From 3a59bd253ed5a6e4ccb2094492111410a7352d6e Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Mon, 24 Feb 2020 17:23:46 +0000 Subject: [PATCH] Revert "Use the v2 lookup API for 3PID invites (#5897)" This reverts commit 978f263e7c5d1eb440efaf07abc5009408ade25d, reversing changes made to 4f6ee99818d9c338944a10585d0aea4c7349d456. --- changelog.d/5897.feature | 1 - synapse/events/spamcheck.py | 1 + synapse/handlers/identity.py | 182 +++++++++++--- synapse/handlers/room_member.py | 250 +++----------------- synapse/rest/client/v2_alpha/account.py | 6 +- synapse/util/hash.py | 33 --- tests/rest/client/test_identity.py | 18 +- tests/rest/client/test_room_access_rules.py | 6 - tests/rest/client/v2_alpha/test_register.py | 1 + tests/rulecheck/test_domainrulecheck.py | 5 - 10 files changed, 183 insertions(+), 320 deletions(-) delete mode 100644 changelog.d/5897.feature delete mode 100644 synapse/util/hash.py diff --git a/changelog.d/5897.feature b/changelog.d/5897.feature deleted file mode 100644 index 7b10774c96c9..000000000000 --- a/changelog.d/5897.feature +++ /dev/null @@ -1 +0,0 @@ -Switch to the v2 lookup API for 3PID invites. \ No newline at end of file diff --git a/synapse/events/spamcheck.py b/synapse/events/spamcheck.py index c194ba53f475..f0de4d961faf 100644 --- a/synapse/events/spamcheck.py +++ b/synapse/events/spamcheck.py @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. + class SpamChecker(object): def __init__(self, hs): self.spam_checker = None diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 4cea75723bc7..339e0dd04d2a 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -20,13 +20,18 @@ import logging from canonicaljson import json +from signedjson.key import decode_verify_key_bytes +from signedjson.sign import verify_signed_json +from unpaddedbase64 import decode_base64 from twisted.internet import defer from synapse.api.errors import ( + AuthError, CodeMessageException, Codes, HttpResponseException, + ProxiedRequestError, SynapseError, ) @@ -43,9 +48,26 @@ def __init__(self, hs): self.federation_http_client = hs.get_http_client() self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers) + self.trust_any_id_server_just_for_testing_do_not_use = ( + hs.config.use_insecure_ssl_client_just_for_testing_do_not_use + ) self.rewrite_identity_server_urls = hs.config.rewrite_identity_server_urls self._enable_lookup = hs.config.enable_3pid_lookup + def _should_trust_id_server(self, id_server): + if id_server not in self.trusted_id_servers: + if self.trust_any_id_server_just_for_testing_do_not_use: + logger.warn( + "Trusting untrustworthy ID server %r even though it isn't" + " in the trusted id list for testing because" + " 'use_insecure_ssl_client_just_for_testing_do_not_use'" + " is set in the config", + id_server, + ) + else: + return False + return True + @defer.inlineCallbacks def threepid_from_creds(self, creds): if "id_server" in creds: @@ -62,17 +84,16 @@ def threepid_from_creds(self, creds): else: raise SynapseError(400, "No client_secret in creds") - if not should_trust_id_server(self.hs, id_server): + if not self._should_trust_id_server(id_server): logger.warn( "%s is not a trusted ID server: rejecting 3pid " + "credentials", id_server, ) return None - # if we have a rewrite rule set for the identity server, # apply it now. - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) - + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.get_json( "https://%s%s" @@ -109,7 +130,10 @@ def bind_threepid(self, creds, mxid): # if we have a rewrite rule set for the identity server, # apply it now, but only for sending the request (not # storing in the database). - id_server_host = self.rewrite_identity_server_urls.get(id_server, id_server) + if id_server in self.rewrite_identity_server_urls: + id_server_host = self.rewrite_identity_server_urls[id_server] + else: + id_server_host = id_server try: data = yield self.http_client.post_json_get_json( @@ -181,6 +205,7 @@ def try_unbind_threepid_with_id_server(self, mxid, threepid, id_server): Deferred[bool]: True on success, otherwise False if the identity server doesn't support unbinding """ + url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,) content = { "mxid": mxid, "threepid": {"medium": threepid["medium"], "address": threepid["address"]}, @@ -203,7 +228,8 @@ def try_unbind_threepid_with_id_server(self, mxid, threepid, id_server): # # Note that destination_is has to be the real id_server, not # the server we connect to. - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,) @@ -232,7 +258,7 @@ def try_unbind_threepid_with_id_server(self, mxid, threepid, id_server): def requestEmailToken( self, id_server, email, client_secret, send_attempt, next_link=None ): - if not should_trust_id_server(self.hs, id_server): + if not self._should_trust_id_server(id_server): raise SynapseError( 400, "Untrusted ID server '%s'" % id_server, Codes.SERVER_NOT_TRUSTED ) @@ -243,8 +269,10 @@ def requestEmailToken( "send_attempt": send_attempt, } - # Rewrite id_server URL if necessary - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] if next_link: params.update({"next_link": next_link}) @@ -264,14 +292,11 @@ def requestEmailToken( def requestMsisdnToken( self, id_server, country, phone_number, client_secret, send_attempt, **kwargs ): - if not should_trust_id_server(self.hs, id_server): + if not self._should_trust_id_server(id_server): raise SynapseError( 400, "Untrusted ID server '%s'" % id_server, Codes.SERVER_NOT_TRUSTED ) - # Rewrite id_server URL if necessary - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) - params = { "country": country, "phone_number": phone_number, @@ -294,30 +319,119 @@ def requestMsisdnToken( logger.info("Proxied requestToken failed: %r", e) raise e.to_synapse_error() + @defer.inlineCallbacks + def lookup_3pid(self, id_server, medium, address): + """Looks up a 3pid in the passed identity server. -def should_trust_id_server(hs, id_server): - if id_server not in hs.config.trusted_third_party_id_servers: - if hs.trust_any_id_server_just_for_testing_do_not_use: - logger.warn( - "Trusting untrustworthy ID server %r even though it isn't" - " in the trusted id list for testing because" - " 'use_insecure_ssl_client_just_for_testing_do_not_use'" - " is set in the config", - id_server, + Args: + id_server (str): The server name (including port, if required) + of the identity server to use. + medium (str): The type of the third party identifier (e.g. "email"). + address (str): The third party identifier (e.g. "foo@example.com"). + + Returns: + Deferred[dict]: The result of the lookup. See + https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup + for details + """ + if not self._should_trust_id_server(id_server): + raise SynapseError( + 400, "Untrusted ID server '%s'" % id_server, Codes.SERVER_NOT_TRUSTED + ) + + if not self._enable_lookup: + raise AuthError( + 403, "Looking up third-party identifiers is denied from this server" ) - else: - return False - return True + target = self.rewrite_identity_server_urls.get(id_server, id_server) -class LookupAlgorithm: - """ - Supported hashing algorithms when performing a 3PID lookup. + try: + data = yield self.http_client.get_json( + "https://%s/_matrix/identity/api/v1/lookup" % (target,), + {"medium": medium, "address": address}, + ) - SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64 - encoding - NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext - """ + if "mxid" in data: + if "signatures" not in data: + raise AuthError(401, "No signatures on 3pid binding") + yield self._verify_any_signature(data, id_server) + + except HttpResponseException as e: + logger.info("Proxied lookup failed: %r", e) + raise e.to_synapse_error() + except IOError as e: + logger.info("Failed to contact %r: %s", id_server, e) + raise ProxiedRequestError(503, "Failed to contact identity server") + + defer.returnValue(data) + + @defer.inlineCallbacks + def bulk_lookup_3pid(self, id_server, threepids): + """Looks up given 3pids in the passed identity server. + + Args: + id_server (str): The server name (including port, if required) + of the identity server to use. + threepids ([[str, str]]): The third party identifiers to lookup, as + a list of 2-string sized lists ([medium, address]). + + Returns: + Deferred[dict]: The result of the lookup. See + https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup + for details + """ + if not self._should_trust_id_server(id_server): + raise SynapseError( + 400, "Untrusted ID server '%s'" % id_server, Codes.SERVER_NOT_TRUSTED + ) + + if not self._enable_lookup: + raise AuthError( + 403, "Looking up third-party identifiers is denied from this server" + ) + + target = self.rewrite_identity_server_urls.get(id_server, id_server) + + try: + data = yield self.http_client.post_json_get_json( + "https://%s/_matrix/identity/api/v1/bulk_lookup" % (target,), + {"threepids": threepids}, + ) + + except HttpResponseException as e: + logger.info("Proxied lookup failed: %r", e) + raise e.to_synapse_error() + except IOError as e: + logger.info("Failed to contact %r: %s", id_server, e) + raise ProxiedRequestError(503, "Failed to contact identity server") + + defer.returnValue(data) + + @defer.inlineCallbacks + def _verify_any_signature(self, data, server_hostname): + if server_hostname not in data["signatures"]: + raise AuthError(401, "No signature from server %s" % (server_hostname,)) + + for key_name, signature in data["signatures"][server_hostname].items(): + target = self.rewrite_identity_server_urls.get( + server_hostname, server_hostname + ) + + key_data = yield self.http_client.get_json( + "https://%s/_matrix/identity/api/v1/pubkey/%s" % (target, key_name) + ) + if "public_key" not in key_data: + raise AuthError( + 401, "No public key named %s from %s" % (key_name, server_hostname) + ) + verify_signed_json( + data, + server_hostname, + decode_verify_key_bytes( + key_name, decode_base64(key_data["public_key"]) + ), + ) + return - SHA256 = "sha256" - NONE = "none" + raise AuthError(401, "No signature from server %s" % (server_hostname,)) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 398c3772164e..3c00151042f3 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -20,14 +20,11 @@ from six.moves import http_client -from signedjson.key import decode_verify_key_bytes -from signedjson.sign import verify_signed_json -from unpaddedbase64 import decode_base64 - from twisted.internet import defer from synapse import types from synapse.api.constants import EventTypes, Membership +from synapse.api.ratelimiting import Ratelimiter from synapse.api.errors import ( AuthError, Codes, @@ -35,13 +32,9 @@ HttpResponseException, SynapseError, ) -from synapse.handlers.identity import LookupAlgorithm, should_trust_id_server from synapse.types import RoomID, UserID from synapse.util.async_helpers import Linearizer from synapse.util.distributor import user_joined_room, user_left_room -from synapse.util.hash import sha256_and_url_safe_base64 - -from ._base import BaseHandler logger = logging.getLogger(__name__) @@ -85,11 +78,7 @@ def __init__(self, hs): self.rewrite_identity_server_urls = self.config.rewrite_identity_server_urls self._enable_lookup = hs.config.enable_3pid_lookup self.allow_per_room_profiles = self.config.allow_per_room_profiles - - # This is only used to get at ratelimit function, and - # maybe_kick_guest_users. It's fine there are multiple of these as - # it doesn't store state. - self.base_handler = BaseHandler(hs) + self.ratelimiter = Ratelimiter() @abc.abstractmethod def _remote_join(self, requester, remote_room_hosts, room_id, user, content): @@ -583,7 +572,7 @@ def send_membership_event( event (SynapseEvent): The membership event. context: The context of the event. is_guest (bool): Whether the sender is a guest. - remote_room_hosts (list[str]|None): Homeservers which are likely to already be in + room_hosts ([str]): Homeservers which are likely to already be in the room, and could be danced with in order to join this homeserver for the first time. ratelimit (bool): Whether to rate limit this request. @@ -694,7 +683,7 @@ def lookup_room_alias(self, room_alias): servers.remove(room_alias.domain) servers.insert(0, room_alias.domain) - return RoomID.from_string(room_id), servers + return (RoomID.from_string(room_id), servers) @defer.inlineCallbacks def _get_inviter(self, user_id, room_id): @@ -725,7 +714,7 @@ def do_3pid_invite( # We need to rate limit *before* we send out any 3PID invites, so we # can't just rely on the standard ratelimiting of events. - self.base_handler.ratelimiter.ratelimit( + self.ratelimiter.ratelimit( requester.user.to_string(), time_now_s=self.hs.clock.time(), rate_hz=self.hs.config.rc_third_party_invite.per_second, @@ -753,7 +742,7 @@ def do_3pid_invite( Codes.FORBIDDEN, ) - invitee = yield self.lookup_3pid(id_server, medium, address) + invitee = yield self._lookup_3pid(id_server, medium, address) is_published = yield self.store.is_room_published(room_id) @@ -777,60 +766,23 @@ def do_3pid_invite( requester, id_server, medium, address, room_id, inviter, txn_id=txn_id ) - @defer.inlineCallbacks - def lookup_3pid(self, id_server, medium, address): - """Looks up a 3pid in the passed identity server. + def _get_id_server_target(self, id_server): + """Looks up an id_server's actual http endpoint Args: - id_server (str): The server name (including port, if required) - of the identity server to use. - medium (str): The type of the third party identifier (e.g. "email"). - address (str): The third party identifier (e.g. "foo@example.com"). + id_server (str): the server name to lookup. Returns: - str: the matrix ID of the 3pid, or None if it is not recognized. + the http endpoint to connect to. """ - if not should_trust_id_server(self.hs, id_server): - raise SynapseError( - 400, "Untrusted ID server '%s'" % id_server, - Codes.SERVER_NOT_TRUSTED - ) - - if not self._enable_lookup: - raise SynapseError( - 403, "Looking up third-party identifiers is denied from this server" - ) + if id_server in self.rewrite_identity_server_urls: + return self.rewrite_identity_server_urls[id_server] - # Rewrite id_server URL if necessary - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) - - # Check what hashing details are supported by this identity server - use_v1 = False - hash_details = None - try: - hash_details = yield self.simple_http_client.get_json( - "%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server) - ) - except (HttpResponseException, ValueError) as e: - # Catch HttpResponseExcept for a non-200 response code - # Catch ValueError for non-JSON response body - - # Check if this identity server does not know about v2 lookups - if e.code == 404: - # This is an old identity server that does not yet support v2 lookups - use_v1 = True - else: - logger.warn("Error when looking up hashing details: %s" % (e,)) - return None - - if use_v1: - return (yield self._lookup_3pid_v1(id_server, medium, address)) - - return (yield self._lookup_3pid_v2(id_server, medium, address, hash_details)) + return id_server @defer.inlineCallbacks - def _lookup_3pid_v1(self, id_server, medium, address): - """Looks up a 3pid in the passed identity server using v1 lookup. + def _lookup_3pid(self, id_server, medium, address): + """Looks up a 3pid in the passed identity server. Args: id_server (str): The server name (including port, if required) @@ -842,164 +794,12 @@ def _lookup_3pid_v1(self, id_server, medium, address): str: the matrix ID of the 3pid, or None if it is not recognized. """ try: - data = yield self.simple_http_client.get_json( - "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server), - {"medium": medium, "address": address}, - ) - - if "mxid" in data: - if "signatures" not in data: - raise AuthError(401, "No signatures on 3pid binding") - yield self._verify_any_signature(data, id_server) - return data["mxid"] - + data = yield self.identity_handler.lookup_3pid(id_server, medium, address) + return data.get("mxid") except ProxiedRequestError as e: logger.warn("Error from identity server lookup: %s" % (e,)) - - except IOError as e: - logger.warn("Error from identity server lookup: %s" % (e,)) - - return None - - @defer.inlineCallbacks - def _lookup_3pid_v2(self, id_server, medium, address, hash_details): - """Looks up a 3pid in the passed identity server using v2 lookup. - - Args: - id_server (str): The server name (including port, if required) - of the identity server to use. - medium (str): The type of the third party identifier (e.g. "email"). - address (str): The third party identifier (e.g. "foo@example.com"). - hash_details (dict[str, str|list]): A dictionary containing hashing information - provided by an identity server. - - Returns: - Deferred[str|None]: the matrix ID of the 3pid, or None if it is not recognised. - """ - # Extract information from hash_details - supported_lookup_algorithms = hash_details["algorithms"] - lookup_pepper = hash_details["lookup_pepper"] - - # Check if any of the supported lookup algorithms are present - if LookupAlgorithm.SHA256 in supported_lookup_algorithms: - # Perform a hashed lookup - lookup_algorithm = LookupAlgorithm.SHA256 - - # Hash address, medium and the pepper with sha256 - to_hash = "%s %s %s" % (address, medium, lookup_pepper) - lookup_value = sha256_and_url_safe_base64(to_hash) - - elif LookupAlgorithm.NONE in supported_lookup_algorithms: - # Perform a non-hashed lookup - lookup_algorithm = LookupAlgorithm.NONE - - # Combine together plaintext address and medium - lookup_value = "%s %s" % (address, medium) - - else: - logger.warn( - "None of the provided lookup algorithms of %s%s are supported: %s", - id_server_scheme, - id_server, - hash_details["algorithms"], - ) - raise SynapseError( - 400, - "Provided identity server does not support any v2 lookup " - "algorithms that this homeserver supports.", - ) - - try: - lookup_results = yield self.simple_http_client.post_json_get_json( - "%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server), - { - "addresses": [lookup_value], - "algorithm": lookup_algorithm, - "pepper": lookup_pepper, - }, - ) - except (HttpResponseException, ValueError) as e: - # Catch HttpResponseExcept for a non-200 response code - # Catch ValueError for non-JSON response body - logger.warn("Error when performing a 3pid lookup: %s" % (e,)) - return None - - # Check for a mapping from what we looked up to an MXID - if "mappings" not in lookup_results or not isinstance( - lookup_results["mappings"], dict - ): - logger.debug("No results from 3pid lookup") return None - # Return the MXID if it's available, or None otherwise - mxid = lookup_results["mappings"].get(lookup_value) - return mxid - - @defer.inlineCallbacks - def bulk_lookup_3pid(self, id_server, threepids): - """Looks up given 3pids in the passed identity server. - Args: - id_server (str): The server name (including port, if required) - of the identity server to use. - threepids ([[str, str]]): The third party identifiers to lookup, as - a list of 2-string sized lists ([medium, address]). - Returns: - Deferred[dict]: The result of the lookup. See - https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup - for details - """ - if not should_trust_id_server(self.hs, id_server): - raise SynapseError( - 400, "Untrusted ID server '%s'" % id_server, - Codes.SERVER_NOT_TRUSTED - ) - - if not self._enable_lookup: - raise AuthError( - 403, "Looking up third-party identifiers is denied from this server", - ) - - target = self.rewrite_identity_server_urls.get(id_server, id_server) - - try: - data = yield self.simple_http_client.post_json_get_json( - "https://%s/_matrix/identity/api/v1/bulk_lookup" % (target,), - { - "threepids": threepids, - } - ) - - except HttpResponseException as e: - logger.info("Proxied lookup failed: %r", e) - raise e.to_synapse_error() - except IOError as e: - logger.info("Failed to contact %r: %s", id_server, e) - raise ProxiedRequestError(503, "Failed to contact identity server") - - defer.returnValue(data) - - @defer.inlineCallbacks - def _verify_any_signature(self, data, server_hostname): - if server_hostname not in data["signatures"]: - raise AuthError(401, "No signature from server %s" % (server_hostname,)) - for key_name, signature in data["signatures"][server_hostname].items(): - key_data = yield self.simple_http_client.get_json( - "%s%s/_matrix/identity/api/v1/pubkey/%s" - % (id_server_scheme, server_hostname, key_name) - ) - if "public_key" not in key_data: - raise AuthError( - 401, "No public key named %s from %s" % (key_name, server_hostname) - ) - verify_signed_json( - data, - server_hostname, - decode_verify_key_bytes( - key_name, decode_base64(key_data["public_key"]) - ), - ) - return - @defer.inlineCallbacks def _make_and_store_3pid_invite( self, requester, id_server, medium, address, room_id, user, txn_id @@ -1117,10 +917,11 @@ def _ask_id_server_for_third_party_invite( display_name (str): A user-friendly name to represent the invited user. """ - id_server = self.rewrite_identity_server_urls.get(id_server, id_server) + + target = self._get_id_server_target(id_server) is_url = "%s%s/_matrix/identity/api/v1/store-invite" % ( id_server_scheme, - id_server, + target, ) invite_config = { @@ -1160,7 +961,7 @@ def _ask_id_server_for_third_party_invite( fallback_public_key = { "public_key": data["public_key"], "key_validity_url": "%s%s/_matrix/identity/api/v1/pubkey/isvalid" - % (id_server_scheme, id_server), + % (id_server_scheme, target), } else: fallback_public_key = public_keys[0] @@ -1227,7 +1028,9 @@ def _is_remote_room_too_complex(self, room_id, remote_room_hosts): ) if complexity: - return complexity["v1"] > max_complexity + if complexity["v1"] > max_complexity: + return True + return False return None @defer.inlineCallbacks @@ -1243,7 +1046,10 @@ def _is_local_room_too_complex(self, room_id): max_complexity = self.hs.config.limit_remote_rooms.complexity complexity = yield self.store.get_room_complexity(room_id) - return complexity["v1"] > max_complexity + if complexity["v1"] > max_complexity: + return True + + return False @defer.inlineCallbacks def _remote_join(self, requester, remote_room_hosts, room_id, user, content): diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 986f56d3d7b1..b83704fed47d 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -706,7 +706,6 @@ def __init__(self, hs): super(ThreepidLookupRestServlet, self).__init__() self.auth = hs.get_auth() self.identity_handler = hs.get_handlers().identity_handler - self.room_member_handler = hs.get_room_member_handler() @defer.inlineCallbacks def on_GET(self, request): @@ -726,7 +725,7 @@ def on_GET(self, request): # Proxy the request to the identity server. lookup_3pid handles checking # if the lookup is allowed so we don't need to do it here. - ret = yield self.room_member_handler.lookup_3pid(id_server, medium, address) + ret = yield self.identity_handler.lookup_3pid(id_server, medium, address) defer.returnValue((200, ret)) @@ -738,7 +737,6 @@ def __init__(self, hs): super(ThreepidBulkLookupRestServlet, self).__init__() self.auth = hs.get_auth() self.identity_handler = hs.get_handlers().identity_handler - self.room_member_handler = hs.get_room_member_handler() @defer.inlineCallbacks def on_POST(self, request): @@ -753,7 +751,7 @@ def on_POST(self, request): # Proxy the request to the identity server. lookup_3pid handles checking # if the lookup is allowed so we don't need to do it here. - ret = yield self.room_member_handler.bulk_lookup_3pid( + ret = yield self.identity_handler.bulk_lookup_3pid( body["id_server"], body["threepids"] ) diff --git a/synapse/util/hash.py b/synapse/util/hash.py deleted file mode 100644 index 359168704e1f..000000000000 --- a/synapse/util/hash.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- - -# Copyright 2019 The Matrix.org Foundation C.I.C. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import hashlib - -import unpaddedbase64 - - -def sha256_and_url_safe_base64(input_text): - """SHA256 hash an input string, encode the digest as url-safe base64, and - return - - :param input_text: string to hash - :type input_text: str - - :returns a sha256 hashed and url-safe base64 encoded digest - :rtype: str - """ - digest = hashlib.sha256(input_text.encode()).digest() - return unpaddedbase64.encode_base64(digest, urlsafe=True) diff --git a/tests/rest/client/test_identity.py b/tests/rest/client/test_identity.py index a7f08a3f192f..f81f81602ea1 100644 --- a/tests/rest/client/test_identity.py +++ b/tests/rest/client/test_identity.py @@ -20,7 +20,6 @@ from twisted.internet import defer import synapse.rest.admin -from synapse.api.errors import HttpResponseException from synapse.rest.client.v1 import login, room from synapse.rest.client.v2_alpha import account @@ -110,15 +109,8 @@ def