2017-11-29 09:43:03 +00:00
|
|
|
// Copyright 2017 Andrew Morgan <andrew@amorgan.xyz>
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package routing
|
|
|
|
|
|
|
|
import (
|
2018-07-06 10:28:49 +00:00
|
|
|
"regexp"
|
2017-11-29 09:43:03 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
2020-12-02 17:41:00 +00:00
|
|
|
"github.com/matrix-org/dendrite/setup/config"
|
2017-11-29 09:43:03 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// Registration Flows that the server allows.
|
2017-12-06 13:55:51 +00:00
|
|
|
allowedFlows = []authtypes.Flow{
|
2017-11-29 09:43:03 +00:00
|
|
|
{
|
2017-12-06 13:55:51 +00:00
|
|
|
Stages: []authtypes.LoginType{
|
2017-11-29 09:43:03 +00:00
|
|
|
authtypes.LoginType("stage1"),
|
|
|
|
authtypes.LoginType("stage2"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2017-12-06 13:55:51 +00:00
|
|
|
Stages: []authtypes.LoginType{
|
2017-11-29 09:43:03 +00:00
|
|
|
authtypes.LoginType("stage1"),
|
|
|
|
authtypes.LoginType("stage3"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
// Should return true as we're completing all the stages of a single flow in
|
|
|
|
// order.
|
|
|
|
func TestFlowCheckingCompleteFlowOrdered(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage1"),
|
|
|
|
authtypes.LoginType("stage3"),
|
|
|
|
}
|
|
|
|
|
|
|
|
if !checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return false as all stages in a single flow need to be completed.
|
|
|
|
func TestFlowCheckingStagesFromDifferentFlows(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage2"),
|
|
|
|
authtypes.LoginType("stage3"),
|
|
|
|
}
|
|
|
|
|
|
|
|
if checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return true as we're completing all the stages from a single flow, as
|
|
|
|
// well as some extraneous stages.
|
|
|
|
func TestFlowCheckingCompleteOrderedExtraneous(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage1"),
|
|
|
|
authtypes.LoginType("stage3"),
|
|
|
|
authtypes.LoginType("stage4"),
|
|
|
|
authtypes.LoginType("stage5"),
|
|
|
|
}
|
|
|
|
if !checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return false as we're submitting an empty flow.
|
|
|
|
func TestFlowCheckingEmptyFlow(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{}
|
|
|
|
if checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return false as we've completed a stage that isn't in any allowed flow.
|
|
|
|
func TestFlowCheckingInvalidStage(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage8"),
|
|
|
|
}
|
|
|
|
if checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return true as we complete all stages of an allowed flow, though out
|
|
|
|
// of order, as well as extraneous stages.
|
|
|
|
func TestFlowCheckingExtraneousUnordered(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage5"),
|
|
|
|
authtypes.LoginType("stage4"),
|
|
|
|
authtypes.LoginType("stage3"),
|
|
|
|
authtypes.LoginType("stage2"),
|
|
|
|
authtypes.LoginType("stage1"),
|
|
|
|
}
|
|
|
|
if !checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return false as we're providing fewer stages than are required.
|
|
|
|
func TestFlowCheckingShortIncorrectInput(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage8"),
|
|
|
|
}
|
|
|
|
if checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should return false as we're providing different stages than are required.
|
|
|
|
func TestFlowCheckingExtraneousIncorrectInput(t *testing.T) {
|
|
|
|
testFlow := []authtypes.LoginType{
|
|
|
|
authtypes.LoginType("stage8"),
|
|
|
|
authtypes.LoginType("stage9"),
|
|
|
|
authtypes.LoginType("stage10"),
|
|
|
|
authtypes.LoginType("stage11"),
|
|
|
|
}
|
|
|
|
if checkFlowCompleted(testFlow, allowedFlows) {
|
|
|
|
t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.")
|
|
|
|
}
|
|
|
|
}
|
2018-03-15 17:21:08 +00:00
|
|
|
|
|
|
|
// Completed flows stages should always be a valid slice header.
|
|
|
|
// TestEmptyCompletedFlows checks that sessionsDict returns a slice & not nil.
|
|
|
|
func TestEmptyCompletedFlows(t *testing.T) {
|
|
|
|
fakeEmptySessions := newSessionsDict()
|
|
|
|
fakeSessionID := "aRandomSessionIDWhichDoesNotExist"
|
|
|
|
ret := fakeEmptySessions.GetCompletedStages(fakeSessionID)
|
|
|
|
|
|
|
|
// check for []
|
|
|
|
if ret == nil || len(ret) != 0 {
|
|
|
|
t.Error("Empty Completed Flow Stages should be a empty slice: returned ", ret, ". Should be []")
|
|
|
|
}
|
|
|
|
}
|
2018-07-06 10:28:49 +00:00
|
|
|
|
|
|
|
// This method tests validation of the provided Application Service token and
|
|
|
|
// username that they're registering
|
|
|
|
func TestValidationOfApplicationServices(t *testing.T) {
|
|
|
|
// Set up application service namespaces
|
|
|
|
regex := "@_appservice_.*"
|
|
|
|
regexp, err := regexp.Compile(regex)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Error compiling regex: %s", regex)
|
|
|
|
}
|
|
|
|
|
|
|
|
fakeNamespace := config.ApplicationServiceNamespace{
|
|
|
|
Exclusive: true,
|
|
|
|
Regex: regex,
|
|
|
|
RegexpObject: regexp,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a fake application service
|
|
|
|
fakeID := "FakeAS"
|
|
|
|
fakeSenderLocalpart := "_appservice_bot"
|
|
|
|
fakeApplicationService := config.ApplicationService{
|
|
|
|
ID: fakeID,
|
|
|
|
URL: "null",
|
|
|
|
ASToken: "1234",
|
|
|
|
HSToken: "4321",
|
|
|
|
SenderLocalpart: fakeSenderLocalpart,
|
|
|
|
NamespaceMap: map[string][]config.ApplicationServiceNamespace{
|
|
|
|
"users": {fakeNamespace},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set up a config
|
2020-08-10 13:18:04 +00:00
|
|
|
fakeConfig := &config.Dendrite{}
|
|
|
|
fakeConfig.Defaults()
|
|
|
|
fakeConfig.Global.ServerName = "localhost"
|
|
|
|
fakeConfig.ClientAPI.Derived.ApplicationServices = []config.ApplicationService{fakeApplicationService}
|
2018-07-06 10:28:49 +00:00
|
|
|
|
|
|
|
// Access token is correct, user_id omitted so we are acting as SenderLocalpart
|
2020-08-10 13:18:04 +00:00
|
|
|
asID, resp := validateApplicationService(&fakeConfig.ClientAPI, fakeSenderLocalpart, "1234")
|
2018-07-06 10:28:49 +00:00
|
|
|
if resp != nil || asID != fakeID {
|
|
|
|
t.Errorf("appservice should have validated and returned correct ID: %s", resp.JSON)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Access token is incorrect, user_id omitted so we are acting as SenderLocalpart
|
2020-08-10 13:18:04 +00:00
|
|
|
asID, resp = validateApplicationService(&fakeConfig.ClientAPI, fakeSenderLocalpart, "xxxx")
|
2018-07-06 10:28:49 +00:00
|
|
|
if resp == nil || asID == fakeID {
|
|
|
|
t.Errorf("access_token should have been marked as invalid")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Access token is correct, acting as valid user_id
|
2020-08-10 13:18:04 +00:00
|
|
|
asID, resp = validateApplicationService(&fakeConfig.ClientAPI, "_appservice_bob", "1234")
|
2018-07-06 10:28:49 +00:00
|
|
|
if resp != nil || asID != fakeID {
|
|
|
|
t.Errorf("access_token and user_id should've been valid: %s", resp.JSON)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Access token is correct, acting as invalid user_id
|
2020-08-10 13:18:04 +00:00
|
|
|
asID, resp = validateApplicationService(&fakeConfig.ClientAPI, "_something_else", "1234")
|
2018-07-06 10:28:49 +00:00
|
|
|
if resp == nil || asID == fakeID {
|
2018-11-06 14:40:37 +00:00
|
|
|
t.Errorf("user_id should not have been valid: @_something_else:localhost")
|
2018-07-06 10:28:49 +00:00
|
|
|
}
|
|
|
|
}
|