Add clientapi tests

[S7evinK]

This PR

• adds several tests for the clientapi, mostly around /register and auth fallback.
• removes the now deprecated homeserver field from responses to /register
• slightly refactors auth fallback handling

[codecov]

Codecov Report

Base: 35.75% // Head: 36.47% // Increases project coverage by +0.72% 🎉

Coverage data is based on head (508e4c6) compared to base (5eed31f).
Patch coverage: 76.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2916      +/-   ##
==========================================
+ Coverage   35.75%   36.47%   +0.72%     
==========================================
  Files         494      494              
  Lines       54673    54657      -16     
==========================================
+ Hits        19549    19937     +388     
+ Misses      32573    32149     -424     
- Partials     2551     2571      +20     

Flag	Coverage Δ
unittests	36.47% <76.00%> (+0.72%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
clientapi/routing/login.go	42.62% <ø> (-0.93%)	⬇️
clientapi/routing/password.go	0.00% <0.00%> (ø)
clientapi/routing/routing.go	16.97% <0.00%> (ø)
cmd/create-account/main.go	8.82% <0.00%> (-0.07%)	⬇️
internal/httputil/httpapi.go	42.13% <50.00%> (+0.63%)	⬆️
clientapi/routing/register.go	60.03% <55.55%> (+39.63%)	⬆️
clientapi/routing/auth_fallback.go	81.70% <81.25%> (+81.70%)	⬆️
clientapi/routing/admin.go	26.54% <100.00%> (ø)
internal/validate.go	100.00% <100.00%> (ø)
setup/config/config.go	39.73% <100.00%> (+2.10%)	⬆️
... and 24 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[S7evinK]

Needs matrix-org/complement#573 for Complement to pass, as this also removes the deprecated (since r0.4.0) home_server field from responses to /register and /login.

[kegsay]

Mostly small things, the main code here is good, thanks!

[kegsay]

Why shift the order of checks here?

[S7evinK]

Could remove it completely, given we either have something set or default to reCaptcha (if nothing is set).

[kegsay]

This needs to honour the real IP header in case of reverse proxies. It's a config option iirc

[S7evinK]

It is, but unfortunately just for the sync api :/

[kegsay]

Most certainly not a 500, surely 4xx?

[kegsay]

Surprised we don't ever test bad domains.

[S7evinK]

I also had that added, just to see that we either use the server_name from the configuration OR one from a virtual host.
And yea, something like http://localhost would produce a valid username

[kegsay]

Say why (caps).

Also, it would be good to add tests for:

• unicode characters e.g emoji
• ASCII symbols e.g $
• a complex but valid username beyond the existing test for "valid" e.g f00_bar-baz.=40/ is valid I think? Test it.

[kegsay]

Whilst we are here... please move validateUsername to internal or some other package and call it from cmd/create-account to prevent people registering usernames with caps or other things like that.

[kegsay]

Needs more comments to explain why you're doing this check. I assume because appservices are allowed to use _.

[kegsay]

I generally dislike doing direct checks on error strings, as they aren't really part of the public API. We should be checking the errcode. Write a helper function and gjson out the code? This applies throughout these tests.

[S7evinK]

Like above, we should just remove the JSON here and actually return error types. (Same for the other validate* functions)

[kegsay]

LGTM!