make_homeserver(self, reactor, clock): config["enable_3pid_lookup"] = True config["trusted_third_party_id_servers"] = ["testis"] - def get_json(uri, args={}, headers=None): - # TODO: Mock v2 hash_details endpoints and don't just run the v1 code - if "/hash_details" in uri: - raise HttpResponseException(404, "I am a happy v1 server", b"{}") - - return defer.succeed((200, "{}")) - mock_http_client = Mock(spec=["get_json", "post_json_get_json"]) - mock_http_client.get_json.side_effect = get_json + mock_http_client.get_json.return_value = defer.succeed((200, "{}")) mock_http_client.post_json_get_json.return_value = defer.succeed((200, "{}")) self.hs = self.setup_test_homeserver( @@ -151,10 +143,8 @@ def test_3pid_invite_enabled(self): ) self.render(request) - # There will be a call to hash_details, which will 404 - # then /lookup. Thus we don't use `assert_called_with_once` here get_json = self.hs.get_simple_http_client().get_json - get_json.assert_called_with( + get_json.assert_called_once_with( "https://testis/_matrix/identity/api/v1/lookup", {"address": "test@example.com", "medium": "email"}, ) @@ -167,10 +157,8 @@ def test_3pid_lookup_enabled(self): request, channel = self.make_request("GET", url, access_token=self.tok) self.render(request) - # There will be a call to hash_details, which will 404 - # then /lookup. Thus we don't use `assert_called_with_once` here get_json = self.hs.get_simple_http_client().get_json - get_json.assert_called_with( + get_json.assert_called_once_with( "https://testis/_matrix/identity/api/v1/lookup", {"address": "foo@bar.baz", "medium": "email"}, ) diff --git a/tests/rest/client/test_room_access_rules.py b/tests/rest/client/test_room_access_rules.py index 69920853e609..d44f5c2c8c5e 100644 --- a/tests/rest/client/test_room_access_rules.py +++ b/tests/rest/client/test_room_access_rules.py @@ -22,7 +22,6 @@ from twisted.internet import defer from synapse.api.constants import EventTypes, JoinRules, RoomCreationPreset -from synapse.api.errors import HttpResponseException from synapse.rest import admin from synapse.rest.client.v1 import login, room from synapse.third_party_rules.access_rules import ( @@ -59,10 +58,6 @@ def send_invite(destination, room_id, event_id, pdu): return defer.succeed(pdu) def get_json(uri, args={}, headers=None): - # TODO: Mock v2 hash_details endpoints and don't just run the v1 code - if "/hash_details" in uri: - raise HttpResponseException(404, "I am a happy v1 server", b"{}") - address_domain = args["address"].split("@")[1] return defer.succeed({"hs": address_domain}) @@ -337,7 +332,6 @@ def test_direct(self): self.hs.config.rc_third_party_invite.burst_count = 10 self.hs.config.rc_third_party_invite.per_second = 0.1 - # Note: These calls trigger the mocked get_json method above # We can't send a 3PID invite to a room that already has two members. self.send_threepid_invite( address="test@allowed_domain", diff --git a/tests/rest/client/v2_alpha/test_register.py b/tests/rest/client/v2_alpha/test_register.py index 9b7eb1e85620..9e72cae62ad6 100644 --- a/tests/rest/client/v2_alpha/test_register.py +++ b/tests/rest/client/v2_alpha/test_register.py @@ -52,6 +52,7 @@ def make_homeserver(self, reactor, clock): return self.hs + @unittest.DEBUG def test_POST_appservice_registration_valid(self): user_id = "@as_user_kermit:test" as_token = "i_am_an_app_service" diff --git a/tests/rulecheck/test_domainrulecheck.py b/tests/rulecheck/test_domainrulecheck.py index 145d6cba5b0b..1accc70dc91f 100644 --- a/tests/rulecheck/test_domainrulecheck.py +++ b/tests/rulecheck/test_domainrulecheck.py @@ -15,8 +15,6 @@ import json -from mock import Mock -from twisted.internet import defer import synapse.rest.admin from synapse.config._base import ConfigError @@ -289,9 +287,6 @@ def test_cannot_invite(self): def test_cannot_3pid_invite(self): """Test that unbound 3pid invites get rejected. """ - self.hs.get_room_member_handler().lookup_3pid = Mock() - self.hs.get_room_member_handler().lookup_3pid.return_value = defer.succeed(None) - channel = self._create_room(self.admin_access_token) assert channel.result["code"] == b"200", channel.result