// Copyright 2017 Andrew Morgan // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package routing import ( "regexp" "testing" "github.com/matrix-org/dendrite/clientapi/auth/authtypes" "github.com/matrix-org/dendrite/common/config" ) var ( // Registration Flows that the server allows. allowedFlows = []authtypes.Flow{ { Stages: []authtypes.LoginType{ authtypes.LoginType("stage1"), authtypes.LoginType("stage2"), }, }, { Stages: []authtypes.LoginType{ authtypes.LoginType("stage1"), authtypes.LoginType("stage3"), }, }, } ) // Should return true as we're completing all the stages of a single flow in // order. func TestFlowCheckingCompleteFlowOrdered(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage1"), authtypes.LoginType("stage3"), } if !checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.") } } // Should return false as all stages in a single flow need to be completed. func TestFlowCheckingStagesFromDifferentFlows(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage2"), authtypes.LoginType("stage3"), } if checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.") } } // Should return true as we're completing all the stages from a single flow, as // well as some extraneous stages. func TestFlowCheckingCompleteOrderedExtraneous(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage1"), authtypes.LoginType("stage3"), authtypes.LoginType("stage4"), authtypes.LoginType("stage5"), } if !checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.") } } // Should return false as we're submitting an empty flow. func TestFlowCheckingEmptyFlow(t *testing.T) { testFlow := []authtypes.LoginType{} if checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.") } } // Should return false as we've completed a stage that isn't in any allowed flow. func TestFlowCheckingInvalidStage(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage8"), } if checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.") } } // Should return true as we complete all stages of an allowed flow, though out // of order, as well as extraneous stages. func TestFlowCheckingExtraneousUnordered(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage5"), authtypes.LoginType("stage4"), authtypes.LoginType("stage3"), authtypes.LoginType("stage2"), authtypes.LoginType("stage1"), } if !checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be true.") } } // Should return false as we're providing fewer stages than are required. func TestFlowCheckingShortIncorrectInput(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage8"), } if checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.") } } // Should return false as we're providing different stages than are required. func TestFlowCheckingExtraneousIncorrectInput(t *testing.T) { testFlow := []authtypes.LoginType{ authtypes.LoginType("stage8"), authtypes.LoginType("stage9"), authtypes.LoginType("stage10"), authtypes.LoginType("stage11"), } if checkFlowCompleted(testFlow, allowedFlows) { t.Error("Incorrect registration flow verification: ", testFlow, ", from allowed flows: ", allowedFlows, ". Should be false.") } } // Completed flows stages should always be a valid slice header. // TestEmptyCompletedFlows checks that sessionsDict returns a slice & not nil. func TestEmptyCompletedFlows(t *testing.T) { fakeEmptySessions := newSessionsDict() fakeSessionID := "aRandomSessionIDWhichDoesNotExist" ret := fakeEmptySessions.GetCompletedStages(fakeSessionID) // check for [] if ret == nil || len(ret) != 0 { t.Error("Empty Completed Flow Stages should be a empty slice: returned ", ret, ". Should be []") } } // This method tests validation of the provided Application Service token and // username that they're registering func TestValidationOfApplicationServices(t *testing.T) { // Set up application service namespaces regex := "@_appservice_.*" regexp, err := regexp.Compile(regex) if err != nil { t.Errorf("Error compiling regex: %s", regex) } fakeNamespace := config.ApplicationServiceNamespace{ Exclusive: true, Regex: regex, RegexpObject: regexp, } // Create a fake application service fakeID := "FakeAS" fakeSenderLocalpart := "_appservice_bot" fakeApplicationService := config.ApplicationService{ ID: fakeID, URL: "null", ASToken: "1234", HSToken: "4321", SenderLocalpart: fakeSenderLocalpart, NamespaceMap: map[string][]config.ApplicationServiceNamespace{ "users": {fakeNamespace}, }, } // Set up a config fakeConfig := config.Dendrite{} fakeConfig.Matrix.ServerName = "localhost" fakeConfig.Derived.ApplicationServices = []config.ApplicationService{fakeApplicationService} // Access token is correct, user_id omitted so we are acting as SenderLocalpart asID, resp := validateApplicationService(&fakeConfig, fakeSenderLocalpart, "1234") if resp != nil || asID != fakeID { t.Errorf("appservice should have validated and returned correct ID: %s", resp.JSON) } // Access token is incorrect, user_id omitted so we are acting as SenderLocalpart asID, resp = validateApplicationService(&fakeConfig, fakeSenderLocalpart, "xxxx") if resp == nil || asID == fakeID { t.Errorf("access_token should have been marked as invalid") } // Access token is correct, acting as valid user_id asID, resp = validateApplicationService(&fakeConfig, "_appservice_bob", "1234") if resp != nil || asID != fakeID { t.Errorf("access_token and user_id should've been valid: %s", resp.JSON) } // Access token is correct, acting as invalid user_id asID, resp = validateApplicationService(&fakeConfig, "_something_else", "1234") if resp == nil || asID == fakeID { t.Errorf("user_id should not have been valid: @_something_else:localhost") } }