminToken := "superSecretAdminToken"
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||||
|
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||||
|
defer close()
|
||||||
|
natsInstance := jetstream.NATSInstance{}
|
||||||
|
// add a vhost
|
||||||
|
cfg.Global.VirtualHosts = append(cfg.Global.VirtualHosts, &config.VirtualHost{
|
||||||
|
SigningIdentity: fclient.SigningIdentity{ServerName: "vh1"},
|
||||||
|
})
|
||||||
|
// There's no need to add a full config for msc3861 as we need only an admin token
|
||||||
|
cfg.ClientAPI.MSCs.MSCs = []string{"msc3861"}
|
||||||
|
cfg.ClientAPI.MSCs.MSC3861 = &config.MSC3861{AdminToken: adminToken}
|
||||||
|
|
||||||
|
routers := httputil.NewRouters()
|
||||||
|
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||||
|
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||||
|
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||||
|
rsAPI.SetFederationAPI(nil, nil)
|
||||||
|
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil, caching.DisableMetrics, testIsBlacklistedOrBackingOff)
|
||||||
|
// We mostly need the userAPI for this test, so nil for other APIs/caches etc.
|
||||||
|
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, nil, caching.DisableMetrics)
|
||||||
|
|
||||||
|
t.Run("Missing auth token", func(t *testing.T) {
|
||||||
|
req := test.NewRequest(t, http.MethodPost, "/_synapse/admin/v1/users/"+alice.ID+"/_allow_cross_signing_replacement_without_uia")
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
routers.SynapseAdmin.ServeHTTP(rec, req)
|
||||||
|
t.Logf("%s", rec.Body.String())
|
||||||
|
if rec.Code != http.StatusUnauthorized {
|
||||||
|
t.Fatalf("expected http status %d, got %d: %s", http.StatusUnauthorized, rec.Code, rec.Body.String())
|
||||||
|
}
|
||||||
|
var b spec.MatrixError
|
||||||
|
_ = json.NewDecoder(rec.Body).Decode(&b)
|
||||||
|
if b.ErrCode != spec.ErrorMissingToken {
|
||||||
|
t.Fatalf("expected error code %s, got %s", spec.ErrorMissingToken, b.ErrCode)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
for _, u := range []*test.User{alice} {
|
||||||
|
var userRes uapi.PerformAccountCreationResponse
|
||||||
|
if err := userAPI.PerformAccountCreation(ctx, &uapi.PerformAccountCreationRequest{
|
||||||
|
AccountType: u.AccountType,
|
||||||
|
Localpart: u.Localpart,
|
||||||
|
ServerName: cfg.Global.ServerName,
|
||||||
|
Password: "",
|
||||||
|
}, &userRes); err != nil {
|
||||||
|
t.Errorf("failed to create account: %s", err)
|
||||||
|
}
|
||||||
|
_ = userAPI.KeyDatabase.StoreCrossSigningKeysForUser(ctx, alice.ID, types.CrossSigningKeyMap{
|
||||||
|
fclient.CrossSigningKeyPurposeMaster: types.CrossSigningKey{
|
||||||
|
KeyData: spec.Base64Bytes("Og7D7+RQS030dOsWEtS/juJLTOVojXk1DoNKadyXWyk"),
|
||||||
|
},
|
||||||
|
fclient.CrossSigningKeyPurposeSelfSigning: types.CrossSigningKey{
|
||||||
|
KeyData: spec.Base64Bytes("Og7D7+RQS030dOsWEtS/juJLTOVojXk1DoNKadyXWyk"),
|
||||||
|
},
|
||||||
|
fclient.CrossSigningKeyPurposeUserSigning: types.CrossSigningKey{
|
||||||
|
KeyData: spec.Base64Bytes("Og7D7+RQS030dOsWEtS/juJLTOVojXk1DoNKadyXWyk"),
|
||||||
|
},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
Name string
|
||||||
|
User *test.User
|
||||||
|
Code int
|
||||||
|
}{
|
||||||
|
{Name: "existing user", User: alice, Code: 200},
|
||||||
|
{Name: "non-existing user", User: bob, Code: 404},
|
||||||
|
}
|
||||||
|
|
||||||
|
now := time.Now()
|
||||||
|
for _, tc := range testCases {
|
||||||
|
t.Run(tc.Name, func(t *testing.T) {
|
||||||
|
req := test.NewRequest(t, http.MethodPost, "/_synapse/admin/v1/users/"+tc.User.ID+"/_allow_cross_signing_replacement_without_uia")
|
||||||
|
req.Header.Set("Authorization", "Bearer "+adminToken)
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
routers.SynapseAdmin.ServeHTTP(rec, req)
|
||||||
|
t.Logf("%s", rec.Body.String())
|
||||||
|
|
||||||
|
if rec.Code != tc.Code {
|
||||||
|
t.Fatalf("expected HTTP status %d, got %d: %s", tc.Code, rec.Code, rec.Body.String())
|
||||||
|
}
|
||||||
|
|
||||||
|
if rec.Code == 200 {
|
||||||
|
buf := make(map[string]int64, 1)
|
||||||
|
_ = json.NewDecoder(rec.Body).Decode(&buf)
|
||||||
|
if ts := buf["updatable_without_uia_before_ms"]; ts <= now.UnixMilli() {
|
||||||
|
t.Fatalf("expected updatable_without_uia_before_ms is in future, got %d", ts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAdminCreateOrModifyAccount(t *testing.T) {
|
func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
|
|
@ -2035,6 +2133,7 @@ func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
|
Name string
|
||||||
User *test.User
|
User *test.User
|
||||||
Payload adminCreateOrModifyAccountRequest
|
Payload adminCreateOrModifyAccountRequest
|
||||||
Expected struct {
|
Expected struct {
|
||||||
|
|
@ -2043,9 +2142,9 @@ func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
ThreePIDs []string
|
ThreePIDs []string
|
||||||
}
|
}
|
||||||
Code int
|
Code int
|
||||||
NewUser bool
|
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
|
Name: fmt.Sprintf("Modify user %s", alice.ID),
|
||||||
User: alice,
|
User: alice,
|
||||||
Payload: adminCreateOrModifyAccountRequest{
|
Payload: adminCreateOrModifyAccountRequest{
|
||||||
DisplayName: "alice",
|
DisplayName: "alice",
|
||||||
|
|
@ -2067,9 +2166,9 @@ func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
ThreePIDs: []string{"alice@example.com"},
|
ThreePIDs: []string{"alice@example.com"},
|
||||||
},
|
},
|
||||||
Code: http.StatusOK,
|
Code: http.StatusOK,
|
||||||
NewUser: false,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
Name: fmt.Sprintf("Create user %s", bob.ID),
|
||||||
User: bob,
|
User: bob,
|
||||||
Payload: adminCreateOrModifyAccountRequest{
|
Payload: adminCreateOrModifyAccountRequest{
|
||||||
DisplayName: "bob",
|
DisplayName: "bob",
|
||||||
|
|
@ -2090,18 +2189,11 @@ func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
ThreePIDs: []string{"bob@example.com"},
|
ThreePIDs: []string{"bob@example.com"},
|
||||||
},
|
},
|
||||||
Code: http.StatusCreated,
|
Code: http.StatusCreated,
|
||||||
NewUser: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range testCases {
|
for _, tc := range testCases {
|
||||||
name := ""
|
t.Run(tc.Name, func(t *testing.T) {
|
||||||
if tc.NewUser {
|
|
||||||
name = fmt.Sprintf("Create user %s", tc.User.ID)
|
|
||||||
} else {
|
|
||||||
name = fmt.Sprintf("Modify user %s", tc.User.ID)
|
|
||||||
}
|
|
||||||
t.Run(name, func(t *testing.T) {
|
|
||||||
req := test.NewRequest(
|
req := test.NewRequest(
|
||||||
t,
|
t,
|
||||||
http.MethodPut,
|
http.MethodPut,
|
||||||
|
|
@ -2141,7 +2233,6 @@ func TestAdminCreateOrModifyAccount(t *testing.T) {
|
||||||
t.Fatalf("expected 3pid address %s got %s", tc.Expected.ThreePIDs[0], tp.Address)
|
t.Fatalf("expected 3pid address %s got %s", tc.Expected.ThreePIDs[0], tp.Address)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -819,12 +819,17 @@ func AdminAllowCrossSigningReplacementWithoutUIA(
|
||||||
}
|
}
|
||||||
var rs userapi.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIAResponse
|
var rs userapi.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIAResponse
|
||||||
err = userAPI.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA(req.Context(), &rq, &rs)
|
err = userAPI.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA(req.Context(), &rq, &rs)
|
||||||
if err != nil && err != sql.ErrNoRows {
|
if err != nil && !errors.Is(err, sql.ErrNoRows) {
|
||||||
util.GetLogger(req.Context()).WithError(err).Error("userAPI.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA")
|
util.GetLogger(req.Context()).WithError(err).Error("userAPI.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA")
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
Code: http.StatusInternalServerError,
|
Code: http.StatusInternalServerError,
|
||||||
JSON: spec.Unknown(err.Error()),
|
JSON: spec.Unknown(err.Error()),
|
||||||
}
|
}
|
||||||
|
} else if errors.Is(err, sql.ErrNoRows) {
|
||||||
|
return util.JSONResponse{
|
||||||
|
Code: http.StatusNotFound,
|
||||||
|
JSON: spec.NotFound("User not found."),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
Code: http.StatusOK,
|
Code: http.StatusOK,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue